Deep Security 11 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Archived Deep Security Agent release notes
For release notes from this year, see What's new in Deep Security Agent?.
Linux
For release notes from the long-term support release, see Deep Security Agent - Linux 11.0 readme.
Update 1
Enhancement 1: [DSSEG-2324] This release of the Deep Security Agent supports Debian 9 64.
Issue 1: [DSSEG-2411] When Anti-Malware was enabled, a kernel panic could occur due to a memory allocation failure. Solution 1: The issue is fixed in this release.
Update 2
Enhancement 1: [DSSEG-2787] The Linux Deep Security Agent fresh install will not download the older version engine from iAU if the Deep Security Agent Anti-Malware module already includes the new engine.
Enhancement 2: [DSSEG-2488] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an Anti-Malware update.
Enhancement 3: [DSSEG-2274] Deep Security Agent is now supported on Ubuntu 18.04. This agent is compatible with the corresponding Deep Security Manager update.
Issue 1: [DSSEG-2735/SEG-34502] When a TCP connection was established with the same tuples as a previously tracked one, the network engine could set the connection track to an incorrect status. This sometimes happened on a busy server where rapid connections reused a recycled connection. The networkengine treated it as an "Out of connection" error and dropped the packet. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2685/SEG-33407] When Anti-malware real-time driver initialization failed, the operating system sometimes crashed. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-2566] When firewall or intrusion prevention rules were assigned to specific network interfaces, it sometimes did not trigger network configuration recompilation, and the Deep Security Agent Network Engine wouldn't load the expected configuration. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-2466/SEG-30270/SF00900562] When a host machine's locale was not set to UTF-8, the Deep Security Agent installation would not complete and the agent could not be activated. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-2417/00817382/SEG-26134] When certain Intrusion Prevention rules for Oracle Database Server were enforced, the network filter driver crashed the computer. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-2408/00863552/SEG-29915] Deep Security Agent would sometimes crash when collecting truncated logs from the kernel module. Solution 6: The issue is resolved in this release.
Update 3
Enhancement 1: [DSSEG-2828/SEG-34684] Previously, the network engine would sometimes fill the MAC field in event logs with zeros for outgoing packets, to make the logs easier to read. This release removes this behavior to avoid issues in an overlay network environment. In the event logs, the MAC address for outgoing packets may be empty or contain a random number.
Enhancement 2: [DSSEG-2745/00389528/441559/00513686/00611107/
00528775/SF00340345/00425845/538145/SF00374619/
SF179909/SF159145/SF318628/00368352] In this release, the Deep Security Agent installer checks the installation platform to prevent installation of an agent that does not match the platform. This feature is supported on:
- Amazon Linux and Amazon Linux 2
- Red Hat Enterprise Linux 6 and 7
- CentOS 6 and 7
- Cloud Linux 7
- Oracle Lnux 6 and 7
- SUSE Linux Enterprise Server 11 and 12
Enhancement 3: [DSSEG-2606] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o.
Enhancement 4: [DSSEG-2258] The Anti-Malware engine offline error is no longer reported when the computer is preparing to shutdown.
Issue 1: [DSSEG-2875/SEG-28060/00853021] After upgrading Deep Security Agent from version 9.6 to 10.0 on a Linux platform, the Component Set version was not updated, which caused the Security Update Status to display "Out-of-Date". Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2835/SEG-33414/00854640] The Deep Security Agent's CPU usage spiked every 10 seconds. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-2739] When Deep Security Agent was installed on a virtual machine (VM) and the VM was reverted to an earlier state, Log Inspection event data was not synchronizedproperly between the Deep Security Agent and Deep Security Manager. Solution 3: This issue is fixed in this release.
Update 4
Enhancement 1: [DSSEG-3090/SEG-37605] This release updates the Anti-Malware scan engine to latest version.
Enhancement 2: [DSSEG-3023] The version of zlib used by the Deep Security Agent has been updated to zlib-1.2.11.
Enhancement 3: [DSSEG-2971] The version of curl used by the Deep Security Agent has been updated to curl-7.61.1.
Issue 1: [DSSEG-3091] In certain configurations, the Deep Security Agent kernel driver loaded an incorrect configuration, causing an OS crash. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3033] Deep Security Agent running on Ubuntu 18.04 on Azure was not activated into Microsoft Azure cloud accounts. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3012] An unactivated Deep Security Agent reached 100% CPU usage when handling a long HTTPS request. Solution 3: The issue is fixed in this release.
Issue 4: [DSSEG-3006/SEG-33124] The Anti-malware driver had a compatibility issue with a GFS2/GFS cluster environment. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-2891/SEG-34463] The Agent operating system could crash when Anti-Malware was enabled or the Agent was stopped. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-2877/00386295/00461478/573707/00487753/SEG-5825] Users who are not using a local Smart Protection Server (SPS) reported many dropped retransmit "rxjammed" events in the Firewall when using Web Reputation Service, which caused the Firewall logs to fill up. Solution 6: Dropped Retransmit "rxjammed" events are no longer recorded in the Firewall log.
Issue 7: [DSSEG-2975] When Anti-Malware was enabled on Linux, Deep Security Agent would not stop the service gracefully. Solution 7: This issue is fixed in this release.
