What's new in Deep Security Agent?

For release notes from the long-term support LTS release, Deep Security Agent - Linux 12.0 readme.

Deep Security Agent - 12.0 update 30

Release date: May 4, 2023

Build number: 12.0.0-2932

Resolved issues

• An issue during component update sometimes caused the scan engine to be updated, even if the engine update was disabled. SF06390800/SEG-165036/DSSEG-7802

Deep Security Agent - 12.0 update 29

Release date: October 4, 2022

Build number: 12.0.0-2626

Enhancements

• Improved Intrusion Prevention performance when the "Bypass Network Scanner" rule is applied. SEG-132057/DSSEG-7621

Resolved issues

• Message "Newly applied ruleset will block some running processes on restart" was incorrectly shown during agent upgrade. DSSEG-7653
• Log Inspection Engine would go offline when using '$' character in match or regex fields together with variables. SEG-146965/SEG-146966/DSSEG-7665
• Valid IPv6 addresses reserved for IPv4/IPv6 translation would raise "Invalid IPv6 Address" errors. SEG-147969/DSSEG-7673

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7090/DSSEG-7647

Highest CVSS: 4.6

Highest severity: Medium

Deep Security Agent - 12.0 update 28

Release date: July 4, 2022

Build number: 12.0.0-2487

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7385/DSSEG-7563, VRTS-7647/DSSEG-7625, VRTS-7633/DSSEG-7599

Highest CVSS: 9.8

Highest severity: Critical

Resolved issues

• Application Control failed to block processes by hash until an inventory scan completed.

Deep Security Agent - 12.0 update 27

Release date: May 26, 2022

Build number: 12.0.0-2416

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7130/DSSEG-7528

CVSS: 7.5

Severity: High

Deep Security Agent - 12.0 update 26

Release date: April 28, 2022

Build number: 12.0.0-2380

Resolved issues

• With Intrusion Prevention enabled, a packet transmission error caused some system configurations to crash. SEG-136843/DSSEG-7524
• With Anti-Malware enabled, an issue delivering an event report caused Deep Security Agent to use an increasingly high amount of system memory. SF05247760/SEG-132286/DSSEG-7514
• A Deep Security Agent security update sometimes started, creating a "Security update in progress" event, but failed to complete. SF05253107/SEG-131983/DSSEG-7513

Deep Security Agent - 12.0 update 25

Release date: March 08, 2022

Build number: 12.0.0-2265

New features

Debian 11: Debian 11: Deep Security Agent (version 12.0-2265+) is now supported on Debian 11. This requires Deep Security Manager version 12.0.527+.

Resolved issues

• Deep Security Agent for Debian 11 (64-bit) failed to upgrade when triggered from the Deep Security Manager console. DSSEG-7465
• Application Control couldn't properly detect software changes or execution under some system configurations. DSSEG-7441

Enhancements

• Updated Deep Security Agent to improve Application Control performance when running in "maintenance mode." DSSEG-7354

Deep Security Agent - 12.0 update 24

Release date: January 24, 2022

Build number: 12.0.0-2201

Resolved issues

• When an Integrity Monitoring scan timed out it sometimes generated false "user", "group", "create", or "delete" events. DSSEG-7349
• A Deep Security Agent conflict with network interface controllers (NICs) caused systems with multiple NICs to crash. SEG-126094/05048124/DSSEG-7401

Deep Security Agent - 12.0 update 23

Release date: November 29, 2021

Build number: 12.0.0-2112

Enhancements

• With Anti-Malware real-time scan enabled, Deep Security Agent would sometimes scan unchanged files. DSSEG-7311

Resolved issues

• Deep Security Agent sometimes changed the access time of files during an on-demand Anti-Malware scan. SEG-79766/03352457/DSSEG-5817
• Deep Security Agent sometimes crashed when it could not connect to Deep Security Manager. DSSEG-7305
• Deep Security Agent sometimes caused connectivity issues, high CPU usage, or the system to crash. SEG-123885/SF04973642/DSSEG-7298
• If the Firewall kernel module download failed, Deep Security Agent sometimes would not retry the download, leading to "Firewall Engine Offline" events. SEG-122270/SF04907791/DSSEG-7261

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-7260

Highest CVSS: 7.8

Highest severity: High

Deep Security Agent - 12.0 update 22

Release date: November 01, 2021

Build number: 12.0.0-2072

Enhancements

• Updated Deep Security Agent to prevent agents upgraded from version 10.0 to 12.0 from losing their "NIC bypass" configuration (used for Bypassing a network interface). SEG-111757/SF04574021/DSSEG-7087

Resolved issues

• Deep Security Agent sometimes showed package signature errors during an upgrade because of a mismatched Certification Revocation List (CRL). DSSEG-7214
• A plugin version conflict sometimes prevented Deep Security Agent from retrieving KSP (Kernel Support Package) files from the relay. DSSEG-7244
• Deep Security Agent sometimes crashed due to an issue when cleaning up resources for inactive network connections. SEG-113291/DSSEG-7035
• If the Deep Security Agent service (ds_agent) was stopped during an Anti-Malware scan, the agent would sometimes crash on restart. DSSEG-7228

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6489/DSSEG-7237

Highest CVSS: 7.8

Highest severity: High

Deep Security Agent - 12.0 update 21

Release date: September 15, 2021

Build number: 12.0.0-1993

Resolved issues

• Deep Security Agent sometimes triggered multiple "Log Inspection Engine Initialized" or "Policy Sent" events due to a Network Interface Card (NIC) connectivity issue. SF03968169/SEG-95731/DSSEG-7039
• With Integrity Monitoring enabled, Deep Security Manager caused high CPU usage on the authentication server for some systems. SEG-110088/04488319/DSSEG-7072

Deep Security Agent - 12.0 update 20

Release date: August 04, 2021

Build number: 12.0.0-1908

Resolved issues

• Deep Security Agent upgrade (Administration > Updates > Software) sometimes failed if a previous (RPM package) upgrade was triggered using console commands. SEG-113583/SF04586071/DSSEG-7029
• Deep Security Agent sometimes lost connectivity while trying to establish an SSL connection. SEG-107451/DSSEG-7016
• Deep Security Agent was sometimes unable to connect to web applications on systems with older OS versions. SEG-109652/DSSEG-6992

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6032/DSSEG-6967

Highest CVSS: 9.8

Highest severity: High

Deep Security Agent - 12.0 update 19

Release date: July 06, 2021

Build number: 12.0.0-1845

Resolved issues

• When Intrusion Prevention was enabled, a compatibility issue caused the system to crash under some configurations. 03368009/SEG-81702/DSSEG-6898
• With Web Reputation enabled, Deep Security Agent caused connectivity issues for some third party software. SF04072723/SEG-97952/DSSEG-6810

Deep Security Agent - 12.0 update 18

Release date: May 27, 2021

Build number: 12.0.0-1789

Enhancements

• Updated Deep Security Agent (version 12.0.0-1789+) to add support for Entrust Root Certificate Authority (G2) certificates. Non-G2 security certificates will expire on 2022/07/09. After that time, only agents that have been upgraded to version 12.0.0-1789+ or higher will have the latest Anti-Malware Smart Scan protection. DSSEG-6904
• Updated Deep Security Agent's Anti-Malware default configuration to monitor file access from the local host only, improving compatibility for some file systems. DSSEG-6831

