What's new in Deep Security Manager?

Deep Security Manager - 20.0.893 (20 LTS Update 2024-03-20)

Release date: March 20, 2024

Build number: 20.0.893

Enhancements

  • Anti-Malware Manual Scan can now be configured from a policy on Deep Security Manager for Linux platforms. DSM-433

Resolved issues

  • Event Forwarding conditions StringLike and StringNotLike did not work for JSON formatted on multiple lines for a Description. SF07518120/PCT-12618/DSM-448
  • Deep Security Manager sometimes displayed a Trend Micro Adversary Tactics and Techniques Detection pattern version (Administration > Updates > Security > Patterns) before it was available from the Trend Micro Update Server. DSM-439

Deep Security Manager - 20.0.883 (20 LTS Update 2024-02-21)

Release date: February 21, 2024

Build number: 20.0.883

New Features

  • Deep Security Manager now supports dynamic updates of the XDR Device ID of the Trend Micro Endpoint Basecamp. DSM-250

Enhancements

  • The Web Reputation Service backend query now uses port 443 by default for new installations and new tenants. PCT-10486/DSM-445
  • In the Anti-Malware configuration, the default values for Predictive Machine Learning and Windows Antimalware Scan Interface (AMSI) settings are now marked as recommended. PCT-3844/DSM-301

Resolved issues

  • Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes failed when Firewall, Web Reputation Service, or Intrusion Prevention System were enabled for Deep Security Manager. DSM-473

Deep Security Manager - 20.0.879 (20 LTS Update 2024-01-17)

Release date: January 17, 2024

Build number: 20.0.879

New Features

  • Deep Security Manager now allows changing the IP address or fully qualified domain name (FQDN) for the NSX Manager. DSM-83/DSM-405

Enhancements

  • The Tomcat version was updated in Deep Security Manager. DSM-431/DSM-160
  • A number of URLs on a verge of becoming invalid were updated on the Deep Security Manager Support website. DSM-352
  • Deep Security Manager copyright information was updated to year 2024. DSM-133
  • A dedicated banner is now displayed within Deep Security Manager to notify the users of Deep Security Virtual Appliance about the Deep Security Virtual Appliance EOL status. DS-76857/DSM-131
  • Security updates for VRTS-10045, VRTS-10068, VRTS-10070. DSM-133
  • Deep Security Manager copyright information was updated to year 2024. DSM-133
  • Deep Security Manager can now force the removal of the service reference ID when the VMware vCenter connector is removed. This service reference ID is automatically created by VMware NSX-T to bind the Trend Micro service with the security profile. SEG-160298/DSM-49
  • The out-of-date computer status is now representd by three separate statuses: Out of Date (Anti-Malware Configuration Off), Out of Date (Anti-Malware Offline), and Out of Date (Agent Offline). This directly affects the functionality of the security pattern status widget, ensuring that the Out-of-Date Advanced Search results do not include Deep Security Agents with the statuses Agent Offline, Anti-Malware Configuration Off, and Anti-Malware Offline. DSM-135

Resolved issues

  • Azure Connector experienced synchronization issue for Azure Virtual Machine Scale Sets with Flexible orchestration mode. DSM-436
  • Apex Central did not have the information and therefore could not forward it to syslog or display in its log view due to the MCP content not being updated to include the FileSHA1 of an infected file. SEG-192045/PCT-6042/DSM-435
  • The value of the behaviorMonitoringEnabled property in the Antimalware Configuration API was missing, resulting in a disconnect between the UI and API. PCT-5360/DSM-411

Known issues

  • Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes fails when Firewall, Web Reputation Service, or Intrusion Prevention System are enabled for Deep Security Manager. DSM-473

Security updates

Security updates are included in this release. For more information about Trend Micro protectection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, CVE details can only be made available for select security updates once patches have been made available for all impacted releases. DSM-402

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.864 (20 LTS Update 2023-12-12)

Release date: December 12, 2023

Build number: 20.0.864

Enhancements

  • Updated the Deep Security Manager UI to reflect Microsoft's product name change: Azure Active Directory is now Microsoft Entra ID. DSM-214
  • Deep Security Manager reports (Events & Reports > Generate Reports) can now be generated using custom classifications by selecting CUSTOM from the classification dropdown list and filling in the name field. SF06301702/SEG-167348/DS-76507/DSM-8
  • Deep Security Manager now limits Deep Security Virtual Appliance agent software upgrades to 20.0.0 versions. Note that 20.0.1 agent versions are not supported. DSM-311
  • Upgrading Deep Security Agent for a limited support platform using the Use latest version for an agent option (Computers > Details > Action > Upgrade Agent Software) now provides a warning that 20.0.1 agent versions are not supported for that platform. DSM-342/DSM-343/DSM-344

Resolved issues

  • After upgrading to Deep Security Manager 20.0.797, the Deep Security Component Summary widget display was blank in the Apex Central console. DSM-236
  • Overrides for Application Control Trust Entities settings were not being removed after using Remove or Remove All (from Computer or Policy > Overrides). DSM-120
  • SAP scans generated Get Events Failed errors when Alert for all rules (Regardless of rule settings) was enabled (Alerts > Alert Configuration > Anti-Malware Alert > Alert Information > Options). SF05087843/SEG-173393/DS-77098/DSM-28
  • Deep Security Manager API searches using the greater than parameter sometimes returned incorrect results. DSM-325
  • The Schedule Agent Upgrade screen sometimes displayed incorrect agent versions until Deep Security Manager was restarted. DSM-329

Known issues

  • Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes fails when Firewall, Web Reputation Service, or Intrusion Prevention System are enabled for Deep Security Manager. DSM-473

Deep Security Manager - 20.0.854 (20 LTS Update 2023-11-15)

Release date: November 15, 2023

Build number: 20.0.854

New Features

  • Deep Security Manager now supports strong cipher suites when FIPS mode is enabled. DSM-211

Enhancements

  • Deep Security Manager now supports the 20.0.1 Deep Security Agent versioning revision planned for January 2024. DSM-121

Resolved issues

  • Using an Intrusion Prevention event containing a long note triggered an error with a message "Get Events Failed (Internal Server Error)". DSM-327
  • The HostName lookup got stuck in some environments where the DNS setting was incomplete. DSM-307

Security updates

Security updates are included in this release. For more information about how Trend Micro protects against vulnerabilities, visit Vulnerability Responses. Note that in line with responsible disclosure practices, CVE details are only made available for select security updates once patches have been made available for all impacted releases. VRTS-11238/DSM-290

Highest CVSS: 7.5

Highest severity: High

Known issues

  • Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes fails when Firewall, Web Reputation Service, or Intrusion Prevention System are enabled for Deep Security Manager. DSM-473

Deep Security Manager - 20.0.844 (20 LTS Update 2023-10-18)

Release date: October 18, 2023

Build number: 20.0.844

New Features

  • Deep Security Manager now allows users to configure the agent Manual Scan from policy. DSM-16

Enhancements

  • In Events & Reports, the advanced search can now filter Intrusion Prevention events by "Flow" value.
    The "Flow" field is now added to Intrusion Prevention syslog events. SF06798790/SEG-177960/DS-77724/DSM-9
  • Application Control global block by hash rules can now be configured using a MD5 or SHA-1 file hash. (Previously, only SHA-256 could be used.) SEG-108464/DS-74144/DSM-18
  • Application Control Trust Entities rules that use the process name property can now be configured using wildcards in the Deep Security Manager UI. DS-75316/DSM-18
  • Trust Entities process name properties can now use Universal Naming Convention (UNC) paths to files or peripheral devices on a local area network. DS-77133/DSM-18
  • Trust Entities "Allow by target" rules can now use the process name property. DS-77364/DSM-18

Resolved issues

  • When configuring Role Properties, applying changes to the "Clear Warnings/Errors for" permission under the Computer Rights tab displayed the incorrect result in the console. DSM-195
  • Application Control shared rulesets sometimes triggered policy updates to systems that did not support Application Control. DS-76766/DSM-18
  • Software auto-authorized on agents by a Trust Entities rule are no longer automatically added to the shared rulesets. This will prevent software from remaining authorized if the corresponding trust entities rule is no longer applied. DS-74855/DSM-18

Known issues

  • Deep Security Notifier may fail to start when deployed as an Anti-Malware Protected Process Light (AM-PPL) in Windows. As a workaround, deploying the Notifier as an AM-PPL has been disabled by default. See KB000295433. DSM-297

Deep Security Manager - 20.0.833 (20 LTS Update 2023-09-20)

Release date: September 20, 2023

Build number: 20.0.833

Enhancements

  • The permission to clear warnings and errors "canClearWarningsAndErrors" can now be granted separately to roles. SF06516228/SEG-168657/DS-77463
  • Changed the error message displayed when a user that doesn't have the necessary permissions tries to edit Device Control settings. SEG-180964/C1WS-14961/DSM-56
  • Some default values for Real Time Anti-Malware configuration have changed: DS-77469/C1WS-13588/DSM-36

    • Predictive Machine Learning: Pass > Quarantine
    • Windows Antimalware Scan Interface (AMSI): Pass > Terminate
  • When creating a Smart Folder, vCenter "Power State" is now a Computer Property option. DSM-6/DS-77643
  • Smart Folder Computer Property options are now sorted in alphabetical order. DSM-6/DS-77643

