Deep Security Manager - 20.0.503 (20 LTS Update 2021-09-23)
Release date: September 23, 2021
Build number: 20.0.503Enhancements
- Updated Deep Security Manager to integrate with Trend Micro Vision One for "Threat Intelligence" (previously known as "Connected Threat Defense"). DS-61106
- Updated Deep Security Manager to remove the Integrity Monitoring baseline capability. This change does not affect the protection you receive from Integrity Monitoring, but does remove the following:
- The option to "View Baseline" data from the manager console
- The ability to use the "Trusted Common Baseline" as a source of Auto-Tagging
- The ability to generate an "Integrity Monitoring Baseline Report"
As baselines have grown larger and workloads have become more dynamic, the ability to support the Integrity Monitoring baseline in the Deep Security Manager console has become increasingly challenging. We are committed to evolving the design of Integrity Monitoring to meet the performance and operational needs of our customers. Through discussions with our customers, it was determined that in its current form, Integrity Monitoring was not delivering the value to offset the performance and operational overhead required to maintain baseline data. DS-60498
Resolved issues
- Deep Security Agent automatic upgrades sometimes failed if Deep Security Manager had "Upgrade on Activation" and "Event-based Tasks" enabled at the same time. SEG-105646/SF04249597/DS-62190
- The Deep Security Manager console command to add a trusted certificate sometimes failed for LDAPS server certificates. SEG-116063/SF04716472/DS-65277
- Some API key fields used to migrate to Workload Security were missing from the Workload Security Links API document. DS-66022
- In environments with multiple vCenter connectors undergoing frequent vMotion, Deep Security Manager sometimes encountered a deadlock causing "Engine Offline" errors for Anti-Malware, Firewall, and Intrusion Prevention. SEG-115729/SF04696226/DS-65311
- Deep Security Manager sometimes couldn't retrieve a computer's information, causing VMware NSX synchronization to fail. SEG-117202/DS-65610
- Deep Security Virtual Appliance IPv6 addresses sometimes displayed in the Deep Security Manager console even if the IPv6 was not available in the environment. SEG-118810/SF04806948/DS-66263
- Deep Security Manager Scheduled Reports (Events & Scheduled Reports) with a "Using Policy" computer filter sometimes still showed all computers in the generated reports. SF04676734/SEG-116345/DS-65336
- Deep Security Agent upgrade failures sometimes occurred if Default Real-Time Scan "File List" or "Directory List" exclusions were created with duplicate names in Deep Security Manager. DS-65746
What's new in Deep Security Manager? | Deep SecuritySecurity updates
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-5934/DS-63325/DS-65607
- Highest CVSS: 7.5
- Highest severity: High
