New feature

• Agent self-protection: This feature helps prevent users on the local system from tampering with the agent. For more information, and help configuring agent self-protection, see Enable or disable agent self-protection in Linux.

Enhancements

• Deep Security Agent (version 20.0.0-5953+) now supports FIPS mode for Oracle Linux 8. (This requires Deep Security Manager version 20.0.711+).

Resolved issues

• With Activity Monitoring enabled, the internal MQTT channel sometimes became inaccessible. This caused Deep Security Agent errors (MQTT offline, hub is busy, cannot connect to dsa-connect) as well as Trend Micro Vision One connectivity loss and the inability to send telemetry. SEG-160263/SEG-161138/SEG-160116/SEG-159318/DS-74638
• Application Control sometimes failed to block programs running in namespace mode. SF05929869/SEG-151363/DS-74116
• Integrity Monitoring sometimes failed to create events after running certain console commands (for example, passwd or mv commands). 05718251/SEG-148552/DS-72643
• Older Application Control events were not being removed from the database as intended, causing the events.db file size to increase indefinitely. SF06172729/SEG-159548/DS-74706
• When Integrity Monitoring event generation is interrupted by a process or system crash, it could lead to incorrect events being created. SF05508030/SEG-138756/DS-72470

Known issues

• With Activity Monitoring enabled, a connectivity issue causes Deep Security agents to appear offline for some Trend Micro Cloud One - Workload Security customers. This issue can be mitigated by restarting the dsa-connect or ds_agent services. For more details, please see Removal of Deep Security Agent 20.0.0-5953 for Linux. SEG-161456

New features

• Windows 11 22H2 support: Deep Security Agent (version 20.0.0-5995+) now supports Windows 11 22H2. (This requires Deep Security Manager version 20.0.711+.)

Enhancements

• Updated Deep Security Agent to support the "Trend Micro Toolbar for Enterprise," a Chrome browser extension that extends HTTPS protection for Web Reputation Service. This is only supported for Trend Micro Cloud One - Workload Security customers at this time. DS-74568
• Updated the Web Reputation Service to support multi-thread processing on the web browser extension, improving the query rate. DS-74098
• Updated Deep Security Agent to include the details of command line Behavior Monitoring violations in the console under Events & Reports > Events > Anti-Malware Events. DS-72866

Resolved issues

• A file handle leak in the Deep Security notifier (notifier.exe) caused high system memory usage. DS-74325
• In Workload Security, enabling OS proxy (by setting "Allow agents to apply OS proxy or direct connect when the configured proxy is inaccessible" set to "Yes" from Administration > System Settings > Proxies) would cause Deep Security Agent to crash if the proxy data the agent needed was missing on the operating system side. SEG-158968/DS-75034
• With Activity Monitoring enabled, high message volume sometimes made the internal MQTT channel inaccessible. This caused Deep Security Agent errors (MQTT offline, hub is busy, cannot connect to dsa-connect) as well as Trend Micro Vision One connectivity loss and the inability to send telemetry. SEG-160263/SEG-161138/SEG-160116/SEG-159318/DS-74638
• While running Application Control in maintenance mode, executable files that should have been accessible were sometimes blocked due to a sharing violation. SF04922652/SEG-131710/DS-74592
• Application Control was unable to block scripts executed using GitBash shell (sh.exe). DS-73827
• With Activity Monitoring enabled, Deep Security Agent caused file handle leaks on some systems. DS-74301
• Deep Security Agent caused an outdated "Early Launch Anti-Malware Pattern" component to appear on the Security Updates page, causing the Security Update Status to be "Out-of-Date". This pattern was unused, which is why it always appeared as an outdated component. SEG-158345/DSSEG-7745
• Deep Security Agent sometimes allowed a higher access level than the one set by a user's group. For example, the "Users" group was able to modify files even if it had read-only access. SEG-157530/DSSEG-7737
• With Anti-Malware enabled, a Deep Security Agent driver caused some systems running Windows Server 2008 to crash. SF05926337/SEG-157388/DSSEG-7739

New features:

• Activity Monitoring: Deep Security Agent supports additional Remote Shell commands. For more information, see Trend Micro Vision One (XDR) Remote Shell.

In preview:

• OS proxy: Deep Security Agent now supports OS proxy exclusions. For more information, see Enable OS proxy.

macOS version support: Deep Security Agent now supports macOS Ventura (13.0.1 or later).

Enhancements

• Updated Deep Security Manager to include "Project ID" for computers using Google Cloud Platform. SF05811253/SEG-147466/DS-72694

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-74218

• Highest CVSS: 7.5
• Highest severity: High