Resolved issues

  • In the web console, AIX 7.3 agents did not display the OS version in the Platform field. DS-72424/DSM-128
  • The User Management > Roles > Role Properties window wouldn't load if a lot of computers were protected. SEG-170672/DS-76826/C1WS-12373/DSM-10
  • The SHA256 hash value of files will now be included in SNS Anti-Malware events when SHA256 is selected in Anti-Malware > Advanced > File Hash Calculation. SEG-168652/DS-76448/C1WS-14048/DSM-7
  • Deep Security Manager sometimes set a wrong date for Next Run Time while running the scheduled task, which lead to a Java DateTimeException and display of an internal server error. This could prevent the reservation task from working properly. SF07190612/SF07191522/SEG-192240/SEG-192321/DSM-169

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-10326/DSM-158

Highest CVSS: 6.1

Highest severity: Medium

Deep Security Manager - 20.0.817 (20 LTS Update 2023-08-23)

Release date: August 23, 2023

Build number: 20.0.817

Enhancements

  • The Deep Security Manager console now shows more information on the status of the Trend Micro LightWeight Filter Driver. DS-77465
  • Add Device Control information to the Security Module Usage Report. DS-77319

Deep Security Manager - 20.0.802 (20 LTS Update 2023-07-19)

Release date: July 19, 2023

Build number: 20.0.802

Enhancements

  • Updated Deep Security Manager to add SQL Server 2022 database support. SF06543523/SEG-169639/SEG-171432/DS-76501
  • If the computer is a Podman Host, computer details now display the Podman version. DS-76683

Resolved issues

  • When creating a new Scheduled Task, the "Next Run Time" value displayed in the Scheduled Task list was incorrect. SF06593263/SEG-171126/DS-76900
  • Upgrade Agent Software actions would sometimes fail on Amazon Linux platforms. DSM-14
  • Deep Security Manager would sometimes fail to synchronize to a Vision One Service Gateway. SF06928392/SEG-182692/DSM-19

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-6038/DSM-32/DSM-55

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.789 (20 LTS Update 2023-06-28)

Release date: June 28, 2023

Build number: 20.0.789

New Features

Trend Vision One Inventory support: Deep Security Manager integration with Vision One now supports Endpoint Inventory, Inventory Group, and Inventory Compliance.

Enhancements

  • Deep Security Manager now supports PostgreSQL 14. SF06514546/SEG-169342/DS-76494
  • Deep Security Manager now supports AWS Aurora PostgreSQL 14. DS-77594
  • Deep Security Manager now supports VMware Cloud Director 10.4. SEG-152378/DS-74227
  • Deep Security Manager now supports AWS RDS PostgreSQL 14. DS-76494

Resolved issues

  • The Deep Security Manager console sometimes froze when opening the agent migration pop-up window. SEG-180945/DS-78114

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-9496/DS-77146

Highest CVSS: 4.3

Highest severity: Medium

Deep Security Manager - 20.0.768 (20 LTS Update 2023-05-17)

Release date: May 17, 2023

Build number: 20.0.768

New Features

Device Control: Deep Security Manager (version 20.0.768+) now supports Device Control for Windows Server platforms, helping to protect external storage devices connected to protected endpoints. This requires Deep Security Agent 20.0.0.6313+. For a list of the platforms supported please see Supported features by platform.

Resolved issues

  • Deep Security Manager sometimes generated Tenant reports containing incorrect information for Deep Security Agents running in a multi-tenant environment. SF06301702/SEG-162798/DS-76311
  • Deep Security Manager's dashboard sometimes failed to include events within the status and event history widgets. SF06492268/SEG-168155/DS-76201

Deep Security Manager - 20.0.759 (20 LTS Update 2023-04-19)

Release date: April 19, 2023

Build number: 20.0.759

Enhancements

  • Agent Version Control is now available when configuring agent upgrade Scheduled Tasks. SF06094463/SEG-159727/DS-74710
  • Due to product name changes, all mentions of "Trend Micro Vision One" were changed to "Trend Vision One". DS-76215

Resolved issues

  • Under certain conditions, Deep Security events would incorrectly report that 'The component "Advanced Threat Scan Engine" has been removed'. SF05801044/SEG-147779/DS-75232
  • Some dropdown lists in the management console were causing performance issues in environments with more than 50,000 hosts. SF05874881/SEG-149417/DS-72746
    (The affected dropdown lists include, but aren't limited to, the lists under: System Event, Computer, Single Report, Scheduled Reports, Scheduled Task, Alert, and Dashboard,)

Deep Security Manager - 20.0.741 (20 LTS Update 2023-03-15)

Release date: March 15, 2023

Build number: 20.0.741

New Features

Service Gateway: Deep Security Manager (version 20.0.741+) now supports the Service Gateway feature, providing forward proxy functionality.

Deep Security Manager - 20.0.737 (20 LTS Update 2023-02-23)

Release date: February 23, 2023

Build number: 20.0.737

Enhancements

  • Deep Security Manager 20.0.737+ now supports Red Hat Enterprise Linux 9 (64-bit). SF06130289/SEG-157410/DS-74295
  • Deep Security Manager now enforces certificate updates to RSA-2048 and SHA-256 for agents using unsupported certificates. (Deep Security Agent version 20.0.0-6313 and higher does not support SHA-1.) For more details, see Upgrade the Deep Security cryptographic algorithm. DS-76297
  • Updated Deep Security Manager to add API Smart Folder functionality. DS-75375

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-75668/DS-75924

Highest CVSS: 8.1

Highest severity: High

Deep Security Manager - 20.0.725 (20 LTS Update 2023-01-18)

Release date: January 18, 2023

Build number: 20.0.725

Resolved issues

  • Updated Deep Security Manager to include an OS (operating system) field for syslog forwarding if "settings.configuration.addPlatformInSyslogMessage" is set to true by console command. For more information see https://success.trendmicro.com/solution/000289535. DS-73163

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-74793

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.716 (20 LTS Update 2022-12-15)

Release date: December 15, 2022

Build number: 20.0.716

Resolved issues

  • When exporting the list of computers to CSV, the Docker Host and CRI-O Host field value was not included correctly. SF05232601/SEG-131041/DS-73391
  • The Deep Security Manager would report Rocky Linux 8 as an unknown Linux OS when registered through the AWS connector. DS-71999

Deep Security Manager - 20.0.711 (20 LTS Update 2022-11-16)

Release date: November 16, 2022

Build number: 20.0.711

Enhancements

  • Updated Deep Security Manager to include "Project ID" for computers using Google Cloud Platform. SF05811253/SEG-147466/DS-72694

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-74218

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.703 (20 LTS Update 2022-10-19)

Release date: October 19, 2022

Build number: 20.0.703

Enhancements

  • With Multi-Factor Authentication enabled, changing an account password now requires verifying the user's MFA code (in addition to the user's old password). DS-73341
  • Updated Deep Security Manager to notify users of trust entity ruleset changes in the computer's status bar. DS-70956
  • Updated Deep Security Manager to allow using question marks in Application Control trust rule "paths" property fields to match a single additional character in the path. DS-71604
  • Updated the Deep Security Manager's UI tooltip for trust entity rules to describe the latest wildcard functionality. DS-69964
  • Updated Deep Security Manager to use the latest Simple Object Access Protocol (SOAP) components to protect against vulnerabilities affecting older versions. DS-73080

Resolved issues

  • Reports generated by Deep Security Manager (Events & Reports > Generate Reports) did not display Chinese language characters properly. SF05883379/SEG-149459/DS-72858
  • Anti-Malware events sometimes displayed a blank file path with invalid Unicode encoding. 01746052/SEG-46912/DSSEG-3653
  • Application Control rule permissions configured by administrators did not result in the corresponding functionality for users. As examples, a rule with its permissions set to "Hide" was still visible to users, and one with a "Custom" configuration preventing users from creating new rules did not prevent them from doing so. DS-68693
  • In Trust Entity Management (Policies > Common Objects > Application Control Rules > Trust Entities), the horizontal scroll bar in the "Edit Trust Ruleset" window was covering rules displayed at the bottom of the window. DS-70435

Deep Security Manager - 20.0.686 (20 LTS Update 2022-09-21)

Release date: September 21, 2022

Build number: 20.0.686

Resolved issues

  • If an Application Control shared ruleset was successfully created on a Deep Security Agent using the API, creating another shared ruleset with the API on the same agent would fail. DS-71034
  • Deep Security Manager sometimes displayed the wrong state for items in an Anti-Malware Report (Events & Reports > Generate Reports). SF05780825/SEG-149707/DS-72871
  • With Perform Ongoing Recommendation Scans set to "Yes" and an Ongoing Scan Interval set at "4 Weeks" (Computer or Policy > Settings > General > Recommendations), Deep Security Manager executed the scans much more frequently than the set interval. SF05658685/SEG-148153/DSSEG-7707

Deep Security Manager - 20.0.677 (20 LTS Update 2022-08-17)

Release date: August 17, 2022

Build number: 20.0.677

New Features

Windows Server 2022 support: Deep Security Manager (version 20.0.677+) now supports Windows Server 2022.