Update 6
Enhancement 1: [DSSEG-3311/SEG-39216] Real-time Anti-Malware scans are now supported for CloudLinux 6 (64-bit).
Enhancement 2: [DSSEG-2995] Deep Security Agent has been updated to support PFS cipher suites.
Issue 1: [DSSEG-3353/DSSEG-3177/SEG-39670] An Integrity Monitoring rule could be triggered unintentionally when the prefix of its base directory path matched that of another rule. For example, if you had rules that monitored "c:\lab\" and "c:\lab1\", and added a file "c:\lab1\sample.txt", both rules would be triggered. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3267] Deep Security Agent real-time Anti-Malware scans didn't work correctly with a Linux 4.12 kernel. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3123] When real-time Anti-Malware scans were enabled on Linux, a lot of Linux Security Module logs were generated. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3110] A native firewall could not be turned on/off automatically after the Deep Security Firewall module was enabled or its configuration was changed. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-2740/SF01098357/SEG-33956] The Deep Security Agent process would crash due to a race condition in the Web Reputation Service rating thread when the protocol of the connection to the rating server (Smart Protection Server) was "https". Solution 5: This issue is fixed in this release.
Update 7
Issue 1: [DSSEG-3393/SEG-38497/SEG-33163] An SAP system with Java running in a Linux environment failed to start when Deep Security Scanner returned an error code without an error message. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3390] Deep Security Scanner encountered problems when an SAP client program created a large number of scan tasks. Solution 2: Scanner has been improved and can now handle a larger number of scan tasks.
Issue 3: [DSSEG-3319/SEG-38673] When 'Reactivate unknown agents' was enabled, Deep Security Manager was re-activating the embedded agent on the Deep Security Virtual Appliance unnecessarily. Solution 3: This release includes new logic for recognizing the agent when processing heartbeats from the Deep Security Virtual Appliance, which fixes the issue.
Issue 4: [DSSEG-3254] Deep Security Agent real-time Anti-Malware scans and Application Control didn't work correctly with a Linux 4.18 kernel. Solution 4: This issue is fixed in this release.
Update 8
Enhancement 1: [DSSEG-3547] The version of SQLite used by the Deep Security Agent has been updated.
Issue 1: [DSSEG-3474/SEG-44111] Scan Engine sometimes failed while re-compressing extracted files into archive files. Therefore, Deep Security Manager incorrectly reported archive files as cleaned. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3467/SEG-21286] Real-time anti-malware scans sometimes caused a kernel panic on some specific file systems. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3466/SF01248702/SEG-44565] Deep Security Agent GSCH driver had an issue with another third-party file system. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3439/SEG-43146/SF01531697] Deep Security Anti-Malware caused the 'fusermount' process to fail when mounting the filesystem. Solution 4: This issue has been fixed in this release.
Issue 5: [DSSEG-3369/SF01415702/SEG-42919] When multiple Smart Protection Servers were configured, the Deep Security Agent process would sometimes crash due to an invalid sps_index. Solution 5: The issue is fixed in this release.
Issue 6: [DSSEG-2687/SEG-32679/1033963] Deep Security Agent logged "Error on SIOCETHTOOL: (error 95: Operation not supported)" every minute. Solution 6: This issue is fixed in this release.
Update 9
Issue 1: [DSSEG-3695/1939658/SEG-49191] The "Send Policy" action failed because of a GetDockerVersion error in Deep Security Agent. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3661/SEG-43300/SF01593513] Deep Security Agent failed to install on Ubuntu 18.04. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3653/01746052/SEG-46912] Anti-Malware events displayed a blank file path with invalid Unicode encoding. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3652/SF01919585/SEG-48728] Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-3632/SF01328464/SEG-46345] Deep Security Agent running on a Linux computer did not generate quarantine events for files with the detection name PACP_XXX. Solution 5: This issue is fixed in this release
Issue 6: [DSSEG-3587/SF01804378/SEG-47425] Deep Security Agent did not add Python extension module (PYD) files to the inventory of Application Control. Solution 6: This issue is fixed in this release.
Issue 7: [DSSEG-3552/SF01607298/SEG-43341] When the Application Control driver failed to load (for example, if the driver was corrupted during a Deep Security Agent upgrade), the agent sent system events to Deep Security Manager repeatedly as it tried to reload the driver. The large number of generated events consumed database storage and made the System Events extremely slow to load. Solution 7: This issue is fixed in this release. The Application Control driver loading exception is now tracked and the Application Control server is stopped after 5 failed attempts to load the driver.
Issue 8: [DSSEG-3515/SEG-45832] Deep Security Agent process potentially crashed when the detailed logging of SSL message was enabled and outputed. Solution 8: This issue is fixed in this release.
Issue 9: [DSSEG-3246/SF01358696/SEG-38712] The tbimdsa engine sometimes caused a system crash. Solution 9: This issue is fixed in this release.
Issue 10: [DSSEG-3244] When printing logs, an invalid printf() format indicated that a hash calculation was skipped due to the file size being over the maximum hash calculation size. Solution 10: This issue is fixed in this release. The printf() format has been updated.
