Deep Security Agent - 20.0.0-4959 (20 LTS Update 2022-07-04)

Release date: July 4, 2022
Build number: 20.0.0-4959

New features

Ubuntu 22.04: Deep Security Agent (version 20.0.0-4959+) now supports Ubuntu 22.04. (This requires Deep Security Manager version 20.0.651+.)
FIPS mode on Ubuntu 20.04: Deep Security Agent (version 20.0.0-4959+) now supports FIPS mode for Ubuntu 20.04.

Enhancements

• Updated Deep Security Agent to improve Anti-Malware support on systems using Fanotify. Previously, "Anti-Malware Engine Offline" events interrupted Anti-Malware function on these systems. Now, an "Anti-Malware with basic functions" event will be recorded and users will maintain basic file scanning function, but not advanced scan mechanisms like Predictive Machine Learning. DS-68552

Resolved issues

• Deep Security Agent Scanner (SAP) had a connectivity issue preventing it from loading the correct libraries on some systems. DS-71623
• Deep Security Agent Scanner library sometimes caused SAP applications to crash. DS-71849
• Anti-Malware was unable to remove immutable or append-only files on some systems. VRTS-7110/DS-52383
• Using the command line (dsa_control -b), Deep Security Relay failed to extract the bundle file required to update in a closed network environment. SF05715642/SEG-144571/DSSEG-7600
• With Log Inspection enabled, Deep Security Agents upgraded to version 20.0.0-4726 encountered "Get Events Failed" and "Command Not Found" alerts. SF05738607/SEG-145679/DS-72117
• When Anti-Malware is enabled alongside either Integrity Monitoring or Activity Monitoring, Deep Security Agent caused high CPU usage. SF05169148/SEG-129522/DS-69594
• With Anti-Malware enabled, Deep Security Agent sometimes crashed operating systems that were undergoing an ISO backup. SF05532786/SEG-139280/DS-71299
• Updated Deep Security Agent to immediately report its status to Deep Security Manager when Application Control's maintenance mode is enabled on the agent. DS-71617
• Deep Security Agent sometimes created unclear error log entries referencing "invalid" or "badly-formed" proxy URLs. SEG-144613/DS-71866

Resolved issues

• Deep Security Agent caused increased CPU usage for systems running the WMI provider service (WmiPrvSE.exe). 05528968/SEG-142736/DS-71626
• Deep Security Agent Scanner (SAP) reports displayed .SAR files in the wrong order. DS-71651
• Deep Security Agent had a conflict preventing TMUMH drivers from loading (on Windows 11 and Windows 2022), and in some cases causing a system crash (affecting all Windows platforms). SEG-143164/DSSEG-7596
• Using the command line (dsa_control -b), Deep Security Relay failed to extract the bundle file required to update in a closed network environment. SF05715642/SEG-144571/DSSEG-7600
• With Log Inspection enabled, Deep Security Agents upgraded to version 20.0.0-4726 encountered "Get Events Failed" and "Command Not Found" alerts. SF05738607/SEG-145679/DS-72117
• When Anti-Malware is enabled alongside either Integrity Monitoring or Activity Monitoring, Deep Security Agent caused high CPU usage. SF05169148/SEG-129522/DS-69594
• With Anti-Malware enabled, Deep Security Agent generated "Anti-Malware Engine Offline" errors caused by service restarts following a software upgrade. SF05521775/SEG-144639/DSSEG-7615
• With Anti-Malware enabled, Deep Security Agent sometimes caused a system crash or high system memory usage, or failed to deliver event reports. SF05475742/SEG-142632/DSSEG-7626
• With Anti-Malware enabled, Deep Security Agent sometimes crashed operating systems that were undergoing an ISO backup. SF05532786/SEG-139280/DS-71299
• Updated Deep Security Agent to immediately report its status to Deep Security Manager when Application Control's maintenance mode is enabled on the agent. DS-71617
• Deep Security Agent sometimes created unclear error log entries referencing "invalid" or "badly-formed" proxy URLs. SEG-144613/DS-71866

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Response. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7633/DS-71687

• Highest CVSS score: 6.2
• Highest severity: Medium

Resolved issues

• With Log Inspection enabled, Deep Security Agents upgraded to version 20.0.0-4726 encountered "Get Events Failed" and "Command Not Found" alerts. SF05738607/SEG-145679/DS-72117
• When Anti-Malware is enabled alongside either Integrity Monitoring or Activity Monitoring, Deep Security Agent caused high CPU usage. SF05169148/SEG-129522/DS-69594
• With Anti-Malware enabled, Deep Security Agent sometimes crashed operating systems that were undergoing an ISO backup. SF05532786/SEG-139280/DS-71299
• Deep Security Agent sometimes created unclear error log entries referencing "invalid" or "badly-formed" proxy URLs. SEG-144613/DS-71866

New features

• Anti-Malware: Real-Time Scan, Manual Scan, and Scheduled Scan can all be triggered from Cloud One Workload Security. Additionally, the Anti-Malware offline scheduled scan feature allows scheduled scans for malware to run even when the agent is unable to connect to Workload Security.
• Web Reputation: Deep Security Agent for macOS uses a browser extension ("Trend Micro Toolbar" for Safari, Chrome, and Firefox browsers) to support both HTTP and HTTPS for the Web Reputation module.

In Preview

• Device Control: Deep Security Agent for macOS (version 20.0.0-158+) supports Device Control for USB Mass Storage protocol with Full Access, Ready-Only and Block policies on macOS.
• Activity Monitoring: Deep Security Agent for macOS (version 20.0.0-158+) supports Trend Micro XDR Activity Monitoring. For more information about XDR and Activity Monitoring, see Integrate Workload Security with XDR. Network Isolation Response from the Vision One Portal is also supported.

S**ecurity updates: Deep Security Agent for macOS supports pattern update and engine update. Support for rollback security updates will be added in a future release.