Deep Security Linux Agent - 20.0.0-6658 (20 LTS Update 2023-03-22)
Deep Security Agent - 20.0.0-6658 (20 LTS Update 2023-03-22)
Release date: March 22, 2023
Build number: 20.0.0-6658New features
- Oracle Linux 9 support: Deep Security Agent (version 20.0.0-6658+) now supports Oracle Linux 9, including FIPS mode and Secure Boot support. (This requires Deep Security Manager version 20.0.737+).
- Service Gateway: Deep Security Agent (version 20.0.0-6658+) now supports the Service Gateway feature, providing forward proxy functionality. (This requires Deep Security Manager version 20.0.741+.)
Enhancements
- When an Application Control Trust Entities path rule uses a wildcard without specifying a filename, the wildcard will now apply to all files in any directory matching the rule's path. (Previously, the globstar (**) wildcard would apply to a path rule's directory and subdirectories, as opposed to the single star (*) wildcard which would only match within the path rule's directory.) DS-75133
- Intrusion Prevention's Web Reputation Service now includes OS platform metadata. DS-75453
- Anti-Malware events generated by the SAP Scanner now include file hashes. DS-75648/SEG-165491
- Application Control now checks web browser execution of .HTML, .HTM, and .JS files. DS-75102
- Deep Security Agent now sends full command lines for processes to Deep Security Manager, improving the Recommendation Scan's rule recommendations. (Previously, the agent only sent the first 2048 characters of each process's command line.) C1WS-11728
- Deep Security Agent (version 20.0.0-6658+) now supports Secure Boot for Ubuntu 22. (This requires Deep Security Manager version 20.0.737+.) DS-73729
- Deep Security Agent (version 20.0.0-6658+) now supports the Proxy Manager for Trend Micro Vision One (XDR) Threat Intelligence - User Defined Suspicious Object (UDSO). DS-75365
- Updated Deep Security Agent's logging system to provide additional information and tracing to debug customer issues more efficiently. The agent now generates five (5) log files (dsa-connect-X.log) that are 2MB each instead of the agent's previous three 1MB log files. C1WS-9598
- The logger supports an on-demand JSON config file (either dsa-connect.ini or dsa-connect.conf) with the following configurable options:
- Debug: Enable the debug log messages (Default: false)
- Count: Number of log files to generate (Default: 5)
- Size: Maximum size of each log file in bytes (Default: 2097152)
Example config file:
{
"Debug": true,
"Count": 5,
"Size": 2097152
}What's new in Deep Security Agent? | Deep SecurityResolved issues
- When the Advanced TLS Traffic Inspection "Inspect TLS/SSL traffic" option was set to "No" from the console (Computer or Policy > Intrusion Prevention > General > Advanced TLS Traffic Inspection), driver-side SSL packets were sometimes still being processed. DS-76160
- The Deep Security Agent kernel support package download was sometimes interrupted, generating "Agent Integrity Check Failed" warnings and "Kernel Unsupported" errors. SEG-169497/DS-76545
- Deep Security Agent's Intrusion Prevention System sometimes failed to block "TCP Congestion Flags" properly. DS-76182
- Anti-Malware Behavior Monitoring had a driver issue causing kernel warnings on some systems. SF06254724/SEG-163042/ORCA-762
- When Anti-Malware Smart Scan was enabled, an IPC connectivity issue caused some systems to crash. SEG-169132/C1WS-10821
- Deep Security Agent security updates were failing due to a file handle issue that prevented files from being removed during an update. DS-75907
- A process thread timeout caused the Anti-Malware Engine to restart unexpectedly on some systems. SF06524736/SEG-169218/DS-76656
- When a SOCKS proxy was used, Deep Security Agent failed to provide a Web Reputation Services rating for HTTP URLs. DS-73482/DS-73364
- Deep Security Agent upgrade sometimes failed because of a missing signature in the agent package. SF06045259/SEG-154576/DS-73668
- Deep Security Agent was generating system events showing that the Advanced Threat Search Engine (ATSE) component had been removed on some systems. SEG-147779/DS-75463