Issue 11: [DSSEG-2642/SEG-31883] An invalid dentry object sometimes caused a kernel panic. Solution 11: The issue is fixed in this release.
Issue 12: [DSSEG-2569/SEG-27689] On Linux, Application Control included all files marked as executable in the inventory, even if it did not recognize the extension as an executable. This would result in a very large inventory database. Solution 12: This issue is fixed in this release.
Update 10
Issue 1: [DSSEG-3743/SEG-49827/SEG-36737] Deep Security Agent sometimes crashed due to defects in Lua 5.2.1. Solution 1: This issue is fixed in this release. Lua has been upgraded to version 5.2.4
Issue 2: [DSSEG-3716/SEG-50327] Using a default system language to set the locale on a Linux computer sometimes caused Anti-Malware to not function correctly. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3420/SEG-43481] Certain data structures in the Deep Security Agent packet engine were cleaned up prematurely, leading to a kernel panic and system crash. Solution 3: The code has been modified to address the premature data structure clean up.
Issue 4: [DSSEG-3236/SEG-31021/SF00889757] In some cases, Integrity Monitoring events did not include the Entity Name. Solution 4: This issue is resolved in this release.
Update 11
Enhancement 1: [DSSEG-2596] Diagnostic package can collect AMSP logs during uninstall.
Issue 1: [DSSEG-3853/SEG-50957/02017109] When using Integrity Monitoring, the Deep Security Agent crashed when a monitored entity was deleted in Deep Security 11.0 Update 10. Solution 1: The issue is fixed in this release.
Issue 2: [DSSEG-3830/SEG-34751/SF01137463] Kernel panic occurred because of redirfs. Solution 2: This issue is fixed in this release.
Update 12
Enhancement 1: [DSSEG-3872] Deep Security Agent log file statements will now include the Agent's timezone.
Enhancement 2: [DSSEG-3945] Red Hat Enterprise Linux 8 is supported in this release.
Issue 1: [DSSEG-4013/SEG-52195/SF01954511] The heartbeat thread crashed due to a SQLite exception when getting Log Inspection events. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3887] A security update was triggered every time a policy was sent to Deep Security Virtual Appliance. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3778] Many JSON decode errors occurred in the Deep Security Agent log if a Ubuntu 16.04 instance was launched and an agent in GCP or other cloud platforms was installed in it. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-3713] The ds_agent process would sometimes crash. Solution 5: This issue is fixed in this release.
Update 13
Issue 1: [DSSEG-4022] Deep Security Agent real-time Anti-Malware scans and Application Control didn't work on kernel version 5.0.0-15-generic. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3990/SEG-48011] The advanced network engine option "Maximum data size to store when packet data is captured" did not work. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3989] SUSE Linux Enterprise Server (SLES) 15 is supported in this release
Issue 4: [DSSEG-3970] The agent operating system would sometimes crash when bypassing the cluster network interface on ds_filter. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-3952/SEG-48538/01903269] The logs under /var/opt/ds_agent/diag/dsva/ on Deep Security Virtual Appliance were not rotated. Solution 5: This issue is fixed in this release.
Update 14
Issue 1: [DSSEG-4427/02229070/SEG-56937] The OS sometimes crashed when a RATT tool was used to collect driver logs. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-4307] When using Ubuntu with Netplan network interface, Deep Security Anti-Malware and the network filter driver would not start correctly. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3890/SEG-49854/SF01949194] When machines wrote document files to a file server, Anti-Malware needed to scan the files frequently, which caused other machines to fail to write the file because the file was being scanned. Solution 3: This issue is fixed in this release. For modern OSs please reboot the machine to apply this enhancement after upgrading the Deep Security Agent.
Issue 4: [DSSEG-4418/SEG-55745/SF02179544] When the Application Control "Allow unrecognized software until it is explicitly blocked" option was enabled, running large unauthorized .jar files resulted in high CPU usage by the Deep Security Agent. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-4444] Deep Security Agent SSL inspection didn't work with a TLS/SSL connection in explicit mode. Solution 5: This issue is fixed in this release.
Update 15
Issue 1: [DSSEG-2523/SEG-22509] In a Red Hat Enterprise Linux 5 or 6 or a CentOS 5 or 6 environment, Integrity Monitoring events related to the following rule were displayed even if users or groups were not created or deleted: 1008720 - Users and Groups - Create and Delete Activity Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-4550/SEG-58776/SF02374650] When Integrity Monitoring real-time scans were enabled, too many file open events were being processed which caused high CPU usage. Solution 2: This issue is fixed in this release.
Update 17
Issue 1: [DSSEG-4643] A file was not quarantined by Anti-Malware. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-4637] VMs went offline after a vMotion because the database was locked. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-4545/01780211/SEG-48175]</p> When a Powershell script was executed it would generate temporary files in the temp folder which resulted in an excessive amount of drift and security events being reported. Solution 3: This issue is fixed in this release.
Update 18
Enhancement 1: [SF02650803/SEG-65127/DSSEG-4960] Excluded AWS Lustre from file system kernel hooking to prevent kernel panic.
Issue 1: [DSSEG-4813/02321128/SEG-62785] Deep Security Virtual Appliance took too long to release file descriptors after a VM vMotion. Solution 1: This issue is fixed in this release.
