Archived Deep Security Manager release notes
For release notes from this year, see What's new in Deep Security Manager?.
For release notes from the long-term support LTS release, Deep Security Manager - 10.0 readme.
Enhancement 1: [DSSEG-948/SF00314256] The Deep Security Azure cloud connector did not support Azure CSP subscriptions. Solution 1: The Deep Security Azure cloud connector now supports Azure CSP subscriptions.
Issue 1: [DSSEG-956] The default settings for Document Exploit Protection in Deep Security Manager 10.0 may be too aggressive for tenants, resulting in some false-positive detection. Additionally, if a customer had configured Malware Scan Configuration settings in 9.6 SP1, it could result in Document Exploit Protection being disabled in Deep Security 10.0. Solution 1: Change the Document Exploit Protection settings back to Trend Micro recommended settings.
Issue 2: [DSSEG-954] In an NSX 6.3 environment, shutting down the Deep Security Virtual Appliance would cause the protected VM to lose network connectivity. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-927] When Deep Security Manager was using Microsoft SQL Server 2008 R2 or earlier, the Deep Security Manager console was unable to show an instance list under a vCloud connector that contained more than 500 activated instances. Solution 3: This issue is resolved in this release.
Issue 4: [DSSEG-926] When a user manually added a computer to the Deep Security Manager console and also imported the vCenter containing the computer, Deep Security Manager would raise a duplicate UUID alert. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-887] When Deep Security Manager was synced with an Active Directory using the "Assign the same Deep Security Role to all Directory Group members" option, a newly- added user could not log in to Deep Security Manager until the Active Directory was re-synced. Solution 5: This issued was caused by a null value exception. Deep Security Manager now handles the null value exception.
Issue 6: [DSSEG-867] When users navigated to the Actions tab in Deep Security Manager but didn't have the appropriate permissions for the page, they would be logged out. Solution 6: When users without appropriate permissions navigate to the Actions tab, they will not be logged out and they will see an error message.
Issue 7: [DSSEG-866] When viewing application control drift events using the time-based histogram, there is a known boundary issue where, when selecting the detailed histogram view, some events from the higher-level view are not shown in the expanded view below. Solution 7: The logic used to calculate the x-axis in histograms has been improved.
Issue 8: [DSSEG-850] With application control, when sending a new policy with an updated ruleset, although the policy was received by the agent, the enforcement did not occur as expected. This triggered an error that was reported by the agent. Solution 8: This issue is fixed in this release.
Issue 9: [DSSEG-849] A large number of application control shared rule sets would accumulate on the Deep Security Manager file system. This was because whenever there was modification on the ruleset, it was not deleted. Solution 9: A housekeeping mechanism is now in place so that application control removes the temporary ruleset files from Deep Security Manager's file system.
Issue 10: [DSSEG-777] With application control, when a user performs the undo of a Block or Allow decision, the event "Decision Log Undo" should be generated. Instead, an "Apply ruleset failed" event was incorrectly generated. This was caused by conflicting event IDs. Solution 10: The Decision Log Undo ID has been changed to prevent this conflict.
Enhancement 1: [DSSEG-1089/SEG-875] In some environments, the Anti-Malware Solution Platform (AMSP) could cause high disk input/output when the common scan cache was on. By default, the AMSP common scan cache is on. To disable it, open a Windows command prompt on the Deep Security Manager computer, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.disableAmspCommonScanCache -value true
Enhancement 2: [DSSEG-838] In previous releases, the "Smart Protection Server Disconnected" alert could only be cleared manually by a user. In this release, Deep Security Manager will clear the alert automatically when it receives a "Smart Protection Server Connected" event.
Enhancement 3: [DSSEG-1127/DSSEG-1126,1127/SEG-8328] By default, Deep Security Agents send ping requeststo a domain controller (DC) every 10 seconds for the Contexts function. This release enables users to configure agents to not send ping requests to domain controllers if the Contexts function is not used: To configure the agents not to send ping requests to domain controllers:
1. In Deep Security Manager, go to "Administration > System Settings > Contexts".
2. Set "Test Interval" to "Never" and click "Save".
Note: This enhancement requires that you upgrade your Deep Security Agents to 10.0 Update 2 to make the setting take effect.