Enhancements

  • Updated Deep Security Manager to encrypt user login details. DS-71448

Resolved issues

  • Under Events & Reports > Firewall Events, when using "Action" and "Contains" filters to search for "Fail Open: Deny" the search results failed to display matching events. SF05740930/SEG-146282/DS-72636
  • VMware vCloud accounts missing their OS type caused synchronization to fail. SF05830546/SEG-147983/DS-72518
  • VMware vCloud connectors with more than 25 Virtual Data Centers only displayed 25 in Deep Security Manager. SEG-147252/DS-72376
  • When Deep Security Relay were rehomed to a vCenter connector, they lost their original hostname in Deep Security Manager. SF05519505/SEG-140015/DS-72596
  • Deep Security Manager sometimes generated unexpected "Computer Updated" system events. SF05496967/SEG-138407/DSSEG-7672

Deep Security Manager - 20.0.664 (20 LTS Update 2022-07-21)

Release date: July 21, 2022

Build number: 20.0.664

Enhancements

  • Updated Deep Security Manager to include port 443 by default (along with ports 80 and 8080) for "Ports to monitor for potentially harmful web pages" (Computer or Policy > Web Reputation > Advanced). This change prepares Web Reputation SSL inspection support on port 443 for future (not yet released) Deep Security Agent versions.
  • Updated Deep Security Manager to add the -disablemfa parameter. This parameter allows users to disable Multi-factor authentication (MFA) when using the dsm_c command line to perform a password reset. DS-69590

Resolved issues

  • Deep Security Manager was sometimes unable to synchronize with Microsoft Active Directory (AD) users. SEG-138257/SF05452498/DS-70873

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-71624

Highest CVSS: 9.8

Highest severity: Critical

Deep Security Manager - 20.0.651 (20 LTS Update 2022-06-15)

Release date: June 15, 2022

Build number: 20.0.651

Enhancements

  • Updated Deep Security Manager to provide more information for "Anti-Malware Engine Offline" events, including an ID indicating the event's cause and a link in the description leading to recommended actions. Also, a system log entry for the event is now generated if SIEM is enabled. DS-70595
  • Updated Deep Security Manager to save disk space by removing outdated versions of the agent installer package. DS-67840
  • Updated Deep Security Manager to trigger event based tasks related to creating a computer when adding an active directory computer with the "Add Active Directory" wizard. DS-68877
  • Updated Deep Security Manager to remove support for 8.0 and 9.0 Deep Security Agents, since these versions are past their EOL dates. For more information, see Deep Security LTS life cycle dates. DS-70332

Deep Security Manager - 20.0.644 (20 LTS Update 2022-05-18)

Release date: May 18, 2022

Build number: 20.0.644

Resolved issues

  • Some rules did not display properly in Deep Security Manager when columns were sorted "By Group" (under Policies > Common Objects > Rules or under Computers > Computers). SEG-127353/DS-68348
  • Agent activation sometimes became stuck in a loop which caused high memory consumption for Deep Security Manager. DS-71234

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-71244/DS-65171

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.635 (20 LTS Update 2022-04-21)

Release date: April 21, 2022

Build number: 20.0.635

New Features

Advanced TLS traffic inspection: Deep Security Manager now provides an option to configure advanced TLS traffic inspection, removing the need to configure TLS credentials manually and adding support for more ciphers. You can verify the status of the feature by viewing the policy properties (Policy > Intrusion Prevention > General > Advanced TLS Traffic Inspection). For more information, see Enable Advanced TLS traffic inspection.

Azure and GCP connector migration support: Azure and GCP (Google Cloud Platform) connectors can now be migrated from Deep Security Manager to Trend Micro Cloud One - Workload Security. For more information, see Migrate cloud accounts to Workload Security.

Resolved issues

  • Deep Security Manager was not receiving the number associated with "systemEventID" errors for system configurations using Simple Network Management Protocol (SNMP). SEG-122864/04711592/DS-67387
  • Intrusion Prevention events containing number strings, such as IP addresses, sometimes resulted in Get Events Failed "NumberFormatException" errors in Deep Security Manager. SEG-120226/SF04838989/DSSEG-7216
  • Deep Security Manager was sometimes unable to sync with vCloud. SEG-135846/SF05409802/DS-70336
  • Deep Security Manager did not properly display "Computer Moved" events. DS-70669
  • When a Deep Security Agent with an existing Application Control local ruleset was removed from Deep Security Manager, the ruleset for that agent still appeared in the manager (under Policies > Application Control Rules > Software Rulesets). DS-68173
  • If the REST API was used to select the critical-and-heuristic parameter for Document Exploit Protection, Deep Security Manager would not display that selection for the malware scan configuration (under Computer or Policy > Anti-Malware > General > Edit). DS-67975

Deep Security Manager - 20.0.619 (20 LTS Update 2022-03-22)

Release date: March 22, 2022

Build number: 20.0.619

New Features

FIPS mode for Amazon Linux 2: Deep Security Manager (version 20.0.619+) now supports FIPS mode for Amazon Linux 2. This is supported for Deep Security Agent version 20.0.0-2971+.

Enhancements

  • Updated Deep Security Manager to use the term "protected" instead of "anonymous" when referring to Trend Micro Feedback being shared with the Smart Protection Network. DS-70101

Resolved issues

  • Deep Security Manager failed to migrate policies to Trend Micro Cloud One - Workload Security if a module's license had expired. DS-69595
  • In a Security Module Usage Cumulative Report (Events & Reports > Generate Reports), Application Control usage hours were not being included properly under "System Usage" hours. DS-67494
  • The Deep Security Manager Trust Entities "New Ruleset" window (Trust Entities > Trust Ruleset > New) had its "OK" and "Close" buttons blocked on some screen resolutions. DS-68838
  • Behavior Monitoring status of Deep Security Agents for Linux was inconsistent on Deep Security Manager versions higher than 20.0.312. With Behavior Monitor detection disable, the manager console sometimes still showed that it was enabled under the default settings for Anti-Malware real-time or advanced real-time scans. DS-69536
  • There was a connectivity issue when a Deep Security Agent had FIPS mode enabled but Deep Security Manager did not. DS-70038

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. SEG-132505/SF05278860/DS-69608/DS-69764

Highest CVSS: 9.8

Highest severity: Critical

Deep Security Manager - 20.0.605 (20 LTS Update 2022-02-16)

Release date: February 16, 2022

Build number: 20.0.605

Enhancements

  • Updated Deep Security Manager to allow users to toggle real time container protection (from Computer or Policy Settings > General). This setting is on by default. SEG-115751/DS-68963

Resolved issues

  • Filtering Smart Folders by "Folder Name" sometimes displayed results for folders or groups that no longer existed. SEG-120786/SF04858677/DSSEG-7220
  • With event-based task settings enabled for "NSX Security Group Change" (Administration > Event-Based Tasks), Deep Security Manager would trigger auto-activation of a VM (virtual machine) if it was removed from an NSX Security Group. DS-36694
  • Deep Security Manager displayed the wrong description for "Move Failed (No Response)" system events. DS-69407

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-5866/DS-62223

Highest CVSS: 8.2

Highest severity: High

Deep Security Manager - 20.0.585 (20 LTS Update 2022-01-17)

Release date: January 17, 2022

Build number: 20.0.585

New Features

Application Control Trust Entities: This feature lets you configure trust rules to auto-authorize software changes in your environments, reducing the number of software changes and security events you need to manage manually. For details, see Application Control Trust Entities.

Enhancements

Resolved issues

  • Moving Deep Security Agents to Workload Security would fail if Deep Security Manager was configured with a proxy that doesn't require authentication credentials. (DS-68710)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. (DS-68725, DS-67244)

Highest CVSS: 9.1

Highest severity: Critical

Deep Security Manager - 20.0.560 (20 LTS Update 2021-12-16)

Release date: December 16, 2021

Build number: 20.0.560

New Features

Trusted Certificates Detection Exceptions: Deep Security Manager (version 20.0.560+) now allows you to configure "Trusted Certificates Detection Exceptions" (from a policy's Details & Anti-Malware & Advanced tab) to exclude files from Anti-Malware scanning based on their digital certificate. This feature is currently supported for Deep Security Agent version 20.0.0-3445+ on Windows platforms only. For more information on the new feature, visit Exclude files signed by a trusted certificate.

Resolved issues

  • Deep Security Manager was unable to retrieve security settings from groups containing more than 1000 computers. SF05006314/SEG-124719/DS-67938
  • Deep Security Manager was sending suspicious objects to Deep Security Agent even after the objects' expire time had ended. DS-67917
  • Deep Security Manager was not displaying virtual machines that had been upgraded to VMware Cloud Director 10.3 or 10.3.1, even though they were still connected. SEG-123585/SF04968350/DS-67513

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-68162/DS-65579

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.543 (20 LTS Update 2021-11-18)

Release date: November 18, 2021

Build number: 20.0.543

Enhancements

  • Updated Deep Security Manager to hide the Trend Micro Vision One promotion banner for 24 hours after being dismissed by a user. DS-55349
  • You can now use Azure application certificate authentication when adding an Azure connector. For details, see Add a Microsoft Azure account to Deep Security. DS-63762
  • Improved migration from Deep Security Manager to Workload Security in the following ways:

    • Updated Deep Security Manager to handle connectivity issues better during migration to Workload Security, preventing the console UI from being blocked or stuck in a loading loop. DS-67841
    • Updated Deep Security Manager so that the "Computer Group" dropdown list for Deep Security Agents being migrated to Workload Security no longer displays computer groups generated by connectors. DS-67776
    • Updated Deep Security Manager "Move Failed" system events to include additional event details from the Workload Security side. DS-67921
    • Updated Deep Security Manager to check for inactivated computers with the same hostname as computers being migrated to Workload Security. If a matching hostname is found, the manager now updates the existing computer instead of marking the task as "Move Failed". DS-67527
    • Updated Deep Security Manager's policy migration page (Support > Migrate to Workload Security > Configurations) to note that Rule Updates must be up to date before migration, and that common objects in Workload Security are overwritten if they have the same name as migrated objects. DS-67777
    • Updated Deep Security Manager to remove the "Migrate to Workload Security" option (shown when right-clicking a computer) for computers that are not migratable. DS-67666