Issue 2: [SF02689631/SEG-65408/DSSEG-4975] When the Anti-Malware real-time scans configuration was re-deployed, it sometimes caused kernel-mode stack overflow if there was a third-party kernel hooking module. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-4932/SEG-55479/02588698/02200526] Deep Security Agent stopped unexpectedly because of invalid memory access. Solution 3: This issue is fixed in this release
Issue 4: [SF02592363/SEG-63785/DSSEG-4902] The ds_agent process in Deep Security Virtual Appliance sometimes crashed during vMotion due to a race condition. Solution 4: This issue is fixed in this release.
Unix
Update 6
Enhancement 1: [DSSEG-3023] The version of zlib used by the Deep Security Agent has been updated to zlib-1.2.11.
Enhancement 2: [DSSEG-2971] The version of curl used by the Deep Security Agent has been updated to curl-7.61.1.
Enhancement 3: [DSSEG-3090/SEG-37605] This release updates the Anti-Malware scan engine to latest version.
Enhancement 4: [DSSEG-2606] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o.
Enhancement 5: [DSSEG-2995] Deep Security Agent has been updated to support PFS cipher suites.
Issue 1: [DSSEG-3353/DSSEG-3177/SEG-39670] An Integrity Monitoring rule could be triggered unintentionally when the prefix of its base directory path matched that of another rule. For example, if you had rules that monitored "c:\lab\" and "c:\lab1\", and added a file "c:\lab1\sample.txt", both rules would be triggered. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3238] Deep Security Agent on Solaris had a memory leak when writing the debug log. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3028] When the Anti-Malware protection module was enabled for a Deep Security Agent running on Solaris 10 Update 7 or earlier, the Anti-Malware module would fail to initialize and its status was displayed as offline. Solution 3: The Anti-Malware code has been modified to initialize successfully.
Issue 4: [DSSEG-3012] An unactivated Deep Security Agent could reach 100% CPU usage when handling a long HTTPS request. Solution 4: The issue is fixed in this release.
Issue 5: [DSSEG-2968] When upgrading the Deep Security Agent on Solaris 10, the upgrade process sometimes terminated before the new software was fully installed. Solution 5: The upgrade process now includes a check to prevent the situation that led to failed upgrades.
Issue 6: [DSSEG-2877/SEG-5825/573707/00461478/00386295/00487753] Users who are not using a local Smart Protection Server (SPS) reported many Dropped Retransmit "rxjammed" events in the Firewall when using Web Reputation Service, which caused the Firewall logs to fill up. Solution 6: Dropped Retransmit "rxjammed" events are no longer recorded in the Firewall log.
Issue 7: [DSSEG-2835/SEG-33414/00854640] The Deep Security Agent's CPU usage spiked every 10 seconds. Solution 7: This issue is fixed in this release.
Issue 8: [DSSEG-2752] When using Deep Security Agent on Solaris, the port scanning feature of the Integrity Monitoring module did not work because the agent did not have access to information on the user ID under which a given port was opened. This prevented storage of any listening port information. Solution 8: The port scanning feature on Solaris agents has been modified to store the string "n/a" for the userid. This allows the remaining port information to be stored and used in the port scanning function. However, exclusions and inclusions based on User ID still do not function correctly because this information is not available.
Issue 9: [DSSEG-2740/SF01098357/SEG-33956] The Deep Security Agent process would crash due to a race condition in the Web Reputation Service rating thread when the protocol of the connection to the rating server (Smart Protection Server) was "https". Solution 9: This issue is fixed in this release.
Issue 10: [DSSEG-2739] When Deep Security Agent was installed on a virtual machine (VM) and the VM was reverted to an earlier state, Log Inspection event data was not synchronized properly between the Deep Security Agent and Deep Security Manager. Solution 10: This issue is fixed in this release.
Issue 11: [DSSEG-2735/SEG-34502] When a TCP connection was established with the same tuples as a previously tracked one, the network engine could set the connection track to an incorrect status. This sometimes happened on a busy server where rapid connections reused a recycled connection. The network engine treated it as an "Out of connection" error and dropped the packet. Solution 11: This issue is fixed in this release.
Issue 12: [DSSEG-2673] The Deep Security Agent install, upgrade, and uninstall processes sometimes encountered issues related to filter driver loading and unloading. Solution 12: Deep Security Agent code has been restructured to make the install and upgrade more stable.
Issue 14: [DSSEG-2539/SEG-30378] Deep Security Agent crashed when it received a SIGPIPE signal in a Solaris environment. Solution 14: This issue is fixed in this release.
Issue 15: [DSSEG-2504] When the Deep Security Agent was deployed on a computer running Solaris, memory usage increased, sometimes using more than 8 GB of RAM. Solution 15: This issue is fixed in this release.
Issue 16: [DSSEG-2417/SEG-26134/00817382] When certain Intrusion Prevention rules for Oracle Database Server were enforced, the network filter driver crashed the computer. Solution 16: This issue is fixed in this release.
Issue 17: [DSSEG-2408/00863552/SEG-29915] Deep Security Agent would sometimes crash when collecting truncated logs from the kernel module. Solution 17: The issue is resolved in this release.