Enhancement 4: This release adds the ability to specify a timeout value for scheduled malware scans. You can see the new option by going to Administration > Scheduled Tasks and adding or editing a "Scan Computers for Malware" scheduled task. The timeout option is available for daily, weekly, monthly, and once-only scans. It is not available for hourly scans. When a scheduled malware scan is running and the timeout limit has been reached, any tasks that are currently running or pending will be cancelled.
Enhancement 5: [DSSEG-1058] Deep Security Manager now provides a single deployment script for both Windows and Linux and adds the ability to allow customers to select a proxy setting and add it to the deployment script.
Issue 1: [DSSEG-1168] In previous releases, the Deep Security Manager installer only accepted a colon as the separator in the host name on the Database screen. In a silent install, it was "DatabaseScreen.Hostname=Hostname\IP:Port number". Solution 1: In this release, you can use either a colon or comma as the separator.
Issue 2: [DSSEG-1144] When adding an Azure connector via proxy with authentication required, the authentication would fail. Solution 2: Based on a suggestion from Oracle, basic authentication is now reactivated while using the Active Directory Authentication Library (ADAL).
Issue 3: [DSSEG-1129/SEG-3089] Image files with a .png extension in the Deep Security Manager diagnostic package could not be opened. Solution 3: File extension of the images was corrected to be .svg, to match the image format.
Issue 4: [DSSEG-1078] There was a cross-site scripting risk in the Deep Security Manager general script page common.js. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-1061] When the Use a Schedule for Upgrade option is selected, the upgrade time is on based on the time zone of the Deep Security Manager computer. However, the schedule displayed under Policies > Common Objects > Other > Schedules reflected the time zone where the user is located, which could be different from the time zone of the Deep Security Manager. This difference sometimes caused confusion. Solution 5: The schedules displayed on the "Schedules" page are not associated with any time zone. But when a schedule is applied to a rule or task, it will be applied using the Deep Security Manager or Agent's local time.
Issue 6: [DSSEG-1054] The database migration task in the Deep Security 10 GM build did not set migration status correctly and dropped temporary tables when there was no data that needed to be migrated. This prevented the Deep Security Manager from receiving any agent events. Solution 6: This issue is resolved in this release.
Issue 7: [DSSEG-1053] Some users experienced issues with scheduled tasks, where the task was being performed on the wrong day. This was because the task day was scheduled in the timezone of the Deep Security Manager or tenant, which could be significantly different from the user timezone. While the time of day would be correctly converted between the user timezone and the scheduling timezone, in some cases if the conversion caused the day or date to change (for example, Wednesday May 10th 10pm UTC is equivalent to a Thursday May 11th 2am UTC+4), the task would be scheduled 24 hours too early or too late. Solution 7: With this release of Deep Security, all new scheduled tasks are created with a specified associated timezone. This can be edited in the scheduled task properties. Any existing tasks will have schedules displayed in the timezone in which they are currently scheduled (tenant or Deep Security Manager).
Issue 8: [DSSEG-1005] During an agent-initated reactivation of the Deep Security Agent, Deep Security Manager sent a ResetAgent command to the agent before sending the activation command. If something went wrong during the reactivation process, such as a network disconnection, it could result in the agent being reset but not activated. Solution 8: This issue is resolved in this release.
Issue 9: [DSSEG-994] When a load balancer was configured with a heartbeat hostname but the load balancer manager hostname was empty, it would cause the agent to receive an empty manager hostname and package downloads would fail. Solution 9: This issue is resolved in this release.
Issue 10: [DSSEG-990] When using Deep Security Manager with Oracle Database 12c version 184.108.40.206.0 or higher, a maintenance job would not complete successfully. In the Deep Security Manager console, under Administration > System Information > System Details > Optimizations > Maintenance Job Schedule, the "Last run" time would display "Never". Solution 10: This release upgrades the JDBC driver to version 220.127.116.11, which enhances database performance and resolves this issue.
Issue 11: [DSSEG-951] When Deep Security Manager performed a Synchronize VMware vCenter job and the job could not be completed, it occupied Deep Security Manager resources and other jobs could not be processed. Solution 11: This hot fix adds a timeout value to the Synchronize VMware vCenter job. If the job cannot be finished within two minutes, Deep Security Manager will terminate the job so that other jobs will not be affected.
Issue 12: [DSSEG-886] When Deep Security updated its components, some computers appeared out of date on the Security Updates page. The out-of-date warning message could persist for more than an hour. Solution 12: This issue is fixed in this release.
Issue 13: [DSSEG-1123] When changing a user password, the password was available as plain in the body of the response. Solution 13: This issue is fixed in this release.