Resolved issues

  • Software Update sometimes failed if the kernel support package and the agent installer were both the same version. DS-67547
  • Deep Security Manager system events sometimes had "No description" in the description field. DS-66878
  • Deep Security Manager sometimes received alerts for agents that had not been activated. DS-64523
  • After an update, Deep Security Manager kept a copy of the previous version's online help files. SEG-120770/SF04858311/DS-66969
  • In Deep Security Manager's Computers tab, the "LAST COMMUNICATION" column sometimes did not sort correctly. SEG-120751/SF04862693/DS-67579
  • Deep Security Manager was unable to migrate agent/appliance initiated agents (AIA) with certain configurations over to Workload Security. SEG-124938/DS-67861
  • When the "Migrate with settings overridden at computer level" option was selected, Deep Security Manager would incorrectly try to migrate rule assignments, which could cause the migration to Workload Security to fail. DS-67528
  • For Deep Security Managers using an Oracle Database, any computers requesting migration to Workload Security would have their status show "Moving" even if the migration was successful. DS-67930
  • Deep Security Manager sometimes encountered a runtime exception that would prevent computers from moving to Workload Security during migration. DS-67932

Deep Security Manager - 20.0.513 (20 LTS Update 2021-10-14)

Release date: October 14, 2021

Build number: 20.0.513

New Feature

Migrate to Workload Security using the Deep Security Manager UI: Deep Security Manager now supports moving agents and policy configurations to Trend Micro Cloud One Workload Security using the Deep Security Manager UI. This includes the following added capabilities:

  • Migrate agents using the UI
  • Migrate configurations using the UI
  • Migrate agents with settings overridden at the computer level
  • Move multiple agents at the same time with a single "BatchComputerMoveTask API" call

For more information, see Migrate to Workload Security.

Resolved issues

  • While syncing Trend Micro Vision One (XDR) status, Deep Security Manager sometimes failed to sync the Sandbox as a Service status at the same time. DS-66122

Deep Security Manager - 20.0.503 (20 LTS Update 2021-09-23)

Release date: September 23, 2021

Build number: 20.0.503

New Feature

Control kernel package updates: This update introduces a new way to manage your kernel support packages. Deep Security Manager now provides an option to automatically update the kernel package when an agent restarts on Linux. For details, see Disable optional Linux kernel support package updates.

Enhancements

  • Updated Deep Security Manager to integrate with Trend Micro Vision One for Threat Intelligence (previously known as "Connected Threat Defense"). DS-61106
  • Updated Deep Security Manager to allow the removal of Integrity Monitoring baseline data using a console (dsm_c) command. Removing baseline data does not affect the protection you receive from Integrity Monitoring, but does remove the following:

    • The option to "View Baseline" data from the manager console
    • The ability to use the "Trusted Common Baseline" as a source of Auto-Tagging
    • The ability to generate an "Integrity Monitoring Baseline Report"

    As baselines have grown larger and workloads have become more dynamic, the ability to support the Integrity Monitoring baseline in the Deep Security Manager console has become increasingly challenging. We are committed to evolving the design of Integrity Monitoring to meet the performance and operational needs of our customers. Through discussions with our customers, it was determined that in its current form, Integrity Monitoring was not always delivering the value to offset the performance and operational overhead required to maintain baseline data. For more details on disabling baseline data see 000289069. DS-60498

Resolved issues

  • Deep Security Agent automatic upgrades sometimes failed if Deep Security Manager had "Upgrade on Activation" and "Event-based Tasks" enabled at the same time. SEG-105646/SF04249597/DS-62190
  • The Deep Security Manager console command to add a trusted certificate sometimes failed for LDAPS server certificates. SEG-116063/SF04716472/DS-65277
  • Some API key fields used to migrate to Workload Security were missing from the Workload Security Links API document. DS-66022
  • In environments with multiple vCenter connectors undergoing frequent vMotion, Deep Security Manager sometimes encountered a deadlock causing "Engine Offline" errors for Anti-Malware, Firewall, and Intrusion Prevention. SEG-115729/SF04696226/DS-65311
  • Deep Security Manager sometimes couldn't retrieve a computer's information, causing VMware NSX synchronization to fail. SEG-117202/DS-65610
  • Deep Security Virtual Appliance IPv6 addresses sometimes displayed in the Deep Security Manager console even if the IPv6 was not available in the environment. SEG-118810/SF04806948/DS-66263
  • Deep Security Manager Scheduled Reports (Events & Scheduled Reports) with a "Using Policy" computer filter sometimes still showed all computers in the generated reports. SF04676734/SEG-116345/DS-65336
  • Deep Security Agent upgrade failures sometimes occurred if Default Real-Time Scan "File List" or "Directory List" exclusions were created with duplicate names in Deep Security Manager. DS-65746

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-5934/DS-63325/DS-65607

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.482 (20 LTS Update 2021-08-25)

Release date: August 25, 2021

Build number: 20.0.482

Enhancements

  • Updated Deep Security Manager to support PostgreSQL 12 and PostgreSQL 13 in FIPS mode. For more information see FIPS 140-2 support. DS-63876
  • Updated Deep Security Manager's "Workload Security Link" API to support URLs containing "https" when attempting to Migrate to Workload Security. DS-65095

Resolved issues

  • Deep Security Manager Scheduled Tasks (Administration > Scheduled Tasks) configured to run daily would sometimes run hourly. SEG-108098/DS-64247
  • In Deep Security Manager's Computers page, the "LAST MANUAL SCAN FOR MALWARE" and "LAST SCHEDULED SCAN FOR MALWARE" columns sometimes did not sort properly.
  • Tenants were sometimes unable to update their license if the primary tenant enabled a proxy server with credentials (Administration > System Settings > Proxies > Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing)).

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-5932/DS-63442/DS-51695/ VRTS-5930/DS-63071/ VRTS-5929/DS-63072

Highest CVSS: 6.5

Highest severity: Medium

Deep Security Manager - 20.0.463 (20 LTS Update 2021-07-22)

Release date: July 22, 2021

Build number: 20.0.463

Enhancements

  • Updated Deep Security Manager to include two different action options in the Anti-Malware Scan Interface (AMSI): Customers can now select either Pass or Terminate. DS-63691
  • Updated Deep Security Manager to support migrating policies to Workload Security using the new "MigratePolicy" API command. This command automates the process of migrating  the Deep Security Policies from their current on-premise manager to a Cloud One Workload Security tenant. DS-63316
  • Updated Deep Security Manager to check if the virtual machine's IP address is reachable during the rehoming process for vCenter. DS-63514

Resolved issues

  • Deep Security Manager was sometimes unable to send emails on systems with more than one network interface card (NIC). DS-63254
  • Deep Security Agents using agent-initiated activation (AIA) sometimes went offline following a certificate update. DS-58106
  • When generating an Agent Version Report (Events & Reports > Generate Reports), the report generated as if "All Computers" was selected in the Computer Filter section regardless of which option was actually selected. DS-64133
  • Filtering a Smart Folder by Tag was not working properly for new events added with Auto-Tagging (Events & Reports > Events > (Select an event type) > Auto-Tagging). DS-61210
  • When a virtual machine (on vCenter) had multiple IP addresses, Deep Security Manager was sometimes unable to select the correct IP address. SEG-109694/SF04486485/DS-63235
  • Deep Security Manager would sometimes re-download an outdated Kernel Support Package (KSP) that had previously been deleted. SEG-101335/04121383/DS-60849

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-64012/ VRTS-5931/DS-63070

Highest CVSS: 6.8

Highest severity: Medium

Deep Security Manager - 20.0.447 (20 LTS Update 2021-06-28)

Release date: June 28, 2021

Build number: 20.0.447

New Feature

Re-parent agents: Deep Security Manager now supports moving agents to Trend Micro Cloud One Workload Security using the new "MoveAgent" API command. This command automates the process of re-parenting an activated Deep Security Agent from its current on-premise manager to a Workload Security tenant. If re-parenting is unsuccessful, the agent will re-activate with its on-premise manager, retaining its previous configuration.

Due to feature differences between the Deep Security and Workload Security managers, move tasks may be refused to prevent unexpected behaviors. Customers should disable the following features before moving agents:

  • FIPS 140-2: Deep Security Manager will refuse move tasks if FIPS 140-2 support is enabled.
  • Deep Security Virtual Appliance: Computers protected by Deep Security Virtual Appliance (agentless or combined mode) will refuse move tasks.
  • SAP NetWeaver integration: Agents with SAP NetWeaver integration will accept move tasks. However, after being moved to Workload Security, the SAP NetWeaver integration will not be available until it is supported on Workload Security.