Update 7
Enhancement 1: [DSSEG-3354] Solaris 11.4 SPARC and x86_64 are now supported.
Issue 1: [DSSEG-3365/SEG-35814] Solaris InfiniBand interfaces are not supported in any version of Deep Security Agent. In previous releases, when those interfaces were present, Deep Security Manager displayed a 'Get Interface Failed' status for the relevant computers, and also generated many unwanted firewall events from those interfaces. Solution 1: Deep Security Agent now ignores all the traffic on InifiniBand interfaces. In addition, those interfaces do not appear in Deep Security Manager, on the Interfaces tab of the agent's Computer details page.
Update 8
Enhancement 1: [DSSEG-3547] The version of SQLite used by the Deep Security Agent has been updated.
Issue 1: [DSSEG-3369/SF01415702/SEG-42919] When multiple Smart Protection Servers were configured, the Deep Security Agent process would sometimes crash due to an invalid sps_index. Solution 1: The issue is fixed in this release.
Issue 2: [DSSEG-2687/SEG-32679/1033963] Deep Security Agent logged "Error on SIOCETHTOOL: (error 95: Operation not supported)" every minute. Solution 2: This issue is fixed in this release.
Update 9
Issue 1: [DSSEG-3695/1939658/SEG-49191] The "Send Policy" action failed because of a GetDockerVersion error in Deep Security Agent. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3652/SF01919585/SEG-48728] Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3587/SF01804378/SEG-47425] Deep Security Agent did not add Python extension module (PYD) files to the inventory of Application Control. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3552/SF01607298/SEG-43341] When the Application Control driver failed to load (for example, if the driver was corrupted during a Deep Security Agent upgrade), the agent sent system events to Deep Security Manager repeatedly as it tried to reload the driver. The large number of generated events consumed database storage and made the System Events extremely slow to load. Solution 4: This issue is fixed in this release. The Application Control driver loading exception is now tracked and the Application Control server is stopped after 5 failed attempts to load the driver.
Issue 5: [DSSEG-3515/SEG-45832] Deep Security Agent process potentially crashed when the detailed logging of SSL message was enabled and outputed. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-3246/SF01358696/SEG-38712] The tbimdsa engine sometimes caused a system crash. Solution 6: This issue is fixed in this release.
Issue 7: [DSSEG-2569/SEG-27689] On Linux, Application Control included all files marked as executable in the inventory, even if it did not recognize the extension as an executable. This would result in a very large inventory database. Solution 7: This issue is fixed in this release.
Update 10
Issue 1: [DSSEG-3743/SEG-49827/SEG-36737] Deep Security Agent sometimes crashed due to defects in Lua 5.2.1. Solution 1: This issue is fixed in this release. Lua has been upgraded to version 5.2.4
Issue 2: [DSSEG-3420/SEG-43481] Certain data structures in the Deep Security Agent packet engine were cleaned up prematurely, leading to a kernel panic and system crash. Solution 2: The code has been modified to address the premature data structure clean up.
Issue 3: [DSSEG-3236/SEG-31021/SF00889757] In some cases, Integrity Monitoring events did not include the Entity Name. Solution 3: This issue is fixed in this release.
Update 11
Enhancement 1: [DSSEG-2596] Diagnostic package can collect AMSP logs during uninstall.
Issue 1: [DSSEG-3884] Occasionally, the temporary repository created during the upgrade of Deep Security Agent for Solaris 11 was not being removed. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3853/SEG-50957/02017109] When using Integrity Monitoring, the Deep Security Agent crashed when a monitored entity was deleted in Deep Security 11.0 Update 10. Solution 2: The issue is fixed in this release.
Issue 3: [DSSEG-3776] The Deep Security Agent for Solaris 11 uninstallation sometimes failed if the agent had been upgraded previously. Solution 3: This issue is fixed in this release.
Update 12
Enhancement 1: [DSSEG-3872] Deep Security Agent log file statements will now include the Agent's timezone.
Update 14
Issue 1: [SF01751222/SEG-51655/DSSEG-4304] When a file was downloaded or uploaded to a TLS/SSL server, it sometimes failed and produced an "Unsupported SSL Version" Intrusion Prevention event. Solution 1: This issue is fixed in this release.
Issue 2: [SEG-56282/DSSEG-4400] The Deep Security Agent network engine crashed due to 0-length SSL record. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-4444] Deep Security Agent SSL inspection didn't work with a TLS/SSL connection in explicit mode. Solution 3: This issue is fixed in this release.
Issue 4: [SF01979829/SEG-51013/DSSEG-4038] When the Deep Security Agent connected through a proxy to the Deep Security Manager on Deep Security as a Service, Identified Files could not be deleted. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-3890/SEG-49854/SF01949194] When machines wrote document files to a file server, Anti-Malware needed to scan the files frequently, which caused other machines to fail to write the file because the file was being scanned. Solution 5: This issue is fixed in this release. For modern OSs please reboot the machine to apply this enhancement after upgrading the Deep Security Agent.
Issue 6: [DSSEG-4444] Deep Security Agent SSL inspection didn't work with a TLS/SSL connection in explicit mode. Solution 6: This issue is fixed in this release.