Issue 1: [DSSEG-1275/SEG-11140/SEG-11414/SEG-11262/SEG-11244/SEG-11337] Deleting a vMotion job completion state record while synchronizing with vCenter sometimes caused Deep Security Manager to become locked. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-1256/SEG-11143] The numbers displayed in the Reconnaissance section of an Attack Report were incorrect. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-1251] In the 7-day view, the dashboard widget graphs were being populated based on the timezone of the Deep Security Manager or tenant. If users were in a different timezone, the display could be confusing. Solution 3: Graphs are now populated based on the user's timezone. If the user's timezone in "User Properties" is changed, the graphs will populate based on the new timezone when the page is reloaded.
Issue 4: [DSSEG-1227] In environments where Debian is installed without lsb_release, such as in Azure, a Deep Security deployment script would produce an "Unsupported platform is detected" error. Solution 4: The deployment script now allows Debian with or without lsb_release installed.
Issue 5: [DSSEG-1176, DSSEG-1171] Cross-site scripting vulnerabilities were identified. Solution 5: This issue is fixed in this release.
Enhancement 1: [DSSEG-1309] Deep Security Manager can now be installed on Microsoft Windows Server 2016.
Enhancement 2: [DSSEG-1308/00408162/00416136/00278947/00418482/00439807] Deep Security Manager now supports Microsoft SQL Server 2016
Issue 1: [DSSEG-1392] The count number for new available software was not correct. When a user clicked the software link, there were no updates listed. Solution 1: The issue is fixed in this release.
Issue 2: [DSSEG-1346] In past releases, the default value for the "Administration > System Settings > Storage > Automatically delete System Events older than:" setting was "Never". This sometimes resulted in the Deep Security Manager SystemEvents table becoming too large because system events were not pruned unless customers changed the default value. Solution 2: Starting with this release, the default setting for "Automatically delete System Events older than" has been changed to "53 Weeks (534240)".
Issue 3: [DSSEG-1297/SEG-11373] SQL Server Express is supported as of Deep Security 10.0 Update 2, but the warning messages when using SQL Server Express were not updated in Japanese and Simplified Chinese. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-1295/SEG-9782] File lists would not accept multiple files. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-1290] When Deep Security Manager was installed in silent mode, Install4j would put all user-supplied installation parameters into install.varfile. Some of those parameters contained sensitive information such as the license code and password. Solution 5: The installer will no longer write those sensitive parameters into the file.
Issue 6: [DSSEG-1287] The SystemEventX.arc and AgentEventX.arc files were not removed after insertion of records. By default, the undeleted *.arc files were reparsed for insertion of records every 10 minutes as part of Disk Monitoring job and during the Deep Security Manager service restart. Solution 6: The files are now removed after records are inserted.
Issue 7: [DSSEG-1156/SEG-3648] There was a performance issue in Deep Security Manager when loading the Computers page and Computer Status widget with a large VMware environment
deployment. Solution 7: This issue is fixed in this release.
Issue 8: [DSSEG-986] When a scheduled malware scan was running, the URL of a Deep Security Virtual Appliance displayed in the Malware Scan Status widget was incorrect. Solution 8: This issue is fixed in this release.
Enhancement 1: [DSSEG-1404/TT 353335] A new policy setting (Computer/Policy editor > Settings > General > Suppress all pop-up notifications on host) enables you to hide all pop-up windows on hosts.
Issue 1: [DSSEG-1478/SEG-13376] NSX synchronization was not able to run within the scheduled vCenter synchronization task execution in a multiple vCenter environment. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-1472/SEG-10032] Deep Security Manager encountered high memory usage when performing recommendation scans for computers that install large amount of software. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-1429/SEG-13059] The SOAP API eventretrieve() method did not sort the result set. As a result, these problems somtimes occurred: the incorrect last event ID was shown, events were missing, or there were duplicate events. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-1420/SEG-13068] Deep Security Manager opened an unneeded connection to vCenter during the post-activation process for a virtual appliance, which sometimes caused an activation failure due to a connection timeout. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-1355/SEG-12776] If Deep Security Manager could not get all running processses from the agent, a NullPointerException would appear in the log file. Solution 5: An error is now logged instead of a NullPointerException.