Resolved issues

• Deep Security Agent sometimes crashed when Intrusion Prevention was configured for SSL inspection. DSSEG-6909
• Deep Security Agent Anti-Malware Real-Time Scan was preventing some third party applications from running. SEG-104512/SF04245456/DSSEG-6894
• Anti-Malware Real-Time Scan caused unintentional file changes under some configurations. SEG-94769/SF03806819/DSSEG-6783
• Changed the kernel support package compression method to reduce its size for Ubuntu. DSSEG-6897

Deep Security Agent - 12.0 update 17

Release date: April 26, 2021

Build number: 12.0.0-1735

Enhancements

• Updated Deep Security Agent to improve real-time Integrity Monitoring performance. SEG-102276/SF04205359/DSSEG-6759

Resolved issues

• Deep Security Agent sometimes showed package signature errors during upgrade because of a mismatched Certification Revocation List (CRL). DSSEG-6826
• Application Control sometimes didn't add to the software inventory properly for files on certain drive types. SEG-103667/SF04227412/DSSEG-6756
• Deep Security Agent sometimes reported duplicates of a single Intrusion Prevention event. SEG-93125/SF03595899/DSSEG-6723
• Deep Security Agent sometimes encountered multiple "Record Layer Message (not ready)" Intrusion Prevention events, although the conditions that would normally trigger these events did not exist. A "Record Layer Message (not ready)" event normally indicates that the SSL state engine has encountered an SSL record before initialization of the session. SEG-101697/SF04203096/DSSEG-6739

Deep Security Agent - 12.0 update 16

Release date: March 22, 2021

Build number: 12.0.0-1655

Enhancements

• Updated Anti-Malware real-time scans for improved compatibility. DSSEG-5899
• Updated Deep Security Agent to improve Application Control inventory scanning performance. SEG-78295/03234667/DSSEG-6303

Resolved issues

• Real-time Integrity Monitoring sometimes did not match the exact directory specified by a user, but instead matched all paths that started with the base directory. SEG-97758/SF04046718/DSSEG-6636
• When Web Reputation was enabled, the system sometimes crashed. SF04258834/SEG-102756/DSSEG-6712
• When Application Control was in lock down mode, it was unable to build a proper software inventory in some cases. SEG-94173/SF03946250/DSSEG-6503
• Application Control was not allowing files in the ".install4j" directory to be added to the inventory, which prevented some applications from installing. SEG-100706/SF04166919/DSSEG-6674
• Deep Security Agent was sometimes unable to connect to the database when Intrusion Prevention was running. DSSEG-6641
• Application Control was not including scripts with a ".ksh" file extension in the recognized software inventory, causing those scripts to be blocked when they should have been allowed. SEG-100706/SF04166919/DSSEG-6658
• Deep Security Agent was sometimes unable to establish an SSL connection to the web server. SEG-93807/SF03773176/DSSEG-6624

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6440

Highest CVSS: 5.3

Highest severity: Medium

Deep Security Agent - 12.0 update 15

Release date: January 28, 2021

Build number: 12.0.0-1546

Enhancements

• Anti-Malware real-time scans sometimes did not work for Docker containers. DSSEG-6476

Resolved issues

• The Deep Security Agent SAP scanner was not properly identifying the format of certain files. DSSEG-6180
• Application Control sometimes caused CPU soft lockup. SEG-93033/SF03882268/DSSEG-6429
• In some circumstances, a large amount of memory consumption on AWS instances occurred. SEG-86654/SF03616828/DSSEG-6405
• Sometimes an SSL connection was not established when SSL inspection was enabled. DSSEG-6407
• When Anti-Malware real-time scans were enabled, Rancher Kubernetes pods sometimes couldn't be terminated gracefully. SEG-87824/SF03695639/DSSEG-6454
• The Deep Security Agent was sometimes unable to establish an SSL connection to the web server. SEG-93807/SF03773176/DSSEG-6556

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

Deep Security Agent - 12.0 update 14

Release date: November 12, 2020

Build number: 12.0.0-1436

Resolved issues

• The error "scheduling while atomic" occurred because the dsa_filter caused kernel panic. SEG-83207/SF03470132/DSSEG-6282
• The Anti-Malware driver showed warning messages during the initialization. SEG-92204/03784490/DSSEG-6389

Deep Security Agent - 12.0 update 13

Release date: October 1, 2020

Build number: 12.0.0-1373

Enhancements

• Improved Anti-Malware compatibility with third-party security protections. SEG-84563/03564043/DSSEG-6039
• Upgraded VMware NetX SDK to support VMware NSX 6.4.8
• Deep Security verifies the signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-5935
• If there are multiple IPs in the "X-Forwarded-For" tag of the HTTP header, the 1st IP among them will be retrieved. DSSEG-6183
• Updated the Integrity Monitoring scan completion time in Deep Security Manager events to display in seconds with a thousands separator. SEG-83194/SF03429936/DSSEG-6029

Resolved issues

• Real-time Anti-Malware with filesystem hooking enabled did not work on older kernel versions. SEG-82411/DSSEG-5991
• Deep Security Agent sometimes crashed when the "Scan for Integrity" scan was running. SEG-82795/03462751/DSSEG-6008
• The dsa_query command didn't display Anti-Malware patterns correctly. DSSEG-6073
• Deep Security Anti-Malware kernel modules were not unloaded successfully when ds_agent services stopped. SEG-83209/SF03512620/DSSEG-6043
• When Anti-Malware and Application Control were enabled, stopping the ds_agent service could cause high CPU usage. SEG-85738/SF03595067/DSSEG-6157
• The Deep Security Agent event "9105: Enable Relay Web Server Failed" occurred when the agent stopped. SEG-79615/03326180/DSSEG-6022
• An executable that was created and executed quickly was blocked by Application Control while in maintenance mode. DSSEG-6173
• When Anti-Malware real-time scans were enabled in Linux, the system sometimes crashed because of a compatibility issue with third-party security software based on kernel system call hooking. SEG-88135/SF03700563/DSSEG-6247
• "Out of Connection" Firewall events occurred when the network engine was set to "Tap mode". SEG-87155/SF03644367/DSSEG-6270
• Some Intrusion Prevention events did not include the XFF header. SEG-81986/03419140/DSSEG-5936

Notices

Deep Security Appliance 9.5 has reached End of Support and can't be upgrade to this release. DSSEG-5938

Deep Security Agent - 12.0 update 12

Release date: August 19, 2020

Build number: 12.0.1278

Enhanced platform support

• CloudLinux 8 (64-bit)

Enhancements

• You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017

This enhancement requires Deep Security Manager FR 2019-10-23 or later.

Resolved issues

• When Anti-Malware real-time scans were enabled in Linux, sometimes the system crashed because buffers from procfs were not validated. SEG-80183/DSSEG-5884
• Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
• Agent self-protection did not protect Deep Security Notifier. SEG-76015/SF03168155/DSSEG-5920
• When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
• When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event./DSSEG-5879
• When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
• Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions as security updates. SEG-82072/03273761/DSSEG-5953
• Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade, which was caused by the file creation time change./DSSEG-5928
• When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred./DSSEG-5988
• When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-5255

CVSS score: 7.8

Severity: High

• Updated to curl 7.67.0.
• Updated to openssl-1.0.2t.