Update 17
Issue 1: [DSSEG-4545/01780211/SEG-48175] When a Powershell script was executed it would generate temporary files in the temp folder which resulted in an excessive amount of drift and security events being reported.
Update 18
Issue 1: [DSSEG-4932/SEG-55479/02588698/02200526] Deep Security Agent stopped unexpectedly because of invalid memory access.
Windows
For release notes from the long-term support release, see Deep Security Agent - Windows 11.0 readme.
Update 1
Issue 1: [DSSEG-2511] When a Deep Security Relay had Anti-Malware and agent self-protection enabled, the agent self-protection would prevent the relay-enabled agent from restarting when needed. This prevented the TLS 1.2 command from taking effect. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2513] When the anti-malware or firewall features were enabled, Deep Security Agent was not registered to the Windows Security Center on Windows 10 version 1803 (April 2018 Update). This caused the status of anti-malware and firewall to be incorrect in the Windows Security Center and Windows Defender Security Center. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-2456] During a component update, the Anti-malware service sometimes got stuck while purging the cache, so the Deep Security Agent status shown in Deep Security Manager would remain as "Security Update in Progress" for a long time. Solution 3: This issue is fixed in this release.
Update 2
Enhancement 1: [DSSEG-2488] Anti-Malware Scan Engine can be displayed and has the option to enable or disable an Anti-Malware update.
Enhancement 2: [DSSEG-2703] A report is created when Windows Anti-Malware encounters an install/upgrade failure or error because of an interop or timing issue.
Issue 1: [DSSEG-2735/SEG-34502] When a TCP connection was established with the same tuples as a previously tracked one, the network engine could set the connection track to an incorrect status. This sometimes happened on a busy server where rapid connections reused a recycled connection. The network engine treated it as an "Out of connection" error and dropped the packet. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2408/SEG-29915/00863552] Deep Security Agent would sometimes crash when collecting truncated logs from the kernel module. Solution 2: The issue is resolved in this release.
Issue 3: [DSSEG-2566] When firewall or intrusion prevention rules were assigned to specific network interfaces, it sometimes did not trigger network configuration recompilation, and the Deep Security Agent Network Engine wouldn't load the expected configuration. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-2466/SEG-30270/SF00900562] When a host machine's locale was not set to UTF-8, the Deep Security Agent installation would not complete and the agent could not be activated. Solution 4: This issu is fixed in this release.
Issue 5: [DSSEG-2417/00817382/SEG-26134] When certain Intrusion Prevention rules for OracleDatabase Server were enforced, the network filter driver crashed the computer. Solution 5: This issue is fixed in this release.
Update 3
Enhancement 1: [DSSEG-2769] The Deep Security Agent installer no longer installs all feature modules when the module plug-in files are located in the same folder as the installer. The required plug-in files are downloaded from a Relay when a policy is applied to a protected computer.
Enhancement 2: [DSSEG-2258] The Anti-Malware engine offline error is no longer reported when the computer is preparing to shutdown.
Enhancement 3: [DSSEG-2606] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o.
Issue 1: [DSSEG-2835/SEG-33414/00854640] The Deep Security Agent's CPU usage spiked every 10 seconds. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2739] When Deep Security Agent was installed on a virtualmachine (VM) and the VM was reverted to an earlier state, Log Inspection event data was not synchronized properly between the Deep Security Agent and Deep Security Manager. Solution 2: This issue is fixed in this release.
Update 4
Enhancement 1: [DSSEG-3023] The version of zlib used by the Deep Security Agent has been updated to zlib-1.2.11.
Enhancement 2: [DSSEG-2982] The URL for the Trend Micro corporate site has changed from http://www.trendmicro.co.jp/ to https://www.trendmicro.com/. Deep Security has been updated to point to the new URL where necessary.
Enhancement 3: [DSSEG-2971] The version of curl used by the Deep Security Agent has been updated to curl-7.61.1.
Enhancement 4: [DSSEG-2524/SF00908235/SEG-30932] When a cookie is detected as spyware, the related Anti-Malware event now contains the file path of the cookie. To see this information, double-click the event on the "Anti-Malware Events" page and go to "Spyware Items". The path of the cookie is displayed in the "Object" field.
Enhancement 5: [DSSEG-3090/DSSEG-2936/SEG-37605] This release updates the Anti-Malware scan engine to the latest version.
Enhancement 6: [DSSEG-2916] Deep Security Agent 11.0 Update 4 is supported on Windows 10 version 1809 (RS5).
Issue 1: [DSSEG-3012] An unactivated Deep Security Agent could reach 100% CPU usage when handling a long HTTPS request. Solution 1: The issue is fixed in this release.
Issue 2: [DSSEG-2877/00386295/00461478/573707/00487753/SEG-5825] Users who are not using a local Smart Protection Server (SPS) reported many dropped retransmit "rxjammed" events in the Firewall when using Web Reputation Service, which caused the Firewall logs to fill up. Solution 2: Dropped Retransmit "rxjammed" events are no longer recorded in the Firewall log.
Issue 3: [DSSEG-2830/SEG-34494/SEG-36247/SF01099702] The Deep Security Agent Anti-Malware kernel driver sometimes caused a system crash in high-stress conditions and could also cause certain processes to use high amounts of CPU and memory. Solution 3: This issue is fixed in this release.