- Updated Deep Security Agent to increase the MQTT timeout from 30 minutes to 2 hours to help resolve connection issues on some systems. C1WS-11835
- Deep Security Agent was unable to connect to the Anti-Malware Smart Scan service on some systems. SEG-168468/DS-76433
- Deep Security Agent caused performance issues on systems generating a large number of container environment Application Control events. SF06538377/SEG-169605/DS-76594
Deep Security Windows Agent - 20.0.0-6690 (20 LTS Update 2023-03-29)
Deep Security Agent - 20.0.0-6690 (20 LTS Update 2023-03-29)
Release date: March 29, 2023
Build number: 20.0.0-6690New features
Enhancements
- Deep Security Agent installation now performs a pre-check to verify if its operating system meets Azure Code Signing (ACS) requirements. For more information, see Trend Micro Server and Endpoint Protection Agent Minimum Windows Version Requirements. DS-75552
- Application Control now checks the execution of Microsoft Windows Control Panel Applet (.CPL) files. DS-74587
- Application Control now checks the execution of Microsoft Compiled HTML help (.CHM) files. DS-74828
- When an Application Control Trust Entities path rule uses a wildcard without specifying a filename, the wildcard will now apply to all files in any directory matching the rule's path. (Previously, the globstar (**) wildcard would apply to a path rule's directory and subdirectories, as opposed to the single star (*) wildcard which would only match within the path rule's directory.) DS-75133
- Web Reputation Service now includes OS platform metadata. DS-75453
- Deep Security Agent (version 20.0.0-6690+) now supports the Proxy Manager for Trend Micro Vision One (XDR) Threat Intelligence - User Defined Suspicious Object (UDSO). DS-75365
- Updated Deep Security Agent's logging system to provide additional information and tracing to debug customer issues more efficiently. The agent now generates five (5) log files (dsa-connect-X.log) that are 2MB each instead of the agent's previous three 1MB log files. C1WS-9598
- The logger supports an on-demand JSON config file (either dsa-connect.ini or dsa-connect.conf) with the following configurable options:
- Debug: Enable the debug log messages (Default: false)
- Count: Number of log files to generate (Default: 5)
- Size: Maximum size of each log file in bytes (Default: 2097152)
Example config file:
{
"Debug": true,
"Count": 5,
"Size": 2097152
}
- The Web Reputation Service's Browser Extension now allows Trend Micro Toolbar for Chrome browser to inspect URLs for content scripts in all frames. DS-75387
- Anti-Malware events generated by the SAP Scanner now include file hashes. DS-75648/SEG-165491
Resolved issues
- Deep Security Agent events and module status changes sometimes failed to appear in the console. DS-46344/SEG-67100/SEG-101719/SEG-112311
- When Anti-Malware's "Enable network directory scan" option was enabled (Computer or Policy > Anti-Malware > General > Real-Time Scan > Malware Scan Configuration > Advanced > Network Directory Scan)), malware was detected but a corresponding event was not recorded in some cases. SF06198579/SEG-160763/DSSEG-7786
- When the Advanced TLS Traffic Inspection "Inspect TLS/SSL traffic" option was set to "No" from the console (Computer or Policy > Intrusion Prevention > General > Advanced TLS Traffic Inspection), driver-side SSL packets were sometimes still being processed. DS-76160
- Deep Security Agent's Intrusion Prevention System sometimes failed to block "TCP Congestion Flags" properly. DS-76182
- When Anti-Malware Smart Scan was enabled, an IPC connectivity issue caused some systems to crash. SEG-169132/C1WS-10821
- Updated Deep Security Agent to increase the MQTT timeout from 30 minutes to 2 hours to help resolve connection issues on some systems. C1WS-11835
- Deep Security Agent was incorrectly generating system events showing that the Advanced Threat Search Engine (ATSE) component had been removed on some systems. SEG-147779/DS-75463
