What's new in Deep Security Manager?
For release notes from the long-term support release, see Deep Security Manager 11.0 readme.
For release notes from previous years, see Archived Deep Security Manager release notes.
Deep Security Manager - 11.0 update 26
Release date: April 08, 2021
Build number: 11.0.444
This release contains general improvements.
Deep Security Manager - 11.0 update 25
Release date: January 27, 2021
Build number: 11.0.442
- The auto-renew mechanism for the certificate used for TLS communication between Deep Security Manager and Deep Security Agent sometimes didn't work as expected. Expired certificates resulted in the manager and agents being unable to communicate with each other, which caused many offline agents to appear on the web console. SEG-79146/SF03240076/DSSEG-6322
- The Deep Security Manager console command used to set a preferred IP address for Deep Security Agents with multiple IPs was sometimes not working, causing agents to be unable to connect. SEG-92923/02614092/DSSEG-6506
- The Automatically delete Server Logs older than setting on Administration > System Settings > Storage appeared for tenants, when it should have only appeared for the primary tenant. SEG-92904/SF03895417/DSSEG-6434
Deep Security Manager - 11.0 update 24
Release date: October 19, 2020
Build number: 11.0.439
- For Oracle databases, a "Severe" message occurred in the server log after a fresh installation. DSSEG-6065
Deep Security Manager - 11.0 update 23
Release date: September 2, 2020
Build number: 11.0.438
- Deep Security verifies your signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-5875
- Upgrading to Deep Security Manager 11 was blocked if you had installed Deep Security Virtual Appliance into NSX-V 6.4.7 on ESXi 7.0. SEG-82636,/SEG-82637/DSSEG-5927
- The X-Forward-For data was not included with syslog events that were forwarded to a SIEM server. SEG-85234/SF03570971/DSSEG-6081
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-4652/03296737/DSSEG-5773/DSSEG-5815
Highest CVSS Score: 9.8
Highest Severity: Critical
Deep Security Manager - 11.0 update 22
Release date: July 15, 2020
Build number: 11.0.433
- An error occurred when properties were changed on the Log Inspection rule "1002729 - Default Rules Configuration" in Policy > Common Objects > Log Inspection Rules. SEG-77260/SF03263573/DSSEG-5734
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. SEG-70989/SF02964497/DSSEG-5655/DSSEG-5539/DSSEG-5887/DSSEG-5739
- Highest CVSS Score: 8.1
- Highest Severity: High
Deep Security Manager - 11.0 update 21
Release date: May 5, 2020
Build number: 11.0.427
- The manager node status widget would not show correct information for jobs or system events DSSEG-5353
- In Deep Security Manager, the wrong DNS name was displayed in the computer editor, under Overview > General > VMware Virtual Machine Summary. SEG-26103/DSSEG-2754
- When generating multiple reports simultaneously, sometimes the report data was not correct. SEG-73615/03011491/DSSEG-5430
- Deep Security Agents occasionally failed to download software components from the relays if multiple components are available at the same time SEG-66691/02707833/DSSEG-5426
- Rule updates couldn't be applied because of an issue with the Oracle database. SEG-66790/DSSEG-5356
- Amazon SNS settings were not saved when reverting to the basic SNS configuration from the JSON SNS configuration. SEG-46663/01717026/DSSEG-5515
- When you clicked the + button on the Dashboard, you couldn't type a new entry in the New Dashboard Name field. DSSEG-5534
Deep Security Manager - 11.0 update 20
Release date: March 18, 2020
Build number: 11.0.415
- When the "Untagged" filter was selected on the dashboard, some widgets continued to display tagged items. (SEG-63290/SF02585007/DSSEG-4911)
- After upgrading the Deep Security Manager, Intrusion Prevention packet data was not displayed because the "Data2" column was missing from the "PayloadLogDatas" table.
To add the column back to the table, execute the "Perform Database Upgrade" task through Deep Security Manager.
Deep Security Manager - 11.0 update 19
Release date: February 11, 2020
Build number: 11.0.408
- Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager. (DSSEG-4855)
- Added the following hidden setting command:
dsm_c -action changesetting -name com.trendmicro.ds.antimalware:settings.configuration.maxSelfExtractRTScanSizeMB -value 512
When Deep Security Agent could not determine the type of the target file, the scan engine loaded the file to memory to identify if it was a self-extract file. If there were many of these large files, the scan engine consumed lots of memory. Using the hidden command setting above, the file-size limitation is set to 512MB for loading target files. When the file-size exceeds the set limitation, the scan engine will skip this process and scan the file directly.
To implement this enhancement:
- Run this command in Deep Security Manager to change the value in the database.
- Send the policy to your target Deep Security Agent to deploy the setting.
- Shipping events to an external syslog servers was slow when the option to send extended event descriptions was enabled. This lead to unacceptable delays until events arrived at the syslog server. (SEG-60102/SF02315360/DSSEG-4819)
- When adding new dashboards in Deep Security Manager, if you clicked "+" on the Dashboard page and then pressed Enter several times in quick succession, multiple dashboards were created and the first dashboard would lose widgets. (SEG-67245/SF02792993/DSSEG-5088)
Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. (DSSEG-5170)
- Updated NGINX to 1.16.1 (DSSEG-4598)
- Updated JRE to the latest Bundled Patch Release (8.0.241/188.8.131.52) (DSSEG-5155)