New feature

• Agent self-protection: This feature helps prevent users on the local system from tampering with the agent. For more information, and help configuring agent self-protection, see Enable or disable agent self-protection in Linux.
• Rocky Linux 9 support: Deep Security Agent (version 20.0.0-6313+) now supports Rocky Linux 9, including FIPS mode and Secure Boot support (This requires Deep Security Manager version 20.0.716+). DS-73727

Enhancements

• Deep Security no longer supports certificates signed with the SHA-1 algorithm. The agent now requires SSL certificates issued using SHA-256 to communicate with the Deep Security Manager. C1WS-5676
  • To prevent communication errors between the Deep Security Agent and Deep Security Manager, follow the instructions to Upgrade the Deep Security cryptographic algorithm.
  • If one of more agents were updated to version 20.0.0-6313 or newer before upgrading the cryptographic algorithms, follow the steps in Deep Security Agent (DSA) offline when OpenSSL 3 rejects certificate with SHA-1 algorithm.
• With Anti-Malware and Behavior Monitoring enabled, Deep Security Agent now monitors for suspicious behavior to improve protection against MITRE attack scenarios. This functionality requires Deep Security Manager version 20.0.716+. DS-73644
• Deep Security Agent (version 20.0.0-6313+) now supports FIPS mode for Oracle Linux 8. (This requires Deep Security Manager version 20.0.711+). DS-73778

Resolved issues

• For component updates, Deep Security Agent would attempt with and without use of a proxy and generate an event for each attempt. To make event reporting more straightforward, this behavior has been changed so that after a successful update the agent will only show the final successful event. SF06207160/SEG-160085/DSSEG-7765
• Deep Security Agent crashes and issues connecting with Deep Security Manager caused Anti-Malware Offline events. SF06061098/SEG-154701/DS-74665
• With Web Reputation Enabled, some characters entered in console commands were not being parsed properly. For example, an underscore (_) entered in a command was replaced with a dash (-), and an uppercase Z was replaced with a lowercase z. DS-74335

With Activity Monitoring enabled, a connectivity issue caused Deep Security agents to appear offline for some Trend Micro Cloud One - Workload Security customers. The agent introducing this issue is no longer available. For more details, please see Removal of Deep Security Agent 20.0.0-5953 for Linux. SEG-161456

• With Activity Monitoring enabled, the internal MQTT channel sometimes became inaccessible. This caused high CPU usage and Deep Security Agent errors (MQTT offline, hub is busy, cannot connect to dsa-connect) as well as Trend Micro Vision One connectivity loss and the inability to send telemetry. SEG-160263/SEG-161138/SEG-160116/SEG-159318/DS-74638/DS-75367/DS-75193
• Application Control sometimes failed to block programs running in namespace mode. SF05929869/SEG-151363/DS-74116
• Integrity Monitoring sometimes failed to create events after running certain console commands (for example, passwd or mv commands). 05718251/SEG-148552/DS-72643
• Older Application Control events were not being removed from the database as intended, causing the events.db file size to increase indefinitely. SF06172729/SEG-159548/DS-74706
• When Integrity Monitoring event generation is interrupted by a process or system crash, it could lead to incorrect events being created. SF05508030/SEG-138756/DS-72470

New features

• Windows 10 22H2 support: Deep Security Agent (version 20.0.0-6313+) now supports Windows 10 22H2. (This requires Deep Security Manager version 20.0.716+.)

Enhancements

• Deep Security no longer supports certificates signed with the SHA-1 algorithm. The agent now requires SSL certificates issued using SHA-256 to communicate with the Deep Security Manager. C1WS-5676

• • To prevent communication errors between the Deep Security Agent and Deep Security Manager, follow the instructions to Upgrade the Deep Security cryptographic algorithm.
  • If one of more agents were updated to version 20.0.0-6313 or newer before upgrading the cryptographic algorithms, follow the steps in Deep Security Agent (DSA) offline when OpenSSL 3 rejects certificate with SHA-1 algorithm.
• With Anti-Malware and Behavior Monitoring enabled, Deep Security Agent now monitors for suspicious behavior to improve protection against MITRE attack scenarios. This functionality requires Deep Security Manager version 20.0.711+. DS-73644
• Updated Deep Security Agent to support the "Trend Micro Toolbar for Enterprise" Chrome browser extension, improving HTTPS protection for Web Reputation Service. DS-74870

Resolved issues

• Deep Security Agent sometimes caused file handle leaks when communicating with Deep Security Manager or agent command-line tools. DS-75111
• For component updates, Deep Security Agent would attempt with and without use of a proxy and generate an event for each attempt. To make event reporting more straightforward, this behavior has been changed so that after a successful update the agent will only show the final successful event. SF06207160/SEG-160085/DSSEG-7765
• With Web Reputation Enabled, some characters entered in console commands were not being parsed properly. For example, an underscore (_) entered in a command was replaced with a dash (-), and an uppercase Z was replaced with a lowercase z. DS-74335

Enhancements

• Deep Security no longer supports certificates signed with the SHA-1 algorithm. The agent now requires SSL certificates issued using SHA-256 to communicate with the Deep Security Manager. C1WS-5676

• • To prevent communication errors between the Deep Security Agent and Deep Security Manager, follow the instructions to Upgrade the Deep Security cryptographic algorithm.
  • If one of more agents were updated to version 20.0.0-6313 or newer before upgrading the cryptographic algorithms, follow the steps in Deep Security Agent (DSA) offline when OpenSSL 3 rejects certificate with SHA-1 algorithm.

Resolved issues

• Updated Deep Security Agent for AIX platforms to support Advanced Threat Scan Engine (ATSE) version 21.600. DS-75323
• For component updates, Deep Security Agent would attempt with and without use of a proxy and generate an event for each attempt. To make event reporting more straightforward, this behavior has been changed so that after a successful update the agent will only show the final successful event. SF06207160/SEG-160085/DSSEG-7765
• The Deep Security Agent log file (ds-agent.log) sometimes failed to rotate, causing it to use more disk space than intended. SF05306459/SEG-137003/DS-72899
• With Web Reputation Enabled, some characters entered in console commands were not being parsed properly. For example, an underscore (_) entered in a command was replaced with a dash (-), and an uppercase Z was replaced with a lowercase z. DS-74335