Enhancements

  • Updated Deep Security Manager to add PostgreSQL 12 and PostgreSQL 13 database support. DS-59911
  • Removed the Windows logo that was displayed next to Predictive Machine Learning in the Deep Security Manager UI. (Predictive Machine Learning is currently supported by all Windows agents as well as Linux agents version 20.0.0-2395+.) DS-62929
  • Updated Deep Security Manager to note which agent versions support Behavior Monitoring "Pass" action: Deep Security Agent 20.0.0-1559+ (Windows) and Deep Security Agent 20.0.0-1822+ (Linux). DS-62937
  • Updated the "Activity Data Forwarding" description (Administration > System Settings > Trend Micro Vision One) to provide more information on script deployment. DS-63278
  • Updated the Endpoint Basecamp deployment script (Administration > System Settings > Trend Micro Vision One > Activity Data Forwarding) to improve support on some platforms, and updated script deployment error messages to be more descriptive. SEG-109629/DS-63157

Resolved issues

  • In Deep Security Manager's Tenants page (Administration > Tenants), some columns were being sorted based only on the first digit of the number of events or jobs, instead of being sorted based on the entire number. SEG-107657/DS-62544
  • Deep Security Manager had high memory consumption when querying databases with a large number of security profiles. SEG-103097/SF04265571/DS-61490
  • Anti-Malware Real-Time Scan Configuration policies sometimes did not reset to their inherited value properly. DS-63835
  • System event messages sometimes contained information referencing the wrong operating system. SF04443281/SEG-111629/DS-64089

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-63110/DS-61049

Highest CVSS: 5.8

Highest severity: Low

Deep Security Manager - 20.0.414 (20 LTS Update 2021-05-24)

Release date: May 24, 2021

Build number: 20.0.414

Enhancement

  • Updated Deep Security Manager to enhance the Identified Files download mechanism, including the ability to download from agent-initiated Deep Security Agents, and a new "File Status" field on identified files to indicate download progress. DS-60741

Resolved issues

  • Under some configurations an internal error prevented users from generating a Deep Security Compliance / Best Practice Report.SF04154114/SEG-99975/DS-60897
  • An account permissions issue sometimes caused Trend Micro Vision One registration to fail or display the wrong status (under Administration > System Settings > Trend Micro Vision One). DS-61893
  • Deep Security Manager sometimes had connectivity issues preventing computers from importing properly and preventing Deep Security Relays from activating or deactivating. DS-58417
  • Deep Security Manager sometimes incorrectly prevented users with an Auditor role from viewing Firewall Rules (Policies > Rules > Firewall Rules). SF04220398/SEG-102016/DS-60847
  • Deep Security Manager links to Japanese language content failed to load in setups using an air gapped Online Help package (Administration > Updates > Local). 04442246/SEG-108814/DS-63080
  • Deep Security Manager sometimes stopped processing scheduled tasks if the database connection was unstable. DSSEG-6689/DS-62963

Deep Security Manager - 20.0.393 (20 LTS Update 2021-04-27)

Release date: April 27, 2021

Build number: 20.0.393

Enhancements

  • Updated Deep Security Manager to add a message to an event's description if the event is purged by one of the "Automatically delete Events older than" options (Administration > System Settings > Storage). DS-59349
  • Updated Deep Security Manager to increase the number of "Maximum TCP connections" (Computers > Computers > Details > Settings > Advanced) to 1000000 by default. DS-61032

Resolved issues

  • Deep Security Manager version upgrade sometimes failed when a key value contained special characters. SEG-99875/SF04106715/DS-60581
  • Anti-Malware Scheduled Scan was not working under some configurations. DS-54952
  • The Deep Security Manager console's load time was sometimes slower than normal when many policies existed and/or were assigned to roles. SEG-90429/SF03787758/DS-58871
  • The "Automatically delete Server Logs older than" setting (Administration > System Settings > Storage) appeared for tenants when it should have only appeared for the primary tenant. DS-58669
  • The "View Renewal Instructions" URL was broken in the License Properties menu (Administration > Licenses > View Details). SEG-104258/SF04308332/DS-61343
  • Deep Security Manager was sometimes unable to synchronize with AWS Connectors. SEG-102091/SF04198233/DSSEG-6726
  • Deep Security Manager was unable to validate credentials for some AWS connectors when their region data changed unexpectedly in the database. SEG-97924/DS-60541
  • Deep Security Manager was sometimes unable to access existing Real-Time Malware Scan Configurations (Policies > Common Objects > Other > Malware Scan Configurations). SEG-86700/SF03646616/DS-55577
  • A "Data Pruning" malfunction (Administration > System Settings > Storage) sometimes led to a large number of events, causing performance issues between the Deep Security Manager and database. SEG-97589/SF04073627/DS-61356
  • Deep Security Manager "System Event Reports" (Events & Reports > Generate Reports) were sometimes generated with data missing. DS-61752
  • Deep Security Manager was sometimes unable to generate a password protected "Single Report" or password protected "Scheduled Reports" (Events & Reports > Generate Reports). SEG-105241/SF04341549/DS-61718
  • Updating the password for an Azure Connector (Computers > Computers > right-click Azure Connector > Properties > Connection) sometimes didn't work, causing the account to lose its connection to Deep Security Manager. DS-60479
  • Deep Security Manager sometimes could not remove a vCenter Connector that had NSX installed. DS-61101
  • Deep Security Manager's "Anti-Malware Protection Status" widget (on the Dashboard) sometimes displayed incorrect information. SEG-103625/SF04271447/DS-61598
  • Application Control hours were not being calculated when generating a "Security Module Usage Cumulative Report" (Events & Reports > Generate Reports). SEG-100505/SF04174981/DS-60675

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-51780/DS-61318

Highest CVSS: 8.2

Highest severity: Medium

Deep Security Manager - 20.0.366 (20 LTS Update 2021-03-24)

Release date: March 24, 2021

Build number: 20.0.366

New Feature

Deploy Trend Micro Endpoint Basecamp for Trend Micro Vision One (XDR): After onboarding to Trend Micro Vision One (XDR), you can now select the checkbox for "Trend Micro Endpoint Basecamp Agent Deployment Script" (Support > Deployment Scripts) to automatically deploy it along with your Deep Security Agent on Linux or Windows platforms.

Enhancements

  • Updated Deep Security Manager to make error messages, and the action(s) required to troubleshoot them, clearer during Trend Micro Vision One (XDR) registration. DS-61057

Resolved issues

  • Deep Security Manager "System Event Reports" (Events & Reports > Generate Reports) sometimes had no data in the section for "Most Active Computers Ranked by Number of System Events." DS-28985
  • The "Malware scan Status" widget on the Dashboard sometimes displayed the wrong data. DS-57263
  • Deep Security Manager's "Security Updates Overview" (Administration > Updates > Security) sometimes showed "No Scheduled Task" even if there was one in Administration > Scheduled Tasks. SEG-97381/DS-60271
  • Entering certain terms in the Computers search field (in the Computers tab) would cause the search to fail and display an "Internal server error." SEG-98108/SF03976840/DS-60133
  • A user with "View-Only" privileges was able to make changes to Deep Security Manager's Application Control Ruleset actions. SEG-81133/03347924/DS-61041

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-61209/ VRTS-4382/03116764/DS-49429

Highest CVSS: 7.5

Highest severity: High

Deep Security Manager - 20.0.344 (20 LTS Update 2021-02-23)

Release date: February 23, 2021

Build number: 20.0.344

Enhancements

  • Updated Deep Security Manager's Anti-Malware default real-time scan exclusions to enhance performance. DS-55169
  • Updated Deep Security Manager UI to rename "Trend Micro XDR" as "Trend Micro Vision One." DS-60273
  • Updated Deep Security Manager to add deployment script support for CentOS 8 and RedHat 8. DS-60413
  • Updated Trend Micro Vision One tab "learn more" links to point to content based on the language of a user's locale (EN/JP). DS-60487
  • Updated the Deep Security Software page to fix some incorrect links. DS-60494
  • Updated Deep Security Manager to add "2 Days" as an option for the Inactive Agent Cleanup feature (Administration > Agents > Inactive Agent Cleanup). SEG-91358/SF03711833/DS-59591
  • Updated Deep Security Manager to improve vCenter connectivity when a Deep Security Agent's IP is unreachable, and when Manager-Initiated communication is enabled. DS-58526
  • Updated Deep Security Manager to add support for ports 32767-65535. SEG-98840/SF04119337/DS-60122
  • Updated the Deep Security Manager's XDR Basecamp (XBC) deployment script UI to provide a link to the latest platform support info on the online help center. DS-60206

Resolved issues

  • When a VM was managed through both the Computers > Add Active Directory and Add Azure Account options, issues with host updates and rehoming occurred. SEG-97266/SF03911224/DS-59853
  • Deep Security Manager's Anti-Malware Protection Status Widget (in the Dashboard tab) sometimes failed to display data. DS-48046
  • Deep Security Manager integration with an SAML identity provider sometimes failed if all roles didn't match the expected format. SEG-90158/SF03783432/DS-57687

Deep Security Manager - 20.0.321 (20 LTS Update 2021-01-26)

Release date: January 26, 2021

Build number: 20.0.321

Enhancements

  • Updated Deep Security Manager to display the correct deployment script when it is selected from the Platform drop-down menu (under Administration > System Settings > Trend Micro Vision One). DS-59825
  • Updated Deep Security Manager to support agentless mode for NSX-T on VMWare Cloud Director version 10.2 or later. DS-54044

Resolved issues

  • Running multiple "Check for Security Update" scheduled tasks at the same time sometimes resulted in updates being skipped. DS-59715

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-59917

Highest CVSS: 6.1

Highest severity: Medium

Deep Security Manager - 20.0.313 (20 LTS Update 2021-01-18)

Release date: January 18, 2021

Build number: 20.0.313

New Feature

Trend Micro Endpoint Basecamp Agent: Trend Micro Endpoint Basecamp (XBC) Agent integrates XDR tools and functionality into Deep Security, following Trend Micro Vision One onboarding. For more information see Integrate with Trend Micro Vision One (XDR) .