Issue 6: [DSSEG-1262] When Deep Security Manager was running in multi-tenant mode, the settings that control SIEM configuration for tenants did not work as expected. Solution 6: There is a new option under "System Settings > Tenants" that allows the primary tenant (t0) to hide or show SNS settings for tenants. If the t0 clears the checkboxes for the SIEM, SNS, and SNMP options on the "Tenants" tab, tenants will not see the "Administration > System Settings > Event Forwarding" tab.
Enhancement 1: [DSSEG-1592] Recommendation scans now runs significantly faster than in the previous release.
Enhancement 2: [DSSEG-1289] Improved the performance when using IE/Edge when displaying pages that load spinners (animation graphics).
Issue 1: [DSSEG-1765] In a multi-tenant Deep Security environment, if the primary tenant (t0) configured proxy settings, other tenants (tn) would see a false critical alert: "Invalid System Settings Detected". Solution 1: This issue is resolved in this release.
Issue 2: [DSSEG-1753/SEG-18290/SF00643059] A user upgraded Deep Security Manager from version 9.6 to 10.0, created a policy, and then exported the policy. When the policy was imported into a fresh installation of Deep Security Manager 10.0, some system settings were not maintained. Solution 2: This issue is resolved in this release.
Issue 3: [DSSEG-1678] When a multi-tenant environment had a single database and it's state was "Not Accepting Tenants", tenants could still be created using the REST API. Solution 3: The API will not be able to create tenants if the database is not accepting new tenants.
Issue 4: [DSSEG-1674/528084/SEG-12190] When Deep Security Manager sent a policy update to agents, it used to acquire a RULESET_UPDATE_LOCK to protect application control data from concurrent updates. When sending a policy to a large number of agents, this would slow down the agent heartbeat jobs, eventually causing the agent heartbeats to be rejected. Solution 4: The critical section protected by RULESET_UPDATE_LOCK has been reduced. The RULESET_UPDATE_LOCK is now acquired for application control ruleset hash computation during the policy updates. This reduces contention for the lock while sending the policy to the agents and speeds up the heartbeat jobs.
Issue 5: [DSSEG-1651/SEG-16202] These issues occurred in a multi-tenant environment:
- An administrator whose "Multi-Tenant Administration" permission was set to "View-only" was unable to save any of the settings under "Administration > Systems Settings" in Deep Security Manager.
- When a primary tenant (t0) specified that the SIEM, SNMP, and SNS settings should be hidden from tenants, tenants (tn) would experience display issues with the "Administration > System Settings" tabs, where the tabs would move. Solution 5: These issues are fixed in this release
Issue 6: [DSSEG-1650] The default value for the SNS setting was changed to false, which caused backward compatibility issues. Solution 6: The default value for the SNS setting has been changed back to true.
Issue 7: [DSSEG-1646] In Event-Based Tasks, adding a "*" character to the beginning of the regular expression to match ALL parent folders was not working as expected. Solution 7: This issue is resolved in this release.
Issue 8: [DSSEG-1611/SEG-15581/SF00592192] Duplicate computers sometimes appeared under the same Active Directory. The duplicate computers could not be removed after an Active Directory synchronization. Solution 8: This issue is fixed in this release.
Issue 9: [DSSEG-1587/SF00503030/SEG-10934] Customers using Deep Security 9.6 or earlier would see an alert indicating that a newer Deep Security Manager version is available, even after upgrading to the latest long-term support version (Deep Security 10.0). Solution 9: The check for Deep Security Manager updates now separates long-term support versions (like Deep Security 10.0) from feature releases (like Deep Security 10.1). Long-term support deployments only check from newer long-term support releases, while feature release deployments will check for any newer releases.
Issue 10: [DSSEG-1580] The versions of Java JRE and Apache Tomcat used in Deep Security Manager have been upgraded to Java 8 u152 and Apache Tomcat 8.5.23, respectively.
Issue 11: [DSSEG-1555/SEG-12190] The heartbeat processing thread and job creation thread would sometimes block each other when one of them got stuck while acquiring a tenant host usage lock. This caused the Deep Security Manager system to become unresponsive. Solution 11: This issue is fixed in this release.
Issue 12: [DSSEG-1549] If a scheduled malware scan was triggered while a manual malware scan was already running, a manager job was created for the scheduled scan, which was not necessary. Solution 12: If a scheduled malware scan is triggered while a manual malware scan is already running, the scheduled malware scan will be skipped.
Issue 13: [DSSEG-1534/SEG-12549/SEG-9431] Under certain circumstances, a VMotion procedure will open a new database transaction inside a vCenter synchronization transaction, which caused Deep Security Manager to become unresponsive and unable to create or process any jobs. Solution 13: This issue is fixed in this release.