Deep Security Agent - 12.0 update 11

Release date: July 9, 2020

Build number: 12.0.1186

Enhancements

• Application Control includes script files with the ".cron" extension as part of the inventory. SEG-76680/SF03240341/DSSEG-5685
• Integrity Monitoring detects changes to the "setuid" and "setgid" attributes for Linux and Unix platforms. SEG-78797/DSSEG-5732
• Real-time Integrity Monitoring explicitly matches the directory specified in the base directory. Previously, it matched all paths that started with the base directory. SEG-79112/03301290/DSSEG-5767

Resolved issues

• The Anti-Malware driver caused system hang on Linux platforms where autofs was used. SEG-78320/SF03199934/DSSEG-5718
• A high amount of CPU was used wen Deep Security real-time Anti-Malware scans were enabled on Linux platforms. SEG-75739/SF03036857/DSSEG-5836
• When Application Control was enabled it would sometimes cause the agent to periodically restart. SEG-79922/DSSEG-5823/SEG-75985/SF03184883/DSSEG-5843
• Kernel Panic occurred when Web Reputation, Firewall, or Intrusion Prevention were enabled. SEG-80201/SF03332691/DSSEG-5846

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

• Updated Nginx to 1.18.0.

SEG-78524/SF03321021/DSSEG-5749

Deep Security Agent - 12.0 update 10

Release date: May 28, 2020

Build number: 12.0.1090

New features

Enhanced platform support

• Ubuntu 20.04 (64-bit)

Improved management and quality

Instance Metadata Service Version 2 (IMDSv2) support: IMDSv2 is supported with Deep Security Manager 12.0 update 10. For details, see How does Deep Security Agent use the Amazon Instance Metadata Service? DSSEG-5422

Enhancement

• Excluded Ceph from file system kernel hooking to prevent kernel panic. DSSEG-5584
• Continued to improve the Account Domain Authentication experience. SEG-73480/SF02989282/DSSEG-5661

Resolved issues

• There was an upgrade issue with Deep Security Agent which would sometimes prevent the agent from going online if Integrity Monitoring or Log Inspection was enabled. SEG-75769/SF03196478/DSSEG-5596
• Deep Security Agent reported incorrect network interface information. SEG-77161/DSSEG-5644
• There were detection issues with real-time Anti-Malware scans. SEG-72928/SF03050515/DSSEG-5362
• Application Control did not include scripts with the extension ".bash" in the inventory. This resulted in these scripts being blocking in lock down mode. SEG-73174/SF03063609/DSSEG-5381
• In certain circumstances, Application Control caused the agent to go offline and restart. SEG-74143/SF03119820/DSSEG-5524
• Deep Security Agent on Linux would sometimes crash. SEG-76460/SF03218198/DSSEG-5623
• After a real-time Anti-Malware scan, the system occasionally became unresponsive. SEG-76430/SF02537903/DSSEG-5629

Deep Security Agent - 12.0 update 9

Release date: May 4, 2020

Build number: 12.0.1026

Enhancements

• Added support for Security-Enhanced Linux (SELinux) enforcing mode on Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Deep Security Agent is compatible with the default SELinux policies. Anti-Malware software such as ds_agent is required to run in an unconfined domain in order to protect the system. Any additional SELinux policy customization or configuration might be blocked or fail because of ds_agent.

Resolved issues

• Anti-Malware directory exclusion with wildcard didn't match subdirectories correctly. SF03131855/SEG-74892/DSSEG-5543
• If you enabled real-time Integrity Monitoring, it would sometimes slow down Account Domain Authentication. SEG-73480/DSSEG-5592
• Anti-Malware sometimes couldn't be applied successfully when an Anti-Malware engine update was performed. DSSEG-5483
• Application Control occasionally appeared offline when Application Control and Anti-Malware were enabled at the same time. (DSSEG-5383/SEG-72885)
• In the Actions tab, Application Control displayed computers with software changes pending for approval or denial; however, when the computers detail window was opened, there were no events reported. SEG-74084/SF03106203/DSSEG-5449
• Application Control occasionally appeared offline when Application Control and Anti-Malware were enabled at the same time. SEG-72885/03036072/DSSEG-5383
• The Anti-Malware engine on Deep Security Virtual Appliance went offline when the signer field in the Census server reply was empty. SEG-73047/SF03065452/DSSEG-5447

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. DSSEG-5280

Deep Security Agent - 12.0 update 8

Release date: April 1, 2020

Build number: 12.0.0-967

Enhancements

• Added the ability for Deep Security Agent Anti-Malware to scan compressed files no matter their data types when IntelliScan is disabled. (SEG-71425/02971395/DSSEG-5306)
• Enhanced Anti-Malware file/folder exclusions by adding support for environment variables that contain brackets, such as "(" or ")". (DSSEG-5260)

Resolved issues

• Web Reputation, Firewall, Intrusion Prevention, and Log Inspection couldn't be enabled correctly when the system locale was set to Turkish. (SEG-71825/SF03021819/DSSEG-5351)
• When real-time Integrity Monitoring was enabled with the rule "1002875: Unix Add/Remove Software" applied, the RPM database potentially locked. (SEG-67275/SF02663756/DSSEG-5308)
• When a security update was triggered before Anti-Malware was ready, the security updates failed. (DSSEG-5361)
• Enabling Log Inspection caused Deep Security Agent to crash. (SEG-61106/SEG-42752/DSSEG-5225)
• Some real-time Integrity Monitoring changes were not detected in the /var directory. (SEG-72584/02982752/DSSEG-5346)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. (DSSEG-3771)

Deep Security Agent - 12.0 update 7

Release date: February 28, 2020

Build number: 12.0.0-911

Enhancements

• Increased the scan engine's URI path length limitation. (SEG-61309/DSSEG-5245)

Resolved issues

• Deep Security Agent real-time Anti-Malware scans didn't work correctly with Linux kernel 5.5. (DSSEG-5209)
• Deep Security Agent real-time Anti-Malware scans didn't work correctly with Debian 10 kernel 5.4. (DSSEG-5153)
• The displayed packet header data contained redundant payload data. (DSSEG-4762)
• After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. (DSSEG-5156)
• Deep Security Virtual Appliance sometimes went offline. (DSSEG-5184)
• Deep Security Agent Anti-Malware would attempt to get container information with an invalid container ID in Anti-Malware Event. (SEG-69502/SF02915821/DSSEG-5186)
• Memory leaked during SSL decryption because of a flaw in the SSL processing. (DSSEG-5142)
• Deep Security Agent real-time Anti-Malware scans didn't work correctly with Debian 10 kernel 5.3.0-0.bpo.2-amd64. (DSSEG-5135)
• Log Inspection event processing caused the Deep Security Agent to restart abnormally. (DSSEG-5228)
• On specific Deep Security Agent servers the CPU usage spiked to 100% and pattern merges failed during the active update process. (SEG-66210/02711299/DSSEG-5152)

Security Updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Response.

• Updated SQLite to 3.30.1. (DSSEG-5103)

Deep Security Agent - 12.0 update 6

Release date: January 17, 2020

Build number: 12.0.0-817

Enhancements

• Improved real-time Anti-Malware performance when executing a Docker pull command on Linux. (SF02181241/SEG-54744/DS-38060)

Resolved issues

• Anti-Malware on-demand scans did not work properly when the root directory was set to "/" in the scan directory inclusion lists. (SEG-66679/02756807/DSSEG-5052)
• Memory leaks occurred in Anti-Malware if file attributes couldn't be retrieved. (SEG-67374/DSSEG-5063)
• Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SEG-48728/SF01919585/DSSEG-4995)
• After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. (SEG-60728/DSSEG-5094)

For release notes from the long-term support LTS release, Deep Security Agent - Windows 12.0 readme.