Update 6
Enhancement 1: [DSSEG-2995] Deep Security Agent has been updated to support PFS cipher suites.
Issue 1: [DSSEG-3353/DSSEG-3177/SEG-39670] An Integrity Monitoring rule could be triggered unintentionally when the prefix of its base directory path matched that of another rule. For example, if you had rules that monitored "c:\lab\" and "c:\lab1\", and added a file "c:\lab1\sample.txt", both rules would be triggered. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3334] Due to a side effect from a previous fix, the Network Filter Driver would pass packets through a broadband wireless interface. Solution 2: This issue has been resolved in this release.
Issue 3: [DSSEG-3215] When both Anti-Malware real-time scans and SAP scannerwere enabled on a Windows computer that had SAP NetWeaver 7.5+ installed, a virus could be detected and quarantined, but the error code returned to SAP NetWeaver was not correct. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3144/SF01350094/SEG-39265] When a system boots up, both the Deep Security Agent and AMSP service (Anti-Malware engine) are started. The AMSP service sometimes takes longer to initialize than the agent. If the agent launched a security update task before the AMSP initialization was finished, the update task failed with the error "Anti- Malware Engine Offline". Solution 4: If the AMSP service starts normally (within approximately 180 seconds), the pattern update will be successful.
Issue 5: [DSSEG-3110] A native firewall could not be turned on/off automatically after the Deep Security Firewall module was enabled or its configuration was changed. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-2758] When upgrading Deep Security Agent, the operating system would sometimes reboot automatically. Solution 6: This issue is fixed in this release.
Issue 7: [DSSEG-2740/SF01098357/SEG-33956] The Deep Security Agent process would crash due to a race condition in the Web Reputation Service rating thread when the protocol of the connection to the rating server (Smart Protection Server) was "https". Solution 7: This issue is fixed in this release.
Update 7
Issue 1: [DSSEG-3318/SEG-42754/SF01546048] Deep Security Notifier sometimes displayed "Unknown/Unreachable" for the agent status, even though the agent was actually online and managed. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-2962/SF01337805/SEG-38476] When the Anti-Malware module could not recognize one of its digital signatures, it crashed. Solution 2: Error handling in the Anti-Malware module has been improved.
Update 8
Enhancement 1: [DSSEG-3547] The version of SQLite used by the Deep Security Agent has been updated.
Issue 1: [DSSEG-3524] Deep Security Agent's Intrusion Prevention module silently dropped zero payload UDP packets. Solution 1: The issue has been fixed in this release
Issue 2: [DSSEG-3442/SF01633410/SEG-44773] When Application Control was enabled and a Powershell script was executed it would generate temporary filesin the temp folder which resulted in an excessive amount of drift and events being reported. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3369/SF01415702/SEG-42919] When multiple Smart Protection Servers were configured, the Deep Security Agent process would sometimes crash due to an invalid sps_index. Solution 3: The issue is fixed in this release.
Issue 4: [DSSEG-3249/SF01532762/SEG-42037] The Deep Security Agent process would sometimes hang when checking the Docker version on a Windows 2008 server. Solution 4: This issue issue is fixed in this release.
Issue 5: [DSSEG-2687/SEG-32679/1033963] Deep Security Agent logged "Error on SIOCETHTOOL: (error 95: Operation not supported)" every minute. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-3375] When a VM was created by VMware Horizon instant clone, a Deep Security Agent on Windows would always have the same UUID as its clone source. Solution 6: This issue is fixed in this release. The fix uses VMware Tools to get the correct UUID.
Update 9
Issue 1: [DSSEG-3695/1939658/SEG-49191] The "Send Policy" action failed because of a GetDockerVersion error in Deep Security Agent. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3652/SF01919585/SEG-48728] Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-3587/SF01804378/SEG-47425] Deep Security Agent did not add Python extension module (PYD) files to the inventory of Application Control. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-3552/SF01607298/SEG-43341] When the Application Control driver failed to load (for example, if the driver was corrupted during a Deep Security Agent upgrade), the agent sent system events to Deep Security Manager repeatedly as it tried to reload the driver. The large number of generated events consumed database storage and made the System Events extremely slow to load. Solution 4: This issue is fixed in this release. The Application Control driver loading exception is now tracked and the Application Control server is stopped after 5 failed attempts to load the driver.
Issue 5: [DSSEG-3515/SEG-45832] Deep Security Agent process potentially crashed when the detailed logging of SSL message was enabled and
outputed. Solution 5: This issue is fixed in this release.
Issue 6: [DSSEG-3514/SF01716752/SEG-45507] Deep Security's Notifier.exe process caused high CPU usage. Solution 6: The issue is fixed in this release
Issue 7: [DSSEG-3381/1609675/SEG-43574] The "Smart Protection Server Disconnected for Smart Scan" alert did not automatically clear after the connection had been restored. Solution 7: This issue is fixed in this release.
Issue 8: [DSSEG-3246/SF01358696/SEG-38712] The tbimdsa engine sometimes caused a system crash. Solution 8: This issue is fixed in this release.