Issue 14: [DSSEG-1516/SEG-7200] When a large number of host groups were added to Deep Security Manager, the loading speed of the Computers page became very slow. Solution 14: An algorithm has been improved to increase the page loading speed.
Issue 15: [DSSEG-1476/SEG-14212] In a multi-tenant environment, if the state of the primary tenant (t0) database was "Not Accepting Tenants" but there were other databases that could accept tenants, the options for the primary database server were still displayed in the tenant creation wizard. If no database was accepting tenants and an administrator attempted to create a new tenant, there was no warning until the tenant creation was being processed. Solution 15: If the state of the primary tenant (t0) database is "Not Accepting Tenants" but there are other databases that can accept tenants, the options for the primary database server are not displayed in the tenant creation wizard. If there are no databases accepting new tenants and an administrator tries to create a new tenant, the administrator will see this warning: "No database servers are configured to accept new tenants. Please review your database settings before adding a new tenant" and will not be able to continue with the wizard.
Issue 16: [DSSEG-1148/SEG-1206] The default ICRC log level for a Deep Security Agent on Linux is "debug", which causes the ds_am-icrc.log file to grow quickly. Solution 16: Change the default ICRC log level to "warn". For a fresh agent installation, the default ICRC log level will be set to "warn" by default.
Enhancement 1: [DSSEG-1703] Deep Security Manager has been improved to handle RESTful requests more efficiently.
Issue 1: [DSSEG-1911/SEG-21111] Deep Security Manager did not prevent the creation of a policy that contained certain exceptions, which allowed an incomplete policy to be sent to agents. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-1910] Deep Security Manager encountered high memory usage when performing recommendation scans for computers that install large amount of software. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-1840/SF00670579/SEG-20155] When using an Oracle Database with Deep Security Manager, host groups sometimes did not display correctly in the Deep Security Manager console. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-1745] When Deep Security Manager sent Web Reputation events to Trend Micro Control Manager, the time information for the events was incorrect. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-1591/SEG-7200] When the "Computers" page in Deep Security Manager contained many host groups, the computer editor (displayed when you double-click a host) would load very slowly. Solution 5: The computer editor now will load more quickly.
Enhancement 1: [DSSEG-1981] This release adds support for Amazon Linux 2.
Issue 1: [DSSEG-1941/SEG-21111 When a database error was encountered while upgarding the schema for a T0 (primary tenant) database, the installer would continue the installation process. This issue could cause the software and database to have different schema versions. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-1938] When multi-tenancy was not enabled, users who were assigned the "Full Access" role would see some screens related to multi-tenancy. Solution 2: This issue is fixed in this release. Screens related to multi-tenancy are displayed only in a multi-tenant environment.
Issue 3: [DSSEG-1913/SEG-20404] When Deep Security Manager was running in single- tenant mode, the Deep Security Agent did not send events to the syslog server directly. Solution 3: If you have not encountered this issue in your Deep Security deployment, this release can prevent it. If the issue is occurring in your environment, apply this release and then execute the following command on the Deep Security Manager computer: dsm_c -action changesetting -name "settings.configuration.forceT0SyslogSettings" -value false
Issue 4: [DSSEG-1805] The event "Intrusion Prevention Rule Compilation Failed" appears when Deep Security Agent tries to compile intrusion prevention rules but fails. In previous releases, the warning message was not dismissed when the agent successfully compiled the rules on a subsequent attempt. Solution 4: The warning message is now dismissed automatically.
Issue 5: [DSSEG-1705/603349/SEG-16030] Deleting inactive AWS hosts in an environment with a heavy concurrent cloud sync load caused database transaction deadlocks and prevented other operations from saving changes to the database. Solution 5: This issue is resolved in this release.
Enhancement 1: [DSSEG-2015/SEG-23240] The versions of Java JRE used in Deep Security Manager have been upgraded to Java 8 u162.
Enhancement 2: [DSSEG-1906]TLS authentication is now enforced when accessing Trend Micro Active Update server.
Issue 1: [DSSEG-2096] When Deep Security was operating in combined mode, recommendation scans did not generate and apply integrity monitoring rules to the virtual appliance. Solution 1: This issue is resolved in this release.
