DSA 20.0.0-2921 Linuxの公開停止にCPU使用率も含まれていた

Linux 版 Trend Micro Deep Security Agent 20.0.0-2921 において、
NFSフォルダでのファイル操作の遅延、CPU使用率に関するパフォーマンス問題が確認されました。

サポート情報 : トレンドマイクロ

差分を見てみた 2971 -（2740+2921)

この差は問題なし（バージョン表示）

旧 FIPS mode on Red Hat Enterprise Linux 8: Deep Security Agent (version 20.0.0-2921+) now supports FIPS mode for Red Hat Enterprise Linux 8.
旧 FIPS mode on Amazon Linux 2: Deep Security Agent (version 20.0.0-2921+) now supports FIPS mode for Amazon Linux 2.

新 FIPS mode on Red Hat Enterprise Linux 8: Deep Security Agent (version 20.0.0-2971+) now supports FIPS mode for Red Hat Enterprise Linux 8.
新 FIPS mode on Amazon Linux 2: Deep Security Agent (version 20.0.0-2971+) now supports FIPS mode for Amazon Linux 2.

おそらくこの2つはDeep Security Linux Agent 20.0.0-2971で新規追加された修正対応（Resolved issues）

新 Updated Deep Security Agent to prevent agents upgraded from version 10.0 to 20.0 from losing their "NIC bypass" configuration (used for Bypassing a network interface). SF04574021/SEG-111757/DS-64985
新 Updated Deep Security Agent to improve TLS traffic inspection. This feature is being rolled out gradually, beginning with Trend Micro Cloud One - Workload Security customers. DS-15576

公開停止対応の修正対応

新 Deep Security Agent sometimes caused performance issues on systems with folders in NFS format. SF04816680/SEG-118993/DS-66280
新 Deep Security Agent (Linux version 20.0.0-2740) was causing performance and third-party compatibility issues on some systems. This agent was removed from the Trend Micro Download Center. For more information see Removal of Deep Security Agent (DSA) Build 20.0.0-2740 for Linux from Download Center.

以下２件は、20.0.0-2921のトラブル対応と思われる

新 With Integrity Monitoring enabled, Deep Security Agent sometimes caused high CPU usage. DS-65986
新 Updated Deep Security Agent to improve performance and compatibility by using a unified driver for file, process, and network events. DS-61784

2971の修正対応全体

Deep Security Agent - 20.0.0-2971 (20 LTS Update 2021-09-08)
Release date: September 08, 2021
Build number: 20.0.0-2971

New features

• FIPS mode on Red Hat Enterprise Linux 8: Deep Security Agent (version 20.0.0-2971+) now supports FIPS mode for Red Hat Enterprise Linux 8.
• FIPS mode on Amazon Linux 2: Deep Security Agent (version 20.0.0-2971+) now supports FIPS mode for Amazon Linux 2.

Enhancements

• Updated Deep Security Agent to prevent agents upgraded from version 10.0 to 20.0 from losing their "NIC bypass" configuration (used for Bypassing a network interface). SF04574021/SEG-111757/DS-64985
• Updated Deep Security Agent to improve performance and compatibility by using a unified driver for file, process, and network events. DS-61784
• Updated Deep Security Agent to improve TLS traffic inspection. This feature is being rolled out gradually, beginning with Trend Micro Cloud One - Workload Security customers. DS-15576
• Updated Deep Security Agent to improve connectivity with Deep Security Manager during agent deployment and activation. DS-62547

Resolved issues

• Deep Security Agent sometimes caused performance issues on systems with folders in NFS format. SF04816680/SEG-118993/DS-66280
• With Integrity Monitoring enabled, Deep Security Agent sometimes caused high CPU usage. DS-65986
• Deep Security Agent (Linux version 20.0.0-2740) was causing performance and third-party compatibility issues on some systems. This agent was removed from the Trend Micro Download Center. For more information see Removal of Deep Security Agent (DSA) Build 20.0.0-2740 for Linux from Download Center.
• Deep Security Agent console commands sometimes failed to return proxy information for Deep Security Relay or Deep Security Manager. DS-65419
• Deep Security Agent sometimes failed to properly display items under Events & Reports. DSSEG-7057
• Deep Security Agent was sometimes unable to create or manage tasks on RPM-based platforms due to a SystemD (Linux service manager) process limitation. SF04543580/SEG-113833/DS-65550
• Deep Security Agent Anti-Malware Real-Time Scan exclusions sometimes failed within container environments. DS-65528
• Deep Security Agent Anti-Malware Real-Time Scan directory exclusions sometimes failed if filenames were not in UTF-8 format. SEG-115198/DS-65495
• With Anti-Malware enabled, Deep Security Agent encountered an "Insufficient Disk Space" alert which sometimes crashed the agent or stopped other programs from working properly. SF04584157/SEG-113377/DS-64405
• Deep Security Agent failed to execute some agent-initiated (dsa_control) console commands. 04564385/SEG-112050/DSSEG-6990
• Deep Security Agent sometimes crashed while trying to establish a connection with Deep Security Manager. 04634804/SEG-113539/DS-64862
• Deep Security Agent sometimes lost connectivity while trying to establish an SSL connection. SF04323898/SEG-107451/DS-64268
• Deep Security Agent was sometimes unable to connect to web applications on systems with older OS versions. SF04451029/SEG-109652/DS-64528
• Deep Security Agent upgrade (Administration > Updates > Software) sometimes failed if a previous (RPM package) upgrade was triggered using console commands. SF04586071/SEG-113583/DS-64978
• With Web Reputation enabled, Deep Security Agent caused connectivity issues for some third party software. SF04072723/SEG-97952/DSSEG-6963
• With Integrity Monitoring enabled, Deep Security Manager caused high CPU usage on the authentication server for some systems. 04488319/SEG-110088/DS-63855

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. SF04613197/SEG-113566/DS-64050

• CVSS score: 9.8
• Severity: High