Deep Security Agent - 12.0 update 30

Release date: May 4, 2023

Build number: 12.0.0-2932

Enhancements

• Deep Security Agent installation now verifies if the operating system meets Azure Code Signing (ACS) requirements. For more information, see Trend Micro Server and Endpoint Protection Agent Minimum Windows Version Requirements. DSSEG-7813

Resolved issues

• When Integrity Monitoring rules using "UserSet" or "GroupSet" were enabled for a Deep Security Agent on Windows Active Directory Domain Controllers, excessive CPU and memory consumption would sometimes occur. Deep Security Agent 12.0.0-2932 blocks these types of Integrity Monitoring rules on Windows Active Directory domain controllers and generates an "Inapplicable Integrity Monitoring Rule" event. SF06082644/SEG-155804/DSSEG-7725
• An issue during component update sometimes caused the scan engine to be updated, even if the engine update was disabled. SF06390800/SEG-165036/DSSEG-7802

Deep Security Agent - 12.0 update 29

Release date: October 4, 2022

Build number: 12.0.0-2626

Enhancements

• Improved Intrusion Prevention performance when the "Bypass Network Scanner" rule is applied. SEG-132057/DSSEG-7621

Resolved issues

• Message "Newly applied ruleset will block some running processes on restart" was incorrectly shown during agent upgrade. DSSEG-7653
• Log Inspection Engine would go offline when using '$' character in match or regex fields together with variables. SEG-146965/SEG-146966/DSSEG-7665
• Valid IPv6 addresses reserved for IPv4/IPv6 translation would raise "Invalid IPv6 Address" errors. SEG-147969/DSSEG-7673

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7090/DSSEG-7647

Highest CVSS: 4.6

Highest severity: Medium

Deep Security Agent - 12.0 update 28

Release date: July 4, 2022

Build number: 12.0.0-2487

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7385/DSSEG-7563, VRTS-7647/DSSEG-7625, VRTS-7633/DSSEG-7599

Highest CVSS: 9.8

Highest severity: Critical

Resolved issues

• Application Control failed to block processes by hash until an inventory scan completed.

Deep Security Agent - 12.0 update 27

Release date: May 26, 2022

Build number: 12.0.0-2416

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7130/DSSEG-7528

CVSS: 7.5

Severity: High

Deep Security Agent - 12.0 update 26

Release date: April 28, 2022

Build number: 12.0.0-2380

Resolved issues

• With Anti-Malware enabled, an issue delivering an event report caused Deep Security Agent to use an increasingly high amount of system memory. SF05247760/SEG-132286/DSSEG-7514
• With Intrusion Prevention enabled, a packet transmission error caused some system configurations to crash. SEG-136843/DSSEG-7524

Deep Security Agent - 12.0 update 25

Release date: March 08, 2022

Build number: 12.0.0-2265

New features

Windows 10 21H2: Deep Security Agent (version 12.0-2265+) is now supported on Windows 10 21H2.

Resolved issues

• Manual, scheduled, and real-time Anti-Malware scans were not working on systems running VMware due to a driver conflict. DSSEG-7397
• Deep Security Agent sometimes accepted policy change parameters even if password verification failed. SEG-129643/DSSEG-7431
• An Anti-Malware driver conflict caused Citrix Virtual and Desktop Applications to freeze. SEG-131549/DSSEG-7495

Enhancements

• Updated Deep Security Agent to improve Application Control performance when running in "maintenance mode." DSSEG-7354

Deep Security Agent - 12.0 update 24

Release date: January 24, 2022

Build number: 12.0.0-2201

This release contains general improvements.

Deep Security Agent - 12.0 update 23

Release date: November 29, 2021

Build number: 12.0.0-2112

Resolved issues

• Deep Security Agent sometimes crashed when it could not connect to Deep Security Manager. DSSEG-7305
• Deep Security Agent sometimes caused connectivity issues, high CPU usage, or the system to crash. SEG-123885/SF04973642/DSSEG-7298

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-7255

Highest CVSS: 7.8

Highest severity: High

Deep Security Agent - 12.0 update 22

Release date: November 01, 2021

Build number: 12.0.0-2072

Resolved issues

• Deep Security Agent sometimes showed package signature errors during an upgrade because of a mismatched Certification Revocation List (CRL). DSSEG-7214
• A plugin version conflict sometimes prevented Deep Security Agent from retrieving KSP (Kernel Support Package) files from the relay. DSSEG-7244
• Deep Security Agent sometimes crashed due to an issue when cleaning up resources for inactive network connections. SEG-113291/DSSEG-7035
• If the Deep Security Agent service (ds_agent) was stopped during an Anti-Malware scan, the agent would sometimes crash on restart. DSSEG-7228

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6489/DSSEG-7237

Highest CVSS: 7.8

Highest severity: High

Deep Security Agent - 12.0 update 21

Release date: September 15, 2021

Build number: 12.0.0-1993

Resolved issues

• With Anti-Malware enabled, Deep Security Agent caused connectivity issues for third-party software on some systems. SF04087024/SEG-100464/DSSEG-7069
• Deep Security Agent sometimes triggered multiple "Log Inspection Engine Initialized" or "Policy Sent" events due to a Network Interface Card (NIC) connectivity issue. SF03968169/SEG-95731/DSSEG-7039

Deep Security Agent - 12.0 update 20

Release date: August 04, 2021

Build number: 12.0.0-1908

Enhanced platform support

• Windows 10 21H2: Deep Security Agent (version 12.0.0-1908+) now supports Windows 10 21H1.

Resolved issues

• Deep Security Agent sometimes lost connectivity while trying to establish an SSL connection. SEG-107451/DSSEG-7016
• Deep Security Agent was sometimes unable to connect to web applications on systems with older OS versions. SEG-109652/DSSEG-6992

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6032/DSSEG-6967

Highest CVSS: 9.8

Highest severity: High

Deep Security Agent - 12.0 update 19

Release date: July 06, 2021

Build number: 12.0.0-1845

Resolved issues

• With Web Reputation enabled, Deep Security Agent caused connectivity issues for some third party software. SF04072723/SEG-97952/DSSEG-6810

Deep Security Agent - 12.0 update 18

Release date: May 27, 2021

Build number: 12.0.0-1789

Resolved issues

• Deep Security Agent sometimes created unnecessary "User (Created/Deleted)" or "Group (Added/Removed/Updated)" events. SEG-96947/SF04034198/DSSEG-6837
• Deep Security Agent sometimes crashed when Intrusion Prevention was configured for SSL inspection. DSSEG-6909
• Deep Security Agent sometimes displayed duplicate "Invalid Flag" Firewall events. DSSEG-6835
• Deep Security Agent crashed under some configurations when the Anti-Malware module was running. SEG-101968/SF04225628/DSSEG-6791

Deep Security Agent - 12.0 update 17

Release date: April 26, 2021

Build number: 12.0.0-1735

Enhanced platform support

• Windows 10 20H2

Enhancements

• Updated Deep Security Agent to use the latest Windows cross-signing options. DSSEG-6820