- Deep Security Agent upgrade sometimes failed because of a missing signature in the agent package. SF06045259/SEG-154576/DS-73668
- Application Control now checks web browser execution of .HTML, .HTM, and .JS files. DS-75102
- When a SOCKS proxy was used, Deep Security Agent failed to provide a Web Reputation Services rating for HTTP URLs. DS-73482/DS-73364
- A process thread timeout caused the Anti-Malware Engine to restart unexpectedly on some systems. SF06524736/SEG-169218/DS-76656
- Deep Security Agent security updates were failing due to a file handle issue that prevented files from being removed during an update. DS-75907
- Deep Security Agent Scanner (SAP) couldn't generate reports for files with one or more trailing dots . in their file name. SF06181341/SEG-166326/DS-76404
What's new in Deep Security Agent? | Deep SecurityKnown issues
- Deep Security Agent versions 20.0.0-6313 and newer are currently unable to load the third-party libraries required to use Remote Shell, File Collection, or Network Isolation on the Windows 2008 platform. If you need these three features on a -Windows 2008 system, please avoid upgrading your agent. DS-75176
- Updating Deep Security Agent causes Deep Security Manager to show an unknown error event (ID: 740) on some systems. A future Deep Security Manager release will address this issue. For more details, see Unrecognized Agent\Appliance Error Event in Deep Security Manager (Event ID 1010 - 1013). DS-76813
Deep UNIX Security Agent - 20.0.0-6658 (20 LTS Update 2023-03-22)
Deep Security Agent - 20.0.0-6658 (20 LTS Update 2023-03-22)
Release date: March 22, 2023
Build number: 20.0.0-6658New features
Enhancements
- Intrusion Prevention's Web Reputation Service now includes OS platform metadata. DS-75453
- Updated Deep Security Agent's logging system to provide additional information and tracing to debug customer issues more efficiently. The agent now generates five (5) log files (dsa-connect-X.log) that are 2MB each instead of the agent's previous three 1MB log files. C1WS-9598
- The logger supports an on-demand JSON config file (either dsa-connect.ini or dsa-connect.conf) with the following configurable options:
- Debug: Enable the debug log messages (Default: false)
- Count: Number of log files to generate (Default: 5)
- Size: Maximum size of each log file in bytes (Default: 2097152)
Example config file:
{
"Debug": true,
"Count": 5,
"Size": 2097152
}What's new in Deep Security Agent? | Deep SecurityResolved issues
- When the Advanced TLS Traffic Inspection "Inspect TLS/SSL traffic" option was set to "No" from the console (Computer or Policy > Intrusion Prevention > General > Advanced TLS Traffic Inspection), driver-side SSL packets were sometimes still being processed. DS-76160
- Deep Security Agent's Intrusion Prevention System sometimes failed to block "TCP Congestion Flags" properly. DS-76182
- When Anti-Malware Smart Scan was enabled, an IPC connectivity issue caused some systems to crash. SEG-169132/C1WS-10821
- Deep Security Agent security updates were failing due to a file handle issue that prevented files from being removed during an update. DS-75907
- A process thread timeout caused the Anti-Malware Engine to restart unexpectedly on some systems. SF06524736/SEG-169218/DS-76656
- When a SOCKS proxy was used, Deep Security Agent failed to provide a Web Reputation Services rating for HTTP URLs. DS-73482/DS-73364
- Deep Security Agent upgrade sometimes failed because of a missing signature in the agent package. SF06045259/SEG-154576/DS-73668
- Deep Security Agent was generating system events showing that the Advanced Threat Search Engine (ATSE) component had been removed on some systems. SEG-147779/DS-75463
- Updated Deep Security Agent to increase the MQTT timeout from 30 minutes to 2 hours to help resolve connection issues on some systems. C1WS-11835
Deep Security Manager - 20.0.741 (20 LTS Update 2023-03-15)
Deep Security Manager - 20.0.741 (20 LTS Update 2023-03-15)
Release date: March 15, 2023
Build number: 20.0.741https://help.deepsecurity.trendmicro.com/20_0/on-premise/release-notes-dsm.htmlNew Features
