New features

• User mode solution: This feature provides basic Activity Monitoring and Anti-Malware functions through Fanotify and eBPF on systems that lack kernel support. Deep Security Agent cannot protect runtime container workloads in this mode.

Enhancements

• Deep Security Agent 20.0.1-7380 and later supports most features for SUSE Linux Enterprise Server 12 SP5 (PowerPC little-endian). Application Control, Integrity Monitoring, and Trend Vision One (XDR) are currently unsupported for this platform. DSA-2626
• Deep Security Agent 20.0.1-7380 and later supports most features for SUSE Linux Enterprise Server 15 SP2, SP3, and SP4 (PowerPC little-endian). Application Control, Integrity Monitoring, and Trend Vision One (XDR) are currently unsupported for this platform. DSA-2630
• Deep Security Agent now supports Trend Vision One Service Gateway exclusions. This is only supported for Trend Cloud One - Endpoint & Workload Security users at this time. V1E-17754
• Deep Security Agent can have its proxy configuration set by the Trend Vision One Proxy Manager. V1E-14557

Resolved issues

• Deep Security Agents running in cloud environments sometimes could not be activated for Trend Cloud One - Endpoint & Workload Security. DSA-4861
• When SAP Scanner was enabled, system events for "SAP: Anti-Malware module is not ready" or "SAP: Virus Scan service is not working correctly" sometimes displayed during Deep Security Agent upgrade. These system event messages were triggered by the restart of Deep Security Agent modules. There was no functional impact. DSA-4603
• Deep Security Agent caused high CPU usage on some systems using TLS inspection with the tm_netagent process running. PCT-22031/DSA-4805
• After enabling Trend Micro Service Gateway Generic Caching Service (GCS) from Trend Vision One, Deep Security Manager and Trend Cloud One - Endpoint & Workload Security displayed the "Check Status Failed" error when communicating with Deep Security Agent. DSA-4763
• The local Smart Protection Server sometimes showed an incorrect number of Deep Security Agents. DSA-3780

Enhancements

• Deep Security Agent now supports Trend Vision One Service Gateway exclusions. This is only supported for Trend Cloud One - Endpoint & Workload Security users at this time. V1E-17754
• Deep Security Agent can have its proxy configuration set by the Trend Vision One Proxy Manager. V1E-14557
• Deep Security Agent now supports custom actions "ActiveAction" or "Pass" for the Process Memory Scan. This is only supported for Trend Cloud One - Endpoint & Workload Security users on Windows platforms at this time. DSA-3621

Resolved issues

• Deep Security Agents running in cloud environments sometimes could not be activated for Trend Cloud One - Endpoint & Workload Security. DSA-4861
• When SAP Scanner was enabled, system events for "SAP: Anti-Malware module is not ready" or "SAP: Virus Scan service is not working correctly" sometimes displayed during Deep Security Agent upgrade. These system event messages were triggered by the restart of Deep Security Agent modules. There was no functional impact. DSA-4603

Enhancements

• Deep Security Agent now supports Trend Vision One Service Gateway exclusions. This is only supported for Trend Cloud One - Endpoint & Workload Security users at this time. V1E-17754
• Updated Deep Security Agent for AIX platforms to increase the pre-remove script timeout to 120 seconds. PCT-19843/DSA-4839

Resolved issues

• Deep Security Agents running in cloud environments sometimes could not be activated for Trend Cloud One - Endpoint & Workload Security. DSA-4861

New Features

• Cross-account AWS role registration: Seed region and Security Token Service (STS) endpoint selection can now be done using the AWS connector wizard and AWS account properties page in Deep Security Manager.

Enhancements

• Deep Security Manager now supports Oracle Database 23c. DSM-366

Changed the Migration API default timeout for Cloud One Endpoint & Workload Security to 60 seconds. The previous default was 10 seconds, which sometimes led to timeout before agents were transferred from Deep Security Manager. The timeout can be set between 10 and 1200 seconds (20 minutes) using the settings.configuration.defaultWorkloadSecurityMigrationApiTimeout. PCT-21902/PCT-22361/PCT-22860/PCT-22249/DSM-579

• Updated third-party licenses for Deep Security Manager. DSM-564
• Improved Azure connector performance for some system configurations. DSM-472

Resolved issues

• Changes to the Deep Security Virtual Appliance OVF file's IP address (Computer > Properties > NSX Configuration > General) sometimes failed to be applied. PCT-20529/PCT-23331/DSM-545
• The public IP and network security group were not being displayed in the virtual machine summary for some Azure VM configurations. DSM-459
• Database connection issues sometimes caused Deep Security Manager to delete in-use Deep Security Agent installers. SEG-188888/PCT-7221/PCT-15200/DSM-348
• Deep Security Manager's console displayed Windows 10 Enterprise multi-session as "Windows Server 2019" when it should have displayed the platform as "Windows 10." SEG-131712/DS-69474/DSM-326