Issue 2: [DSSEG-1976] The folder name in Windows agent deployment script for Asiainfo Security was not correct. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-1588] During vMotion, Deep Security Manager would display "Firewall Engine Offline" and "Intrusion Prevention Engine Offline" events, but there would not be a corresponding event when the vMotion was completed and the engine was back online. Solution 3: This issue is fixed in this release.
Enhancement 1: [DSSEG-1954] With the introduction of certificate validation for agent deployment scripts, hash validation is no longer necessary. This release of Deep Security Manager removes the hash validation check for deployment scripts on Linux platforms.
Enhancement 2: [DSSEG-1761/VRTS-1842] To enhance security, this release contains upgrades to some third-party libraries used by Deep Security Manager.
Issue 1: [DSSEG-2123/SF00768090/SEG-24724] Some system events were not registered in the Deep Security Manager system event cache. As a result, if the time period for a summary report included one of those events, the report process could not find the event in the cache, causing a null pointer exception. Solution 1: This issue is fixed in this release.
Issue 1: [DSSEG-2241/SEG-21481] When intrusion prevention events were triggered by the intrusion prevention module rather than by an intrusion prevention rule, a syslog sent via Deep Security Manager would display the severity of the event as 10, but a syslog sent directly from the Deep Security Agent would display the severity as 5. In addition, there was a duplicate protocol name in the protocol field of a syslog forwarded via Deep Security Manager. Solution 1: With this release, the severity will be set consistently to 5 and the protocol name will not be duplicated.
Enhancement 1: [DSSEG-2110] The Deep Security Virtual Appliance computer detail page now displays information about the version of the appliance that is deployed.
Enhancement 2: [DSSEG-2262] The versions of Java JRE used in Deep Security Manager have been upgraded to Java 8 u172.
Issue 1: [DSSEG-2305/SEG-28922/00845132] In the Deep Security Manager console, users could not add files in root directory "/" to an exclusion file list. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2194/SEG-26960] Content in the DPI_Rule_Recommendation_Report was truncated when its length was longer than the field. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-1889] When the regular expression used for an event-based task contained a negation (for example, do not activate a computer name that begins with a particular string), the match results were sometimes not as expected. Solution 3: This issue is fixed in this release.
Enhancement 1: [DSSEG-2412] This release includes enhancements to the anti-evasion settings:
- When changing the anti-evasion settings from Normal to Custom, the configurable values now show the normal setting values by default instead of strict setting values.
- Most of the anti-evasion settings now have "Allow" and "Silent Deny" as available options. These options reduce the number of network events that tenants need to deal with.
- New rules and tenants will not be have the "Deny" and "Log Only" options available in the anti-evasion custom logging options. However, these options remain unchanged for tenants who already have them selected.
Enhancement 2: [DSSEG-1944/SEG-19575] A new password rule has been added for Deep Security Manager users. Passwords cannot match the username or username spelled backward (not case sensitive).
Issue 1: [DSSEG-2559] If you misuse firewall rules to block Address Resolution Protocol (ARP) traffic, you see 'Agent offline' issues in Deep Security Manager. This problem occurs because other necessary traffic (DNS or DHCP) is blocked even though ARP traffic is passed through the network engine. Solution 1: This issue is resolved by adding hidden 'Force Allow' firewall rules for ARP that allow you to bypass this necessary traffic through a Deep Security Manager control. Additionally, you can control whether to 'force allow' DNS, DHCP, and ICMP packet fragments using the new 'Force Allow DHCP DNS' and 'Force Allow ICMP type3 code4' settings. To find these settings, go to the manager's Policy editor or the Computer editor and click "Settings > Advanced". See the Deep Security Help Center for details. You might consider disabling DNS, DHCP, and ICMP if security concerns outweigh 'Agent offline' messages.
Issue 2: [DSSEG-2521] This update fixes some security vulnerabilities.
Issue 3: [DSSEG-2420/SF00895643/SEG-29809] In the File Lists, the Deep Security Manager did not accept the Windows file paths that started with a wildcard on the root directory of a file system. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-2416/SEG-26103] In Deep Security Manager, the wrong DNS name was displayed in the computer editor, under "Overview > General > VMware Virtual Machine Summary". Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-2410/SEG-13784] When Deep Security Manager processes a heartbeat from a Deep Security Agent on a cloud instance, it may need to acquire a lock to perform rehoming and update tenant host usage. In previous releases, the lock acquiring mechanism in Deep Security Manager could cause a bottleneck, resulting in an increased heartbeat rejection rate and negatively affecting Deep Security Manager performance. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-2384] Deployment scripts created in Deep Security Manager did not detect the correct version of Amazon Linux, resulting in Deep Security Agent for Amazon Linux being installed instead of Deep Security Agent Amazon Linux 2. Solution 6: This release fixes this issue. The deployment script correctly detects Amazon Linux 2.