Enhancements

  • Updated vCenter to make changing an NSX Manager simpler by using the Remove NSX Manager button (Properties > NSX Manager) rather than editing the Manager Address: field. DS-58377
  • Updated the Deep Security Manager so that, by default, Trend Micro Vision One is enabled after the onboarding experience and after migrating to a paid license. DS-58788
  • Removed the News button from Deep Security Manager. For the latest news on product changes, see What's new? DS-58808
  • Aligned package naming for Deep Security Manager and Deep Security Agent on the Download Center. DS-56806
  • Updated Deep Security Manager to include the option to log Trend Micro Vision One issues (Administration > System Information > Diagnostic Logging...). DS-58533
  • Updated Deep Security Manager's "Default Real-Time Scan Configuration" (Computers > Details > Anti-Malware > General > Real-Time Scan > Malware Scan Configuration) to enable Behavior Monitoring and Predictive Machine Learning by default. Newer Deep Security Agents (Windows agent 20.0.0.1559 and higher, and Linux agent 20.0.0-1822 and higher) will have "Use custom actions" set to "Pass" by default, and will log Anti-Malware Events. Older agents will have Behavior Monitoring and Predictive Machine turned off if their Possible Malware “action to take” is set to "Pass." DS-59282
  • Updated the Deep Security Manager to make Trend Micro Vision One related settings and features consistent after the onboarding. DS-58788
  • Updated the Deep Security Manager to improve "Search Computer API" and "List Computer API" performance. DS-56722

Resolved issues

  • When the Deep Security Manager installer detected at least 16 GB of RAM on the operating system, it was not automatically allocating 8 GB of RAM to the Java Virtual Machine as is recommended for best performance. SEG-87319/03645194/DS-55701
  • The Deep Security Manager was unable to communicate with agents in some environments, causing agent offline issues. SEG-86783/SF03637359/DS-56400
  • Anti-Malware Scan scheduled tasks that timed out sometimes restarted instead of triggering a "Scheduled Task Skipped" event as expected. DS-59252
  • The Deep Security Manager console command used to set a preferred IP address for Deep Security Agents with multiple IPs was sometimes not working, causing some agents to be unable to connect. DS-58878
  • Deep Security Manager version update install was failing under some configurations. SEG-95357/SF03988405/DS-59222
  • Deep Security Manager installed an incorrect version of the relay in some cases. DS-59634
  • The Deep Security license check for Trend Micro Vision One registration was sometimes failing. DS-59645
  • After changing the settings for a policy (Policies > Details > Settings > General), the "Reset all settings to Inherent" button did not work for "Automatically send Policy changes to computers" or "Perform ongoing Recommendation Scans." DS-56830
  • Links were sometimes not clickable in the "Computer status" widget of the Dashboard tab, and for "Agent/Appliance Upgrade Recommended (New Version Available)" alerts opened in the List View of the Alerts tab. DS-57968

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-33781/DS-58415/DS-58917/DS-51741/DS-59636

Highest CVSS: 9.8

Highest severity: Critical

Deep Security Manager - 20.0.262 (20 LTS Update 2020-11-26)

Release date: November 26, 2020

Build number: 20.0.262

New Features

Integrate with Trend Micro Vision One: Trend Micro Vision One applies effective expert analytics and global threat intelligence using data collected across multiple vectors - email, endpoints, servers, cloud workloads, and networks. For more information, see Integrate with Trend Micro Vision One (XDR) .

Custom actions for Behavior Monitoring and Machine Learning: This release provides the ability to specify custom actions for Behavior Monitoring and Predictive Machine Learning.

Enhancements

  • The "Computer Description" field for Smart Folders can be used as a search criteria. SEG-85288/DS-55034

Resolved issues

  • In the Smart Folder Editor, the computer type was listed as "Undefined" instead of "Physical computers". DS-32765
  • On the vCenter connector properties page, when a user clicked Remove NSX Manager and then re-registered the NSX-T manager, the network-related features displayed Not supported (NSX license limited). DS-56411
  • An internal server error occurred when AWS was added to a Smart Folders sub-folder with the Version condition selected. DS-50785
  • When Log Inspection or Intrusion Prevention rules were added, the Web Application Firewall sometimes blocked the page. DS-56448

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-57603

Highest CVSS: 3.7

Highest severity: Low

Deep Security Manager 20.0.198 (20 LTS Update 2020-10-19)

Release date: October 19, 2020

Build number: 20.0.198

Enhancements

  • Enhanced the description of the "Activation Failed" event to specify why the event occurred. DS-29719

Resolved issues

  • If you installed standalone agents on VMware VMs, and then you subsequently added vCenter to Deep Security Manager, you would see duplicate computer records in the manager for one VM. DS-55316
  • The settings on Policies > Settings > Advanced could not be changed because the Inherited option could not be deselected. DS-56309
  • The Administration > Updates > Security page took a long time to load.

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DS-54102/DS-53674

Highest CVSS Score: 6.5

Highest severity: Medium

Deep Security Manager 20.0.174 (20 LTS Update 2020-09-16)

Release date: September 16, 2020

Build number: 20.0.174

New features

Improved management and quality

Agent Version Report: The Agent Version Report has been created in order for you to view a summary of how many agents are using a specific agent version, the percentage of total agents each version is using and an overview of how many agents are online and how many are offline, all of which are broken down based on the Deep Security Agent's platform (OS). To generate the report, go to Events & Reports > Generate Reports > Single Report > New > Agent Version Report.

Azure Government improvement: Azure Government resources can be added through the Deep Security Manager Azure connector (Computers > Add > Add Azure Account). For more information, see How do I protect Azure Government instances?.

Database encryption: The process of encrypting the communication between Deep Security Manager and your database has been simplified. For more information, see Encrypt communication between the Deep Security Manager and the database.

Enhancements

  • Reduced the time it takes to validate GCP service accounts when changing your GCP Account Properties configuration. Previously, this took a long time when there were a large number of auto-generated GCP projects. SEG-81743/SF03452889/DS-53515
  • Updated the pager numbers, phone numbers and mobile numbers listed on the User Properties window (click your email at the top of the console and select User Properties) so they can be configured to exceed more than 30 digits.
  • Updated the "My User Summary" widget on the console and the "User and Contact Report" (Events & Reports > Generate Reports > Single Report) to reflect the logins that have occurred in the last 30 days. SEG-81216/03407489/DSSEG-5897
  • Added support for VMware Cloud Director (vCloud) 10.1.1 (with NSX-V only).
  • Improved the "Scheduled report sending failed" error message by adding a more thorough description. For more information, see Troubleshoot: Scheduled report sending failed. SEG-77886/03221276/DS-54615
  • Updated the New Malware Scan Configuration Properties (Policies > Common Objects > Malware Scans > New) default settings to match the default settings for the Default Malware Scan Configuration Properties.

Resolved issues

  • The Computer Status widget on Deep Security Manager's dashboard did not display the correct number of managed computers. DS-53294
  • The Deep Security Agent trusted certificates were not automatically renewed. SEG-79146/SF03240076/DS-52488
  • The "AWS Contract License Exceeded" alert sometimes occurred even though the number of protected computers did not exceed the limit. SEG-82932/SF03491496/DSSEG-5974
  • Imported VMs in vClouds were unable to activate. SEG-75542/03189161/DS-53447
  • The console sometimes showed the incorrect Log Inspection status. /DS-54630
  • Some Intrusion Prevention rules were designed to operate exclusively in "Detect Only" mode, however you were able to change their behavior on the policy and computer pages. DS-54667
  • An incorrect number of overrides were displayed on Computer/Policy Editor > Overrides. SEG-83802/03513073/DS-54710
  • There was a rights issue with Scheduled Tasks that caused incorrect behaviors to occur when creating them. SEG-78610/SF03320936/DS-53292
  • The MasterAdmin could not create a scheduled task for all computers. DS-55522
  • The "Ransomware Event History" widget on the dashboard displayed incorrect information. DS-55494

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. ( DS-52678 /DS-21167 /DS-53059)

Highest CVSS Score: 7.0

Highest severity: High

Notices

Red Hat Enterprise Linux 5 and 6 are no longer supported platforms for Deep Security Manager. For a list of supported Deep Security Manager platforms, see Deep Security Manager requirements.

Deep Security Manager 20 (long-term support release)

Release date: July 30, 2020

Build number: 20.0.60

Action required if you use cross-account roles to add AWS accounts to Deep Security using the API /rest/cloudaccounts/aws

To better align with AWS best practices and improve AWS account security, we have made a change to the process of adding a new AWS account into Deep Security using cross-account roles. Previously, when using a cross-account role for authentication, Deep Security required two pieces of information: a role ARN, and an external ID trusted by the role. This has now changed to a new process where Deep Security provides the external ID, and requires that the role provided has included this external ID in its IAM trust policy. This change provides stronger security in shared Deep Security environments, and ensures that strong external IDs are always used. For details on the new process of adding cross-account roles using manager-generated external ID, see Add an AWS account using a cross-account role.

Action Required:

Switch your external ID to a manager-generated one: Update the external ID.

If you're using cross-account roles with the API /rest/cloudaccounts/aws, see Action required if you are using cross-account roles with the API /rest/cloudaccounts/aws.

New features

Updated platform support

  • Red Hat Enterprise Linux 8 (64-bit)
  • Windows Server 2019 (64-bit)
  • Oracle 18 database support
  • Oracle 19c database support
  • PostgreSQL 11 database support
  • SQL Server 2019 database support

Google Cloud Platform: Google Cloud Platform (GCP) has been integrated with Deep Security. You can now view new GCP instances that come online or are removed, and which instances have protection. If you are using multiple clouds on-premise and in your data center, Deep Security can provide visibility for all of your environments. This feature is available for VMs that have Deep Security Agent 12.0 or later installed. For details, see Add a Google Cloud Platform account.