Resolved issues

• Deep Security Agent sometimes showed package signature errors during upgrade because of a mismatched Certification Revocation List (CRL). DSSEG-6826
• Application Control sometimes didn't add to the software inventory properly for files on certain drive types. SEG-103667/SF04227412/DSSEG-6756
• Deep Security Agent sometimes reported duplicates of a single Intrusion Prevention event. SEG-93125/SF03595899/DSSEG-6723
• Deep Security Agent sometimes encountered multiple "Record Layer Message (not ready)" Intrusion Prevention events, although the conditions that would normally trigger these events did not exist. A "Record Layer Message (not ready)" event normally indicates that the SSL state engine has encountered an SSL record before initialization of the session. SEG-101697/SF04203096/DSSEG-6739

Deep Security Agent - 12.0 update 16

Release date: March 22, 2021

Build number: 12.0.0-1655

Enhancements

• Updated Deep Security Agent to improve Application Control inventory scanning performance. SEG-78295/03234667/DSSEG-6303

Resolved issues

• Real-time Integrity Monitoring sometimes did not match the exact directory specified by a user, but instead matched all paths that started with the base directory. SEG-97758/SF04046718/DSSEG-6636
• When Application Control was in lock down mode, it was unable to build a proper software inventory in some cases. SEG-94173/SF03946250/DSSEG-6503
• The Deep Security Agent sometimes crashed when running Intrusion Prevention in passive mode. DSSEG-6385
• Application Control was not allowing files in the ".install4j" directory to be added to the inventory, which prevented some applications from installing. SEG-100706/SF04166919/DSSEG-6674
• Behavior Monitoring exceptions sometimes did not work properly. SEG-89899/SF03775351/DSSEG-6485
• Application Control was not including scripts with a ".ksh" file extension in the recognized software inventory, causing those scripts to be blocked when they should have been allowed. SEG-100706/SF04166919/DSSEG-6658

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6440

Highest CVSS: 5.3

Highest severity: Medium

Deep Security Agent - 12.0 update 15

Release date: January 28, 2021

Build number: 12.0.0-1546

Resolved issues

• In some circumstances, a large amount of memory consumption on AWS instances occurred. SEG-86654/SF03616828/DSSEG-6405
• Sometimes an SSL connection was not established when SSL inspection was enabled. DSSEG-6407

Deep Security Agent - 12.0 update 14

Release date: November 12, 2020

Build number: 12.0.0-1436

There are no changes for the Windows Deep Security Agents this release.

Deep Security Agent - 12.0 update 13

Release date: October 1, 2020

Build number: 12.0.0-1373

Enhancements

• Deep Security verifies the signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-5935
• Updated the Integrity Monitoring scan completion time in Deep Security Manager events to display in seconds with a thousands separator. SEG-83194/SF03429936/DSSEG-6029

Resolved issues

• Deep Security Agent crashed unexpectedly because it was unable to detect the Docker engine version on Windows Servers. DSSEG-6075
• Deep Security Notifier sometimes turned the Antivirus status in the Windows action center on and off, which caused high CPU usage. SEG-73189/SF03037857/DSSEG-6004
• Deep Security Agent sometimes crashed when the "Scan for Integrity" scan was running. SEG-82795/03462751/DSSEG-6008
• An executable that was created and executed quickly was blocked by Application Control while in maintenance mode. /DSSEG-6173
• If there are multiple IPs in the "X-Forwarded-For" tag of the HTTP header, the 1st IP among them will be retrieved. /DSSEG-6183
• "Out of Connection" Firewall events occurred when the network engine was set to "Tap mode". SEG-87155/SF03644367/DSSEG-6270
• Some Intrusion Prevention events did not include the XFF header. SEG-81986/03419140/DSSEG-5936

Deep Security Agent - 12.0 update 12

Release date: August 19, 2020

Build number: 12.0.1278

Enhanced platform support

• Windows 10 20H1 v2004 (64 & 86)
• Windows Server Core 20H1 v2004

Enhancements

• You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017

This enhancement requires Deep Security Manager FR 2019-10-23 or later.

Resolved issues

• Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
• Agent self-protection did not protect Deep Security Notifier SEG-76015/SF03168155/DSSEG-5920
• When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
• When a re-transmission packet with new packets was sent, it sometimes produced an "Unsupported SSL Version" Intrusion Prevention event. /DSSEG-5879
• When there was a Log Inspection database corruption issue, it did not affect the Log Inspection status on the Deep Security Manager. SEG-77081/02984526/DSSEG-5726
• Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5953
• When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred. /DSSEG-5988
• When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

CVSS score: 7.8

Severity: High

• Updated to curl 7.67.0.
• Updated to openssl-1.0.2t.

Deep Security Agent - 12.0 update 11

Release date: July 9, 2020

Build number: 12.0.1186

Enhancements

• Application Control includes script files with the ".cron" extension as part of the inventory. SEG-76680/SF03240341/DSSEG-5685
• Real-time Integrity Monitoring explicitly matches the directory specified in the base directory. Previously, it matched all paths that started with the base directory. SEG-79112/03301290/DSSEG-5767

Resolved issues

• When Integrity Monitoring was enabled, the owner of a file was incorrectly changed to a user that did not exist. DSSEG-5731

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

• Updated Nginx to 1.18.0.

SEG-78524/SF03321021/DSSEG-5749

Deep Security Agent - 12.0 update 10

Release date: May 28, 2020

Build number: 12.0.1090

New features

Improved management and quality

Instance Metadata Service Version 2 (IMDSv2) support: IMDSv2 is supported with Deep Security Manager 12.0 update 10. For details, see How does Deep Security Agent use the Amazon Instance Metadata Service? DSSEG-5422

Enhancements

• Continued to improve the Account Domain Authentication experience. SEG-73480/SF02989282/DSSEG-5661

Resolved issues

• There were detection issues with real-time Anti-Malware scans. SEG-72928/SF03050515/DSSEG-5362
• The agent computer sometimes crashed when Anti-Malware was enabled. SEG-75451/SF03174016/DSSEG-5602
• In certain circumstances, Application Control caused the agent to go offline and restart. SEG-74143/SF03119820/DSSEG-5524
• After a real-time Anti-Malware scan, the system occasionally became unresponsive. SEG-76430/SF02537903/DSSEG-5629

Deep Security Agent - 12.0 update 9

Release date: May 4, 2020

Build number: 12.0.1026

Resolved issues

• When Intrusion Prevention was enabled and IP fragmentation packets with the same position but different payloads were received, the engine chose to use the later one instead of the earlier one to assemble the payload. In this case, the payload integrity check would lead to a packet drop for this connection. SEG-70386/DSSEG-5428
• The Anti-Malware driver sometimes caused the RDP process to hang. If you're running a modern OS (newer than Windows 7, for example), reboot your system after the Anti-Malware driver has been applied. SF03060355/SEG-72751/DSSEG-5391
• Application Control occasionally appeared offline when Application Control and Anti-Malware were enabled at the same time. DSSEG-5383/SEG-72885
• In the Actions tab, Application Control displayed computers with software changes pending for approval or denial; however, when the computers detail window was opened, there were no events reported. SEG-74084/SF03106203/DSSEG-5449
• Application Control occasionally appeared offline when Application Control and Anti-Malware were enabled at the same time. SEG-72885/03036072/DSSEG-5383
• The Anti-Malware engine on Deep Security Virtual Appliance went offline when the signer field in the Census server reply was empty. SEG-73047/SF03065452/DSSEG-5447
• The Anti-Malware driver sometimes caused the RDP process to hang. Note: If you're running a modern OS (newer than Windows 7, for example), reboot your system after the Anti-Malware driver has been applied. SEG-72751/SF03060355/DSSEG-5391