Issue 7: [DSSEG-2240/SEG-28221] A syslog server encountered errors when a hostname contained special characters. Solution 7: This issue is fixed in this release.
Issue 8: [DSSEG-2214] Japanese translation of microseconds was shown as a milliseconds. Solution 8: This issue is fixed in this release.
Enhancement 1: [DSSEG-2766] Deep Security Manager now supports Deep Security Agent for Debian 9.
Enhancement 2: [DSSEG-2742] This release includes enhancements to the Deep Security Manager diagnostics package:
- The default file size limit has been increased from 200 MB to 2 GB.
- When the verbose option is selected and the diagnostic package generates separate XML files for specific tables, the same information is not repeated in the debug.xml file.
Enhancement 3: [DSSEG-2365] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an update.
Issue 1: [DSSEG-2702] The Deep Security Manager did not display system event 934 - Software Update: Anti-Malware Windows Platform Update Successful. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2670] Deep Security Manager did not allow activation of Deep Security Agents installed on servers running Solaris 9. Solution 2: Deep Security Manager has been modified to allow these activations.
Issue 3: [DSSEG-2664/SF00646921/SEG-26000] Microsoft Internet Expolorer consumed a large amount of CPU time when accessing the Deep Security Manager console. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-2645/SEG-13304] During a graceful Deep Security Manager node shutdown, if the node was used for NSX communication, the next manager node was assigned as an NSX communication node, even if that node was offline. Solution 4: Deep Security Manager now checks that the next manager node is online before assigning it as an NSX communication node.
Issue 5: [DSSEG-2621/SF01034097/SEG-32852] The Deep Security Agent's GUID is not included in the Anti-Malware and Web Reputation events when the Deep Security Manager sends those events to the Control Manager. Therefore, the Control Manager can't properly identify the affected hosts when processing the event notifications. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-2590] Collecting a Deep Security Manager diagnostic package using the dsm_c command with verbose enabled sometimes failed to include the debug.xml if there were more than 5000 hosts. Solution 6: This release has resolved this issue; however, for larger numbers of hosts (>10 000), the JVM memory for dsm_c.exe may need to be increased. This is done by creating a file named dsm_c.vmoptions and including, for example, "-Xmx2g" to increase memory to 2GB.
Issue 7: [DSSEG-2529/00829419/SEG-28660] Event Forwarding via Amazon SNS repeatedly caused send failures because of events with descriptions that were too long. Solution 7: This issue is fixed in this release.
Enhancement 1: [DSSEG-2902] In this release, a time zone improvement has been added to the Deep Security Manager logging.
Issue 1: [DSSEG-2798/01136786/SEG-34881] "User Session Validation Failed" events occurred unexpectedly when the Deep Security Manager sign-in page was accessed. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2743] The previous heartbeat default buffer size (2 KB) was too small in some environments, and could cause the Deep Security Agent to fail to communicate properly with the Deep Security Manager. Solution 2: The socket buffer size for agent-initiated communication is now configurable and the default value has been increased to 32 KB.
Enhancement 1: [DSSEG-3147] Added a system setting (settings.configuration.enableStrongCiphers) that allows users to enforce that all communication is conducted using strong ciphers.
Enhancement 2: [DSSEG-2994/SEG-28030/SF00852527] In a multi-tenant Deep Security Manager environment, alert emails now include the Tenant Name and Tenant ID.
Enhancement 3: [DSSEG-2989] When generating a diagnostics package in Deep Security Manager running on Windows, if you select the "System Information" option, the diagnostics package will now include the manager's msinfo file.
Enhancement 4: [DSSEG-2783] The versions of Apache Tomcat used in Deep Security Manager have been upgraded to 8.5.34.
Issue 1: [DSSEG-3073/SEG-38539/01258057] When Event Forwarding was configured to forward logs from the Deep Security Agent directly to the Syslog Server, the Deep Security Manager continued to send the same logs to the Syslog Server. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2967/SF01312959/SEG-38377] UNC paths could not be added to Behavior Monitoring Protection Exceptions. Solution 2: This issue is fixed in this release.