End of Support for Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 6 is no longer a supported platform for Deep Security Manager. Please upgrade your operating system.

Improved Security

Continuous Anti-Malware protection for NSX-T environments: Deep Security Manager now sends guest VMs' Anti-Malware real-time configuration to all Deep Security Virtual Appliances that are under the same cluster. The effect is that the appliances can now maintain the protection of guest machines that use the Anti-Malware real-time feature during and after a vMotion migration from one ESXi host to another under the same cluster. This feature only applies to NSX-T environments.

Agent version control: Agent version control gives you and your security operations team control over the specific versions of the Deep Security Agent that can be used by features like deployment scripts and upgrade on activation. This provides increased control over the Deep Security Agent used in your environment. For more information, see Configure agent version control.

Improved management and quality

Differentiate between Red Hat and CentOS platforms: Deep Security Manager can distinguish between a Red Hat and CentOS platforms and operations.

Visibility, Protection, and Management on Google Cloud Platform (GCP)​:

  • VMs are organized into projects, which lets you easily see which GCP VMs are protected and which are not.​
  • Assign policies automatically based on the GCP Instance Labels, GCP Network Tags, and other instance attributes while auto-scaling up.
  • Group related GCP instances in Smart Folders based on the GCP instance labels, GCP network tags, and other instance attributes to simplify the management.

Automate Google and AWS accounts via REST API: As you move to more automated deployments, having APIs to perform common tasks becomes a greater requirement Deep Security provides REST APIs to allow you to automate the adding of both AWS and Google Cloud accounts into Deep Security.

Actionable recommendations for Anti-Malware issues: In order for you to understand what is happening in the Anti-Malware system, many Anti-Malware events have been updated to provide more details on why a cancellation or failure has occurred. These events can occur for manual, quick, or scheduled Anti-Malware scans.​ The enhanced detail is provided in the events with Deep Security Manager as well as provided through SIEM or AWS SNS.

Search Cloud Instance Metadata: Added the ability to do a simple search or advanced search for Cloud Instance Metadata on the Computers page. This allows you to easily find workloads with specific labels, network tags, and more.

Instance Metadata Service Version 2 (IMDSv2) support: IMDSv2 is supported in this release. For details, see How does Deep Security Agent use the Amazon Instance Metadata Service?

Upgrade on activation: Deep Security Manager now has options (Administration > System Settings > Agents > Automatically upgrade Linux/Windows agents on activation) that enable you to automatically upgrade the Deep Security Agent on Linux and Windows computers to the version specified in Administration > System Settings > Updates > Software > Agent Version Control when the agent is activated or reactivated. For details, refer to Automatically upgrade agents on activation.

Enhanced visibility of scheduled scan tasks and event based tasks: Scheduled scan tasks and event-based tasks have been improved by providing scan visibility as well as specific reasons for each uncompleted Anti-Malware scan and recommended actions to resolve the scan.

Reporting improvements to allow chargeback to cloud accounts: The Security Module Usage Report now includes the Cloud Account ID (AWS Account ID, Azure Subscription ID or GCP Project ID) for protected instances.

Multiple vCenters: You can add multiple vCenters in the Deep Security Manager, and associate them to the same NSX-T Data Center. An overwrite warning message is displayed if you are using NSX Data Center for vSphere (NSX-V), which does not support the use of multiple vCenters, or if the NSX-T Manager has being registered with another Deep Security Manager cluster.

Enhancements

UI improvements:

  • Added file hash values to Anti-Malware events that are exported to CSV (Events & Reports > Anti-Malware Export > Export to CSV). SEG-61890/SF02510024/DS-53441</p>
  • Updated the descriptions related to memory on the System Information page so they're more accurate and easier to understand.
  • Improved the description of Behavior Monitoring events by including the reason the event occurred.
  • Added a GCP Network Tag column to the Computers tab.
  • Added GCP information such as Instance ID, Labels, Network tags, and more, to Computer Editor > Overview > General.
  • Added the Cloud Instance Metadata field to the Computers page.
  • Added a progress bar to Administration > User Management > Roles > New > Computer Rights > Selected Computers to indicate the status of the computers list that's loading.
  • If there are a lot of agent events in a single heartbeat, they will be split into multiple "Event Retrieved" events.
  • Enhanced the Relay management experience by providing possible solutions for the "Empty Relay Group Assigned" alert in the alert's description and removing the relay count for tenants that are using the Primary Tenant Relay Group.
  • Added "Database Type" and "Database Server" columns to Administration > Tenants.
  • Added the "Kernel Unsupported" system event to indicate if your computer has been upgraded to an unsupported kernel.
  • Added a reason ID for the "Manual Malware Scan Cancellation complete" system event. The reason ID is displayed in REST API calls, SNS information and SIEM information.
  • Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager.
  • Added the Validate the signature on the agent installer checkbox on Support > Deployment Scripts. For more information, see Check digital signatures on software packages.
  • Improved the "License Changed" event description by specifying if the plan ID is for Azure Marketplace billing.
  • Renamed the Service Token setting to Data Source GUID on Administration > System Settings > Managed Detection and Response.
  • Added a "Agent GUID" column to the Computers page so you can search computers by the Agent GUID.
  • Included a search bar under Administration > Updates > Software > Local.
  • When creating a smart folder, you can now select "Version" as the filter criteria to filter computers based on their Agent version.
  • Added the ability to hide all empty AWS regions, VPCs, subnets, and directories, reducing clutter and increasing load speed on the Computers page.
  • Aggregated identical agent events in a single heartbeat under a single event.
  • Modernized the Policies > Lists > Port Lists page.
  • When creating a smart folder, you can now select "Task(s)" as the filter criteria, which filters for values displayed in the "Task(s)" column on the Computers page. For example, you could create a smart folder that lists all computers that contain "Scheduled Malware Scan Pending (Offline)" as the task. Additionally, if you are using the Deep Security API to search for computers, you can now search on the value of the tasks/agentTasks and tasks/applianceTasks fields.
  • Deep Security Manager now prevents you from importing duplicate Trusted Certificates.
  • Redesigned the Computers > Add Account synchronization scheduling to handle many more connectors per tenant, reduce idle thread time, and sync connectors with invalid credentials less frequently.
  • By default, the "My User Summary" widget on the Dashboard only displays information about sign-ins that have occurred within the last 24 hours.
  • You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents> Data Privacy and selecting No.
  • Deep Security Manager diagnostic packages have the ability to be encrypted. To encrypt your package and logs, go to Administration > Create Diagnostic Package > Enable AES 256 encryption and enter a password. Encrypted zips cannot be extracted using the default ZIP extraction tool available in Windows, it needs to be extracted by 3rd party tools like 7Zip, WinZip etc.
  • Redacted potentially sensitive information from the diagnostic packages and logs.

Event-based tasks:

  • Improved the capability of event-based tasks by adding support for GCP security automation with account name, labels, network tags and more in the task conditions.
  • Introduced "Cloud Vendor" in the event-based tasks conditions in order to limit a task's scope for a specific public vendor (for example, AWS or GCP).

Commands:

  • Added the following command:
  • dsm_c -action changesetting -name com.trendmicro.ds.antimalware:settings.configuration.maxSelfExtractRTScanSizeMB -value 512

    When Deep Security Agent could not determine the type of the target file, the scan engine loaded the file to memory to identify if it was a self-extract file. If there were many of these large files, the scan engine consumed lots of memory. Using the command above, the file-size limitation is set to 512MB for loading target files. When the file-size exceeds the set limitation, the scan engine will skip this process and scan the file directly.

    To implement this enhancement:

    1. Run the command in Deep Security Manager to change the value in the database.
    2. Send the policy to your target Deep Security Agent to deploy the setting.
  • Added the ability for the Deep Security Administrator to hide unresolved recommendation scan results from the Intrusion Prevention, Integrity Monitoring and Log Inspection tab in the policy pages. To hide the unresolved recommendation scan results, use the following commands
  • Intrusion Prevention:

    dsm_c -action changesetting -name com.trendmicro.ds.network:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false

    Integrity Monitoring:

    dsm_c -action changesetting -name com.trendmicro.ds.integrity:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false

    Log Inspection:

    dsm_c -action changesetting -name com.trendmicro.ds.loginspection:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false

Enhanced scheduled tasks:

  • Task enabled has been renamed to Enable task on the last screen of the Create Scheduled Task wizard
  • Synchronize cloud account now indicates it only supports vCloud and Azure connectors
  • Computer/group selection details now display in list view for Anti-Malware scans and Intrusion Prevention tasks

Virtual Appliance:

  • Added the ability to auto-activate guest VMs protected by the Deep Security Virtual Appliance in an NSX-T environment.
  • Added the "VMware NSX Policy Configuration Conflict" system event. This event is generated when Deep Security Manager detects that a NSX-T group is configured with different security policies for Endpoint Protection and Network Introspection (E-W).
  • Updated Deep Security Manager to allow vCloud accounts to be added even if the virtual machine hardware information is missing.
  • When you upgrade the Deep Security Virtual Appliance SVM in NSX-T Manager, Deep Security Manager will now detect that a new SVM is now protecting guest VMs, and will auto-activate those VMs after the upgrade.
  • Upgraded the vCloud Connector in Deep Security Manager supports vCloud 9.7 and vCloud 10.0.
  • Added the ability to sync Deep Security Manager policies to NSX-T environments.
  • Improved the experience when deleting vCenter Connectors with NSX-T Manager. Previously, you had to manually remove the NSX-T component as a service profile, endpoint rules and service deployments, or the vCenter deletion would fail.
  • Deep Security Manager can now connect to NSX-T Data Center using LDAP account credentials. Previously, only local NSX-T account credentials could be used.