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. DSSEG-5280

Deep Security Agent - 12.0 update 8

Release date: April 1, 2020

Build number: 12.0.0-967

Enhancements

• Added the ability for Deep Security Agent Anti-Malware to scan compressed files no matter their data types when IntelliScan is disabled. (SEG-71425/02971395/DSSEG-5306)
• Enhanced Anti-Malware file/folder exclusions by adding support for environment variables that contain brackets, such as "(" or ")". (DSSEG-5260)

Resolved issues

• Web Reputation, Firewall, Intrusion Prevention, and Log Inspection couldn't be enabled correctly when the system locale was set to Turkish. (SEG-71825/SF03021819/DSSEG-5351)
• When real-time Integrity Monitoring was enabled with the rule "1002875: Unix Add/Remove Software" applied, the RPM database potentially locked. (SEG-67275/SF02663756/DSSEG-5308)
• When a security update was triggered before Anti-Malware was ready, the security updates failed. (DSSEG-5361)
• Enabling Log Inspection caused Deep Security Agent to crash. (SEG-61106/SEG-42752/DSSEG-5225)
• Some real-time Integrity Monitoring changes were not detected in the /var directory. (SEG-72584/02982752/DSSEG-5346)
• The Behavior Monitoring feature of Anti-Malware sometimes raised false alarms. (SEG-61282/SF02431397/DSSEG-4997)
• Deep Security Agent restarted unexpectedly because of the way Log Inspection was accessing the SQLite database. (SEG-71302/02970735/DSSEG-5309)
• There were blank lines at the top of the eula file in the windows installer. (DSSEG-5348)
• Anti-malware sometimes caused a memory leak. (DSSEG-5323)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. (DSSEG-3771)

Deep Security Agent - 12.0 update 7

Release date: February 28, 2020

Build number: 12.0.0-911

Enhancements

• Increased the scan engine's URI path length limitation. (SEG-61309/DSSEG-5245)

Resolved issues

• When Application Control was enabled, there were too many software changes due to distributed file system replication. (SEG-60169/DSSEG-5031)
• The displayed packet header data contained redundant payload data. (DSSEG-4762)
• Using Octupus Deploy with Application Control resulted in Powershell execution errors. (SEG-67037/02655196/DSSEG-5084)
• Deep Security Agent Anti-Malware would attempt to get container information with an invalid container ID in Anti-Malware Event. (SEG-69502/SF02915821/DSSEG-5186)
• Log Inspection event processing caused the Deep Security Agent to restart abnormally. (DSSEG-5228)
• On specific Deep Security Agent servers the CPU usage spiked to 100% and pattern merges failed during the active update process. (SEG-66210/02711299/DSSEG-5152)
• When Application Control was enabled, there were too many software changes due to distributed file system replication. (SEG-60169/DSSEG-5031)

Security Updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Response.

• Updated SQLite to 3.30.1. (DSSEG-5103)

Deep Security Agent - 12.0 update 6

Release date: January 17, 2020

Build number: 12.0.0-817

 

Resolved issues

• Added platform support for Windows Server 2019 19H2 version 1909 and Windows 10 19H2 version 1909. (DSSEG-4782)
• Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SEG-48728/SF01919585/DSSEG-4995)
• Integrity Monitoring did not handle Russian characters correctly in files that were scanned in real-time. (SEG-64071/SF02608976/DSSEG-4983)
• After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. (SEG-60728/DSSEG-5094)

For release notes from the long-term support LTS release, Deep Security Agent - Unix 12.0 readme.

Deep Security Agent - 12.0 update 30

Release date: May 4, 2023

Build number: 12.0.0-2932

Resolved issues

• An issue during component update sometimes caused the scan engine to be updated, even if the engine update was disabled. SF06390800/SEG-165036/DSSEG-7802

Deep Security Agent - 12.0 update 29

Release date: October 4, 2022

Build number: 12.0.0-2626

Enhancements

• Improved Intrusion Prevention performance when the "Bypass Network Scanner" rule is applied. SEG-132057/DSSEG-7621

Resolved issues

• Message "Newly applied ruleset will block some running processes on restart" was incorrectly shown during agent upgrade. DSSEG-7653
• Log Inspection Engine would go offline when using '$' character in match or regex fields together with variables. SEG-146965/SEG-146966/DSSEG-7665
• Valid IPv6 addresses reserved for IPv4/IPv6 translation would raise "Invalid IPv6 Address" errors. SEG-147969/DSSEG-7673

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7090/DSSEG-7647

Highest CVSS: 4.6

Highest severity: Medium

Deep Security Agent - 12.0 update 28

Release date: July 4, 2022

AIX Build number: 12.0.0-2504
Solaris Build number: 12.0.0-2487

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7385/DSSEG-7563, VRTS-7647/DSSEG-7625, VRTS-7633/DSSEG-7599

Highest CVSS: 9.8

Highest severity: Critical

Deep Security Agent - 12.0 update 27

Release date: May 26, 2022

Build number: 12.0.0-2416

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-7130/DSSEG-7528

CVSS: 7.5

Severity: High

Deep Security Agent - 12.0 update 26

Release date: April 28, 2022

Build number: 12.0.0-2380

Resolved issues

• With Anti-Malware enabled, an issue delivering an event report caused Deep Security Agent to use an increasingly high amount of system memory. SF05247760/SEG-132286/DSSEG-7514
• With Intrusion Prevention enabled, a packet transmission error caused some system configurations to crash. SEG-136843/DSSEG-7524

Deep Security Agent - 12.0 update 25

Release date: March 08, 2022

Build number: 12.0.0-2265

Resolved issues

• Log Inspection was unable to parse system logs containing a single digit date format. SF04562942/SEG-115435/DSSEG-7476

Enhancements

• Updated Deep Security Agent to improve Application Control performance when running in "maintenance mode." DSSEG-7354

Deep Security Agent - 12.0 update 24

Release date: January 24, 2022

Build number: 12.0.0-2201

This release contains general improvements.