Enhancement 1: [DSSEG-3189] Oracle JRE 8u181 has been replaced with Azul Zulu OpenJDK 8u192.
Enhancement 2: [DSSEG-3161] When a protected ESXi is upgraded to a newer version or a new ESXi version is deployed, Deep Security Manager automatically detects the ESXi version and adds it to the Trend Micro Deep Security service in NSX Manager, which helps to ensure the successful deployment of the related version of dsva.ovf.
Issue 1: [DSSEG-3331/01458561/SEG-41188] When several ESXi hosts were managed by different vCenters, Deep Security Manager sometimes displayed incorrect Deep Security Virtual Appliance information. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3179] Sometimes, when a large number of vMotion jobs did not finish normally (such as when the Deep Security Manager service was shut down) new vMotion jobs could not be processed. Other Deep Security Manager jobs were affected as well. Solution 2: The issue is fixed in this release.
Issue 3: [DSSEG-2363/SEG-28457] When agent self-protection was enabled in a policy and the policy was duplicated, the duplicate copy of the policy did not include the correct self-protection password. Solution 3: A duplicate policy now includes the agent self- protection password, if one was specified in the original policy.
Enhancement 1: [DSSEG-3415] Updated JRE to the latest Critical Patch Update (8.0.202).
Issue 1: [DSSEG-3539] When customers with a large number of smart folders, computer groups, and policies clicked "Events & Reports > Generate Reports" and then quickly switched to the "Recurring Reports" tab before the initial page was fully loaded, Deep Security Manager would display a spinner but the "Recurring Reports" tab was not populated unless the customer returned to the "Single Report" tab and allowed enough time for it to fully load. Solution 1: The Deep Security Manager console has been improved. Instead of presenting "Single Report" and "Recurring Reports" as tabs on the "Generate Reports" page, they are now separate items under "Generate Reports" in the navigation pane, which allows you to access them independently. The solution also makes the initial response of the "Single Report" page visible to the user much earlier and loads the necessary content on demand, significantly reducing latency.
Issue 2: [DSSEG-3338] In Deep Security Manager's Anti-Malware Quarantined File page, search and sort results based on "Computer" column were not correct. Solution 2: The issue is fixed in this release.
Enhancement 1: [DSSEG-3779] Updated JRE to the latest Critical Patch Update (8.0.212).
Enhancement 2: [DSSEG-3750] For AWS connector full synchronization, synchronization errors have been isolated from different regions so that the errors will not affect the synchronization of other regions.
Enhancement 3: [DSSEG-3730] Added the ability to enable or disable Common Scan Cache for each agent through a CLI command.
Issue 1: [DSSEG-3622/SEG-47711/01816620] The Log Source Identifier field of syslog configurations was changed when upgrading Deep Security Manager. Solution 1: This issue is fixed in this release.
Issue 1: [DSSEG-3745/SEG-48936/SF01775616] The Event API did not handle NULL severity values gracefully. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3694] On the primary tenant, unsigned and self-signed software packages can no longer be imported to Deep Security Manager. Solution 2: This issue is fixed in this release
Issue 3: [DSSEG-3692] Deep Security Rule Updates must now be signed before being imported or applied. Solution 3: This issue is fixed in this release.
Issue 1: [DSSEG-3837] The Deep Security Manager console contains links for more information about the Trend Micro Smart Protection Network. Those links pointed to an outdated URL. Solution 1: The Trend Micro Smart Protection Network URL has been updated.
Issue 2: [DSSEG-3972/SEG-47565] Anti-Malware Engine status would change to offline when the BIOS UUID of a VMware Virtual Machine was changed. Solution 2: This issue is fixed in this release.
Issue 1: [DSSEG-4713/SEG-55842/02223786] The activation code which extended the expiration date license for a multi-tenant account could not be inputted for enabling multi-tenant function because Deep Security Manager did not check the license status online. Solution 1: This issue is fixed in this release.
Issue 1: [SF02386588/DSSEG-4604/SEG-59107] Deep Security 10.0 (Simplified Chinese) uses a Simplified Chinese version of the Smart Scan Agent pattern, but it queried the English version of the Smart Scan service, causing unexpected virus detection results. Solution 1: The URL for the Simplified Chinese version of the Smart Scan service has been updated.
Issue 2: [SF02449882/DSSEG-4888/SEG-63362] The "Activity Overview" widget sometime displayed the incorrect database size. Solution 2: This issue is fixed in this release.