Other:

  • When Anti-Malware actions fail, the results will be displayed in the Syslog result field.

Resolved issues

  • When the Hide Unlicensed modules option was selected on Administration > User Management > Users > customer's current account > Settings, all of the modules were hidden. SEG-77037/03228448/DS-51202
  • When the Alert on any Computer action was selected for Intrusion Prevention, Firewall, Integrity Monitoring or Log Inspection rules, the computers were not automatically updated with the new policy. SEG-66986/SF02684105/DSSEG-5201
  • Sometimes, you couldn't edit a smart folder. SEG-74078/SF03120830/DSSEG-5450
  • When the Alert on any Computer action was selected for Intrusion Prevention, Firewall, Integrity Monitoring or Log Inspection rules, the computers were not automatically updated with the new policy. DS-50216/SEG-77260
  • Anti-Malware events that were marked as "Pass" were not properly counted on the dashboard or under Anti-Malware events. DS-49364/SEG-70872
  • When an agent activated with no AWS metadata but then provided it on a later heartbeat, the cloud provider was not updated, which caused the computer to never be rehomed properly. DS-50713/SEG-77150
  • When you did an advanced search on the Computers page for Status Light > Equals > Managed [Green], then selected Export to CSV, the CSV file did not contain the listed computers. DS-49936/SEG-74140
  • Azure accounts could not be added in Azure Government regions because the login endpoint was changed. This only applies to Azure Marketplace deployments. DS-52399
  • For tenants, the Security Module Usage Report was only visible if you had access to the default "Full Access" role. (SEG-70494/SF02940195/DS-47492)
  • The sign-up page did not render properly in Internet Explorer. (SEG-73072/SF03075345/DS-48944)
  • When several emails with large bodies were queued, they were loaded all at once instead of in batches, which caused a large amount of memory to be used. (SEG-71863/SF03024164/DS-49833)
  • When the "Untagged" filter was selected on the dashboard, some widgets continued to display tagged items. (SEG-63290/SF02585007/DS-43795)
  • Tenants in a multi-tenant setup could move their relays to the primary tenant relay group. This would cause the relays to disappear from their 'Relay Management' page. Tenants are now prevented from moving their relays to the primary tenant relay group. (SEG-57715/02322762/DS-47509)
  • Performance issues occurred when there were 1,000s of requests to download the same SVG file because the file wasn't cached. (SEG-64280/DS-45002)
  • AIA hosts with the same Virtual UUID fail when "Activate a new Computer with the same name" was selected. (SEG-66346/02725330/DS-45423)
  • In some multi-tenant environments, you could not log in as a tenant. For more information, see https://success.trendmicro.com/solution/000238704. (SF02873892/SEG-68674/DS-46391)
  • When Integrity Monitoring was enabled but Anti-Malware was turned off, a warning message would appear indicating "Security Update: Pattern Update on Agents/Appliance Failed". (SEG-68454/SEG-67859/DS-32205)
  • In the Malware Scan configurations window, the content of the Advanced tab was displayed in the General tab. (SEG-64701/SF02657864/DS-44176)
  • Deep Security Manager had issues loading the computers trees on some pages when there were a lot of computers and folders. (SEG-58089/SF02345427/DS-44424)
  • AWS connectors sometimes failed to synchronize. (SEG-66472/DS-45029)
  • The column names in the CSV output of the "Security Module Usage Report" were partially misaligned with the data columns.(SEG-66717/SF02619240/DS-45130)
  • In the Malware Scan Configuration window (Computers/Policies > Anti-Malware > General > Manual Scan > Edit > Advanced and select Scan Compressed File) the Maximum number of files to extract setting could not be set to 0, meaning unlimited. (SEG-65997/02685854/DS-45081)
  • Deep Security Manager with PostgreSQL sometimes stopped forwarding events to AWS SNS. (SEG-67362/SF02798561/DS-45594)
  • When Deep Security Manager was deployed in an environment with a large number of hosts and protection rules, the manager would sometimes load data for all hosts, even if the user only requested data from some of the hosts. (SF02552257/SEG-62563/DS-43188)
  • When booting up, Deep Security Manager validates the database schema of the events tables. Logs always said that the schema was updated, even if no update was actually required. (DS-43196)
  • Active Directory synchronization sometimes would not finish. (SEG-52485/DS-38203)
  • When a custom Anti-Evasion posture was selected in a parent policy (in the policy editor Settings > Advanced > Network Engine Settings > Anti-Evasion Posture > select 'Custom'), that setting did not appear in the child policies. (SF02434648/SEG-60410/DS-41597)
  • On Linux systems, the default maximum number of the concurrent opened files did not meet Deep Security Manager's needs, resulting in the manager failing to acquire file handles. As a result, features in Deep Security Manager failed randomly and a "Too many open files" message appeared in logs. (SEG-59895/DS-43192)
  • The "Activity Overview" widget sometime displayed the incorrect database size. (SF02449882/SEG-63362/DS-43946)
  • When sorting the "Alert Configuration" page by the "ON" column, the number of alerts was sometimes incorrect. (SF02578797/SEG-63560/DS-43685)
  • Certain smart folder search criteria caused an IllegalStateException error. (SF02436019/SEG-60330/DS-41369)
  • The memory usage percentage display on the "Manager Node Status" dashboard widget did not match the last recorded system memory usage percentage. (SF02218013/SEG-55761/DS-39149)
  • In Deep Security Manager, under Policies > Intrusion Prevention Rules > Application Types > (select DNS client) > Properties > General, the Port setting would change to "Any" after any updates to the port list. (SEG-55634/DS-39444)
  • Reconnaissance alerts could not be disabled because the option was not available. (SEG-49907/DS-35122)
  • Some Azure Virtual Machine types categorized incorrectly. (SF01885266/SEG-48561/DS-33951)
  • Users of AWS Marketplace metered-billing would see an error reported in system events when the billing job was processed. (SF1899351/SEG-48580/DS-33955)
  • Integrity Monitoring detailed change and recommendation reports was not running against smart folders. (SF2056260/SEG-51781/DS-35886)
  • When the Computers page was grouped by status, it sometimes didn't display the correct total number of computers for each group. (SF01655622/SEG-44858/DS-37769)
  • When Deep Security Manager was connected to both a case-sensitive Microsoft SQL database and VMware NSX, the Deep Security Manager upgrade readiness check would sometimes fail and block the upgrade. (SF02060051/SEG-52044/DS-38405)
  • Scheduled task scans could be initiated by a user for computer groups that they do not have access to in their roles, which caused an error to occur. (SF02119582/SEG-53275/DS-38892)
  • Deep Security Agent sometimes went offline when duplicate virtual UUIDs were stored in the database. (SF01722554/SEG-41425/DS-39272)
  • False alerts regarding the license expiration were occasionally raised. (SF01484611/SEG-41437/DS-33831)
  • Using a local key secret containing the $ symbol stopped the upgrade or fresh install of Deep Security Manager. (SF02013831/SEG-57243/DS-39526)
  • Deep Security used an open source library called SIGAR that is no longer maintained or supported. This can cause applications to crash and other unintended issues in the future. (SF02184158/SEG-54629/DS-39394)
  • When an invalid or unresolvable SNMP server name was configured in Administration > System Settings > Event Forwarding > SNMP, it caused SIEM & SNS to also fail. (SF02339427/SEG-57996/DS-39865)
  • Forwarding events "via Deep Security Manager" with SIEM event forwarding would not work if the Deep Security Manager hostname was not obtained through DNS resolution. (SEG-50655/DS-37374)
  • The events exported via AWS SNS did not contain the HostOwnerID, which corresponds to the AWS Account ID. (SF02420860/SEG-59870/DS-41089)
  • In the computer or policy editor in Deep Security Manager, under Anti-Malware > General > Real-Time Scan > Schedule > Edit, the Assigned To tab was sometimes empty, even when the schedule was assigned correctly to computers and policies. (SF02374723/SEG-58761/DS-41036)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. (DS-45446/DS-44955/DS-43627/DS-28754/DS-32322/DS-33833/DS-26068)

Highest CVSS score: 9.8

Highest Severity: Critical

  • Updated the JRE to the latest Java Update (8.0.241/8.43.0.6).
  • Updated third-party libraries used by Deep Security Manager. (DS-24214)
  • Upgraded Apache Tomcat to 8.5.53. (VRTS-4652)

Known issues

  • If you are using an Oracle database, this upgrade will take longer than usual due to a database schema change. For more information about Deep Security Manager upgrades, see Upgrade Deep Security Manager.
  • When a new Deep Security Virtual Appliance is deployed, the VM name is displayed as "Trend Micro_Custom - <version>", if you're using a local web server to store the Deep Security Virtual Appliance software package. This has no effect on the integrity of the appliance.
  • Due to issues discovered during internal testing with SQL 2008 we will now be blocking upgrades to Deep Security feature release when SQL 2008 is the Deep Security Manager database. Microsoft SQL Server 2008 is no longer supported by Microsoft and therefore is no longer being tested and supported for use as a database for the latest releases of Deep Security Manager. For more information from Microsoft please see End of support for SQL Server 2008 and SQL Server 2008 R2. For the full list of databases supported for use with Deep Security Manager please see Deep Security Manager requirements system requirements. (DS-36715)