Deep Security Agent - 12.0 update 23

Release date: November 29, 2021

Build number: 12.0.0-2112

Resolved issues

• Deep Security Agent sometimes crashed when it could not connect to Deep Security Manager. DSSEG-7305
• Deep Security Agent sometimes caused connectivity issues, high CPU usage, or the system to crash. SEG-123885/SF04973642/DSSEG-7298

Deep Security Agent - 12.0 update 22

Release date: November 01, 2021

Build number: 12.0.0-2072

Resolved issues

• Deep Security Agent sometimes showed package signature errors during an upgrade because of a mismatched Certification Revocation List (CRL). DSSEG-7214
• Deep Security Agent sometimes crashed due to an issue when cleaning up resources for inactive network connections. SEG-113291/DSSEG-7035
• If the Deep Security Agent service (ds_agent) was stopped during an Anti-Malware scan, the agent would sometimes crash on restart. DSSEG-7228

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6489/DSSEG-7237

Highest CVSS: 7.8

Highest severity: High

Deep Security Agent - 12.0 update 21

Release date: September 15, 2021

Build number: 12.0.0-1993

Resolved issues

• Deep Security Agent sometimes triggered multiple "Log Inspection Engine Initialized" or "Policy Sent" events due to a Network Interface Card (NIC) connectivity issue. SF03968169/SEG-95731/DSSEG-7039
• With Integrity Monitoring enabled, Deep Security Agent sometimes produced create and delete events for Users and Groups that were not actually being created or deleted. SEG-100159/SF04158229/DSSEG-6806
• With Integrity Monitoring enabled, Deep Security Manager caused high CPU usage on the authentication server for some systems. SEG-110088/04488319/DSSEG-7072

Deep Security Agent - 12.0 update 20

Release date: August 04, 2021

Build number: 12.0.0-1908

Resolved issues

• With Integrity Monitoring enabled, Deep Security Agent sometimes produced create and delete events for users and groups that were not actually being created or deleted. SF04158229/SEG-100159/DSSEG-7015
• Deep Security Agent sometimes lost connectivity while trying to establish an SSL connection. SEG-107451/DSSEG-7016
• Deep Security Agent was sometimes unable to connect to web applications on systems with older OS versions. SEG-109652/DSSEG-6992

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6032/DSSEG-6967

Highest CVSS: 9.8

Highest severity: High

Deep Security Agent - 12.0 update 19

Release date: July 06, 2021

Build number: 12.0.0-1845

Resolved issues

• With Web Reputation enabled, Deep Security Agent caused connectivity issues for some third party software. SF04072723/SEG-97952/DSSEG-6810

Deep Security Agent - 12.0 update 18

Release date: May 27, 2021

Build number: 12.0.0-1789

Enhancements

• Updated Deep Security Agent (version 12.0.0-1789+) to add support for Entrust Root Certificate Authority (G2) certificates. Non-G2 security certificates will expire on 2022/07/09. After that time, only agents that have been upgraded to version 12.0.0-1789+ or higher will have the latest Anti-Malware Smart Scan protection. DSSEG-6904
• Updated Deep Security Agent to include a network driver debut log output for AIX. DSSEG-6896

Resolved issues

• The Deep Security Agent for AIX 6.1 sometimes failed the software update from 12.0 to 20.0. DSSEG-6805
• Deep Security Agent sometimes crashed when Intrusion Prevention was configured for SSL inspection. DSSEG-6909

Deep Security Agent - 12.0 update 17

Release date: April 26, 2021

Build number: 12.0.0-1735

Resolved issues

• Deep Security Agent sometimes showed package signature errors during upgrade because of a mismatched Certification Revocation List (CRL). DSSEG-6826
• Application Control sometimes didn't add to the software inventory properly for files on certain drive types. SEG-103667/SF04227412/DSSEG-6756
• Deep Security Agent sometimes encountered multiple "Record Layer Message (not ready)" Intrusion Prevention events, although the conditions that would normally trigger these events did not exist. A "Record Layer Message (not ready)" event normally indicates that the SSL state engine has encountered an SSL record before initialization of the session. SEG-101697/SF04203096/DSSEG-6739

Deep Security Agent - 12.0 update 16

Release date: March 22, 2021

Build number: 12.0.0-1655

Enhancements

• Updated Deep Security Agent to improve Application Control inventory scanning performance. SEG-78295/03234667/DSSEG-6303

Resolved issues

• Real-time Integrity Monitoring sometimes did not match the exact directory specified by a user, but instead matched all paths that started with the base directory. SEG-97758/SF04046718/DSSEG-6636
• When Application Control was in lock down mode, it was unable to build a proper software inventory in some cases. SEG-94173/SF03946250/DSSEG-6503
• Application Control was not including scripts with a ".ksh" file extension in the recognized software inventory, causing those scripts to be blocked when they should have been allowed. SEG-100706/SF04166919/DSSEG-6658

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6440

Highest CVSS: 5.3

Highest severity: Medium

Deep Security Agent - 12.0 update 15

Release date: January 28, 2021

Build number: 12.0.0-1546

Resolved issues

• In some circumstances, a large amount of memory consumption on AWS instances occurred. SEG-86654/SF03616828/DSSEG-6405

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

Deep Security Agent - 12.0 update 14

Release date: November 12, 2020

Build number: 12.0.0-1436

Resolved issues

• Kernel panic occasionally occurred on Solaris servers. DSSEG-4698

Deep Security Agent - 12.0 update 13

Release date: October 1, 2020

Build number: 12.0.0-1373

Enhancements

• Deep Security verifies the signature on the Deep Security Agent to ensure that the software files have not changed since the time of signing. DSSEG-5935
• Updated the Integrity Monitoring scan completion time in Deep Security Manager events to display in seconds with a thousands separator. SEG-83194/SF03429936/DSSEG-6029
• If there are multiple IPs in the "X-Forwarded-For" tag of the HTTP header, the 1st IP among them will be retrieved. DSSEG-6183

Resolved issues

• Deep Security Agent sometimes crashed when the "Scan for Integrity" scan was running. SEG-82795/03462751/DSSEG-6008
• An executable that was created and executed quickly was blocked by Application Control while in maintenance mode. DSSEG-6173
• When using Deep Security Agent on Solaris, the port scanning feature of the Integrity Monitoring module did not work because the agent did not have access to information on the user ID under which a given port was opened. This prevented storage of any listening port information. The port scanning feature on Solaris agents has been modified to store the string "n/a" for the userid. This allows the remaining port information to be stored and used in the port scanning function. However, exclusions and inclusions based on User ID still do not function correctly because this information is not available. DSSEG-6151
• "Out of Connection" Firewall events occurred when the network engine was set to "Tap mode". SEG-87155/SF03644367/DSSEG-6270
• Some Intrusion Prevention events did not include the XFF header. SEG-81986/03419140/DSSEG-5936

Deep Security Agent - 12.0 update 12

Release date: August 19, 2020

Build number: 12.0.1278

Enhancements

• You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents > Data Privacy and selecting No. SF03237033/DSSEG-6017

This enhancement requires Deep Security Manager FR 2019-10-23 or later.

Resolved issues

• Application Control sometimes blocked applications that should have been allowed as they were created by a trusted updater. SEG-77446/03206632/DSSEG-5840
• Agent self-protection did not protect Deep Security Notifier. SEG-76015/SF03168155/DSSEG-5920
• When a Deep Security Agent was deactivated, the Anti-Malware module's language was switched to English. When the Deep Security Agent was reactivated in Japanese, this sometimes caused the Anti-Malware component update to fail. SEG-79963/03184072/DSSEG-5811
• Deep Security Manager reported a security update timeout because Deep Security Agent received exceptions at security updates. SEG-82072/03273761/DSSEG-5953
• Deep Security Agent detected false file change events due to the setuid/setgid formatting. The agent also generated false file attribute changes in /usr/bin following an upgrade, which was caused by the file creation time change. /DSSEG-5928
• When "Serve Application Control rulesets from relays" was enabled, unnecessary relay error events occurred. /DSSEG-5988
• On Solaris 10 servers with Deep Security Agent and debug logs enabled for Anti-Malware, the Deep Security Agent process sometimes encountered an abnormal restart. SEG-80989/SF03420394/DSSEG-5880
• When the Kerberos cache file was deleted and re-added, a lot of "User Added" and "User Deleted" Integrity Monitoring events occurred. SEG-80629/03402557/DSSEG-5981

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases.