Issue 9: [DSSEG-2569/SEG-27689] On Linux, Application Control included all files marked as executable in the inventory, even if it did not recognize the extension as an executable. This would result in a very large inventory database. Solution 9: This issue is fixed in this release.
Update 10
Issue 1: [DSSEG-3743/SEG-49827/SEG-36737]
- Deep Security Agent sometimes crashed due to defects in Lua 5.2.1.
- Deep Security Agent 11.0 Update 8 (11.0.0.662) for Windows upgrade from Deep Security Agent 10.0 Update 18 (10.0.3309) and Deep Security Update 21 (9.6.2.8797 or later) failed. (SEG-49827)
Solution 1: This issue is fixed in this release. Lua has been upgraded to version 5.2.4
Issue 2: [DSSEG-3420/SEG-43481] Certain data structures in the Deep Security Agent packet engine were cleaned up prematurely, leading to a kernel panic and system crash. Solution 2: The code has been modified to address the premature data structure clean up.
Issue 3: [DSSEG-3236/SEG-31021/SF00889757] In some cases, Integrity Monitoring events did not include the Entity Name. Solution 3: This issue is fixed in this release.
Update 11
Enhancement 1: [DSSEG-2596] Diagnostic package can collect AMSP logs during uninstall.
Issue 1: [DSSEG-3853/SEG-50957/02017109] When using Integrity Monitoring, the Deep Security Agent crashed when a monitored entity was deleted in Deep Security 11.0 Update 10. Solution 1: The issue is fixed in this release.
Update 12
Enhancement 1: [DSSEG-3872] Deep Security Agent log file statements will now include the Agent's timezone.
Issue 1: [DSSEG-4023] In some cases, the Tbimdsa driver did not correctly release spinlock, causing the system to hang. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-4013/SEG-52195/SF01954511] The heartbeat thread crashed due to a SQLite exception when getting Log Inspection events. Solution 2: This issue is fixed in this release.
Update 13
Issue 1: [DSSEG-3990/SEG-48011] The advanced network engine option "Maximum data size to store when packet data is captured" did not work. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3737/SEG-48075] When the system region format is "Chinese (Traditional, Hong Kong SAR)", Deep Security Notifier displayed simplified Chinese instead of traditional Chinese. Solution 2: This issue is fixed in this release.
Update 14
Issue 1: [DSSEG-4427/02229070/SEG-56937] The OS sometimes crashed when a RATT tool was used to collect driver logs. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-3890/SEG-49854/SF01949194] When machines wrote document files to a file server, Anti-Malware needed to scan the files frequently, which caused other machines to fail to write the file because the file was being scanned. Solution 2: This issue is fixed in this release. For modern OSs like Win2016 or Win2012, please reboot the machine to apply this enhancement after upgrading the Deep Security Agent.
Issue 3: [DSSEG-4418/SEG-55745/SF02179544] When the Application Control "Allow unrecognized software until it is explicitly blocked" option was enabled, running large unauthorized .jar files resulted in high CPU usage by the Deep Security Agent. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-4444] Deep Security Agent SSL inspection didn't work with a TLS/SSL connection in explicit mode. Solution 4: This issue is fixed in this release.
Update 15
Issue 1: [DSSEG-4624/02412251/SEG-59848] The "Type" attribute wasn't displayed in Integrity Monitoring events when the default "STANDARD" attribute was set to monitor registry value changes. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-4508] An incorrect reboot request event sometimes occurred. Solution 2: This issue is fixed in this release.
Issue 3: [DSSEG-4550/SEG-58776/SF02374650] When Integrity Monitoring real-time scans were enabled, too many file open events were being processed which caused high CPU usage. Solution 3: This issue is fixed in this release.
Issue 4: [DSSEG-4594/SEG-59559/SF02403807] Deep Security Behavior Monitoring sometimes generated false-alarm Anti-Malware events. Solution 4: This issue is fixed in this release.
Issue 5: [DSSEG-4633/SEG-60076/SF02419163] The Deep Security Agent Anti-Malware driver sometimes caused the black screen of death (BSOD) when it checked certain files. Solution 4: This issue is fixed in this release.
Update 17
Enhancement 1: Added support for Windows Server 2019 (LTSC, version 1903) (64-bit).
Issue 1: [DSSEG-4545/01780211/SEG-48175] When a Powershell script was executed it would generate temporary files in the temp folder which resulted in an excessive amount of drift and security events being reported. Solution 1: This issue is fixed in this release.
Issue 2: [DSSEG-4695/SEG-60169] Non-executable ini files that were opened with execute permissions resulted in security events which should not have been generated. Solution 2: This issue is fixed in this release.
Update 18
Issue 1: [SEG-60169/DSSEG-4942] When Application Control was enabled, there were too many software changes due to distributed file system replication. Solution 1: This issue is fixed in this release.
Issue 2: [SF02200526/SF02588698/SEG-55479/DSSEG-4932] Deep Security Agent stopped unexpectedly because of invalid memory access. Solution 2: This issue is fixed in this release.
Issue 3: [SF2435069/SEG-60528/DSSEG-4658] When Application Control was enabled with certain Java or Python based software, a high-volume of file events were created which caused high CPU usage. Solution 3: This issue is fixed in this release.
