まっちゃだいふくの日記

セキュリティのこと、ITの気になった記事をリンクしています。

Deep Security Agent - 20.0.0-3770 (20 LTS Update 2022-01-24) リリース @ Zero config IPS inspectionの追加ってことでTLSを証明書無しに復号してIPS検査できるらしい。Windows 10 21H2対応

Deep Security Linux Agent - 20.0.0-3770 (20 LTS Update 2022-01-24)

Deep Security Agent - 20.0.0-3770 (20 LTS Update 2022-01-24)
Release date: January 24, 2022
Build number: 20.0.0-3770

New features

  • Zero config IPS inspection: Deep Security Agent adds the capability for Intrusion Prevention to inspect TLS encrypted traffic without manually importing certificates. This adds support for more cipher suites as well. This feature is being rolled out gradually for Linux platforms, beginning with Trend Micro Cloud One - Workload Security customers.
  • CRI-O support: A Deep Security Agent's "CRI-O engine version" is now displayed in Deep Security Manager, as well as Anti-Malware event information for containers. Please note that CRI-O is currently only supported for Deep Security Manager (On-Premise). Support for Trend Micro - Cloud One Workload Security will be added later.

Enhancements

  • Updated Deep Security Agent to allow Intrusion Prevention to connect to Deep Security Manager if the manager is using TLS 1.2 strong ciphers. DS-69042

Resolved issues

  • A Deep Security Agent conflict with network interface controllers (NICs) caused systems with multiple NICs to crash. 05048124/SEG-126094/DS-68730
  • When an Integrity Monitoring scan timed out, it sometimes generated false "create" or "delete" events for "user" or "group" entities. SEG-117739/DS-66885
  • Application Control, Anti-Malware, and Real-time Integrity Monitoring failed to function properly for Deep Security Agents with certain combinations of Integrity Monitoring rules configured. DS-68494
  • With Activity Monitoring enabled, Deep Security Agent caused high CPU usage. DS-62849
  • A Deep Security Agent parsing issue was causing "Anti-Malware Engine Offline" errors. SF05171312/SEG-129367/DSSEG-7428

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-68180

  • CVSS score: 9.1
  • Severity: High
What's new in Deep Security Agent? | Deep Security

Deep Security Windows Agent - 20.0.0-3771 (20 LTS Update 2022-01-24)

Deep Security Agent - 20.0.0-3771 (20 LTS Update 2022-01-24)
Release date: January 26, 2022
Build number: 20.0.0-3771

New features

  • Zero config IPS inspection: Deep Security Agent adds the capability for Intrusion Prevention to inspect TLS encrypted traffic without manually importing certificates. This adds support for more cipher suites as well. This feature is being rolled out gradually for Windows platforms, beginning with Trend Micro Cloud One - Workload Security customers.
  • Windows 21H2 support: Deep Security Agent (version 20.0.0-3771+) now supports Windows 21H2.

Resolved issues

  • Pairing Deep Security Agent with a proxy failed on Windows 11 when the "http://" prefix was unexpectedly added to the proxy address. The prefix was added if the address was accessed from the LAN settings window (Control Panel > Network and Internet > Internet Options > Connections > LAN settings), and then the window was closed by selecting OK. DS-68568
  • Deep Security Agent security update would fail and generate "AMSP" events if Anti-Malware was offline during the update. SF04696674/SEG-120215/DSSEG-7287
  • Application Control, Anti-Malware, and Real-time Integrity Monitoring failed to function properly for Deep Security Agents with certain combinations of Integrity Monitoring rules configured. DS-68494
  • Updated Deep Security Agent to enable "Write Defer Scan" by default for real-time Anti-Malware scanning, resulting in increased response time, faster processing, and reduced CPU usage. Previously, all files were scanned during read/write by default. Now, Anti-Malware file scanning during write is deferred (the file is added to a queue and scanned in the background). DS-66344
  • With Smart Scan enabled, Deep Security Agent was downloading the full size pattern update file, instead of the incremental one it was expected to, during security updates SEG-124937/DSSEG-7317

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6187/DS-65070/DS-68180

  • CVSS score: 9.1
  • Severity: High
What's new in Deep Security Agent? | Deep Security

Deep Security UNIX Agent - 20.0.0-3770 (20 LTS Update 2022-01-24)

Deep Security Agent - 20.0.0-3770 (20 LTS Update 2022-01-24)
Release date: January 24, 2022
Build number: 20.0.0-3770

Resolved issues

  • Application Control, Anti-Malware, and Real-time Integrity Monitoring failed to function properly for Deep Security Agents with certain combinations of Integrity Monitoring rules configured. DS-68494

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-68180

  • CVSS score: 9.1
  • Severity: High
What's new in Deep Security Agent? | Deep Security