CVSS score: 7.8

Severity: High

• Updated to curl 7.67.0.
• Updated to openssl-1.0.2t.

Deep Security Agent - 12.0 update 11

Release date: July 9, 2020

Build number: 12.0.1186

Enhancement

• Application Control includes script files with the ".cron" extension as part of the inventory. SEG-76680/SF03240341/DSSEG-5685
• Integrity Monitoring detects changes to the "setuid" and "setgid" attributes for Linux and Unix platforms. SEG-78797/DSSEG-5732

Deep Security Agent - 12.0 update 10

Release date: May 28, 2020

Build number: 12.0.1090

New features

Improved management and quality

Instance Metadata Service Version 2 (IMDSv2) support: IMDSv2 is supported with Deep Security Manager 12.0 update 10. For details, see How does Deep Security Agent use the Amazon Instance Metadata Service? DSSEG-5422

Enhancements

• Continued to improve the Account Domain Authentication experience. SEG-73480/SF02989282/DSSEG-5661

Resolved issues

• There were detection issues with real-time Anti-Malware scans. SEG-72928/SF03050515/DSSEG-5362
• In certain circumstances, Application Control caused the agent to go offline and restart. SEG-74143/SF03119820/DSSEG-5524
• After a real-time Anti-Malware scan, the system occasionally became unresponsive. SEG-76430/SF02537903/DSSEG-5629

Deep Security Agent - 12.0 update 9

Release date: May 4, 2020

Build number: 12.0.1026

Resolved issues

• Anti-Malware directory exclusion with wildcard didn't match subdirectories correctly. SF03131855/SEG-74892/DSSEG-5543
• Incorrect linking of certain libraries could lead to Deep Security Agent instability. SEG-72958/03071960/DSSEG-5382
• In the Actions tab, Application Control displayed computers with software changes pending for approval or denial; however, when the computers detail window was opened, there were no events reported. SEG-74084/SF03106203/DSSEG-5449
• The Anti-Malware engine on Deep Security Virtual Appliance went offline when the signer field in the Census server reply was empty. SEG-73047/SF03065452/DSSEG-5447

Deep Security Agent - 12.0 update 8

Release date: April 1, 2020

Build number: 12.0.0-967

Enhancements

• Added the ability for Deep Security Agent Anti-Malware to scan compressed files no matter their data types when IntelliScan is disabled. (SEG-71425/02971395/DSSEG-5306)
• Enhanced Anti-Malware file/folder exclusions by adding support for environment variables that contain brackets, such as "(" or ")". (DSSEG-5260)

Resolved issues

• Web Reputation, Firewall, Intrusion Prevention, and Log Inspection couldn't be enabled correctly when the system locale was set to Turkish. (SEG-71825/SF03021819/DSSEG-5351)
• When real-time Integrity Monitoring was enabled with the rule "1002875: Unix Add/Remove Software" applied, the RPM database potentially locked. (SEG-67275/SF02663756/DSSEG-5308)
• When a security update was triggered before Anti-Malware was ready, the security updates failed. (DSSEG-5361)
• Enabling Log Inspection caused Deep Security Agent to crash. (SEG-61106/SEG-42752/DSSEG-5225)
• Some real-time Integrity Monitoring changes were not detected in the /var directory. (SEG-72584/02982752/DSSEG-5346)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. (DSSEG-3771)

Deep Security Agent - 12.0 update 7

Release date: February 28, 2020

Build number: 12.0.0-911

Enhancements

• Increased the scan engine's URI path length limitation. (SEG-61309/DSSEG-5245)

Resolved issues

• The displayed packet header data contained redundant payload data. (DSSEG-4762)
• After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. (DSSEG-5156)
• Memory leaked during SSL decryption because of a flaw in the SSL processing. (DSSEG-5142)
• Log Inspection event processing caused the Deep Security Agent to restart abnormally. (DSSEG-5228)
• On specific Deep Security Agent servers the CPU usage spiked to 100% and pattern merges failed during the active update process. (SEG-66210/02711299/DSSEG-5152)
• After upgrading to Deep Security Agent 12.0.0.817, Solaris systems crashed. (SF02871943/SEG-68654/DSSEG-5139)

Security Updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Response.

• Updated SQLite to 3.30.1. (DSSEG-5103)

Deep Security Agent - 12.0 update 6

Release date: January 17, 2020

Build number: 12.0.0-817

Resolved issues

• Memory leaks occurred in Anti-Malware if file attributes couldn't be retrieved. (SEG-67374/DSSEG-5063)
• After applying rule 1006540, "Enable X-Forwarded-For HTTP Header Logging", Deep Security would extract the X-Forwarded-For header for Intrusion Prevention events correctly. However, a URL intrusion like "Invalid Traversal" would be detected in the HTTP request string before the header was parsed. The Intrusion Prevention engine has been enhanced to search X-Forwarded-For header after the header is parsed. (SEG-60728/DSSEG-5094)
• Deep Security Agent sent invalid JSON objects in response to Deep Security Manager, which caused errors in Deep Security Manager's log file. (SEG-48728/SF01919585/DSSEG-4995)
• On Solaris servers with clusters, the Deep Security Intrusion Prevention module would come under heavy load while inspecting the clusters' private traffic. The extra load caused latency issues, node evictions, and loss of synchronization events.

You can now configure the Packet Processing Engine on the agent to bypass traffic inspection on a specified interface. Where a specific interface on a computer is dedicated to cluster private traffic, this configuration can be used to bypass inspection of packets sent to and received from this interface. This results in faster packet processing on the bypassed interface and other interfaces.

Use of this configuration to bypass traffic inspection is a security risk. It is up to you to determine if the benefit of reduced latency outweighs the risk involved. It is also up to you to determine whether only the nodes in the cluster have access to the subnet whose interface is being bypassed.

To implement the bypass, do the following:

1. Upgrade the Deep Security Agent to the latest build containing this fix.
2. Create a file under /etc directory named "ds_filter.conf".
3. Open the /etc/ds_filter.conf file.
4. Add the MAC addresses of all NIC cards used for cluster communication, as follows:

MAC_EXCLUSIVE_LIST=XX:XX:XX:XX:XX,XX:XX:XX:XX:XX

5. Save.
6. Wait 60 seconds for your changes to take effect.

In the /etc/ds_filter.conf file:

• The MAC_EXCLUSIVE_LIST line must be the first line in the file.
• All letters in the MAC address must be uppercase.
• Leading zeros in each byte must be included.

Valid MAC_EXCLUSIVE_LIST:

MAC_EXCLUSIVE_LIST=0B:3A;12:F8:32:5E

MAC_EXCLUSIVE_LIST=0B:3A;12:F8:32:5E,6A:23:F0:0F:AB:34

Invalid MAC_EXCLUSIVE_LIST:

MAC_EXCLUSIVE_LIST=B:3A;12:F8:32:5E

MAC_EXCLUSIVE_LIST=0b:3a;12:F8:32:5e,6a:23:F0:0F:ab:34

MAC_EXCLUSIVE_LIST=0B:3A;12:F8:32:5E

• If the MAC address is not valid, the interface will not be bypassed. If the exact string "MAC_EXCLUSIVE_LIST=" is not present at the beginning of the line no interfaces will be bypassed. (DSSEG-4055)