What's new in Deep Security Manager?
Deep Security Manager - 20.0.993 (20 LTS Update 2024-11-13)
Release date: November 13, 2024
Build number: 20.0.993
New Features
Application Control support on Windows 10 and Windows 11: Deep Security Manager 20.0.993 and later now supports Application Control on Windows 10 and Windows 11. DSM-819
Enhancements
- Reduction in the recommendation scan elapsed time and memory usage. PCT-42518/DSM-896
- Custom input field to make troubleshooting more efficient. DSM-796
- Improved error message on the Trend Vision One Enrollment Token dialog. This message is displayed when the user enters an invalid token. DSM-731
- Recommendation scan does not run when the security module is disabled. PCT-11993/PCT-36524/DSM-464
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DSM-879
Highest Common Vulnerability Scoring System (CVSS) score: 5.9
Highest severity: Medium
Deep Security Manager - 20.0.979 (20 LTS Update 2024-10-16)
Release date: October 16, 2024
Build number: 20.0.979
New Features
Red Hat Enterprise 9 (PowerPC little-endian) support: Deep Security Manager 20.0.979 or later now supports Red Hat Enterprise 9 (PowerPC little-endian).
Enhancements
- Deep Security Manager now supports SAML single sign-on (SSO) when FIPS mode is enabled. PCT-17482/DSM-428
Resolved issues
- If using a vCenter connector without NSX-v/T deployed, the Deep Security Manager logs would fail to record when Deep Security Manager checked for Deep Security Virtual Appliance versions. DSM-822
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DSM-754
Highest Common Vulnerability Scoring System (CVSS) score: 5.3
Highest severity: Low
Deep Security Manager - 20.0.967 (20 LTS Update 2024-09-18)
Release date: September 18, 2024
Build number: 20.0.967
Enhancements
- Deep Security Manager performance profiles now have a new Higher Capacity option. PCT-1686/PCT-5853/PCT-6181/PCT-7244/PCT-15098/PCT-16008/PCT-18026/DSM-525
- The SAP Scanner status now provides more information and was moved next to the status of the other protection modules. DSM-572
- Improved some error messages to be more informative. DSM-788
Resolved issues
- AWS connectors were missing the AWS GovCloud region as an option in Deep Security Manager 20.0.904 which would cause synchronization issues. PCT-26434/PCT-29880/PCT-30450/DSM-626
- The Support button link in the Deep Security Manager VM for Azure Marketplace console led to a 404 Page Not Found error. The Support button now links to Trend Bussiness Success Portal - Deep Security. DSM-801
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DSM-735/DSM-741
Highest Common Vulnerability Scoring System (CVSS) score: 5.8
Highest severity: Low
Deep Security Manager - 20.0.954 (20 LTS Update 2024-08-21)
Release date: August 21, 2024
Build number: 20.0.954
New Features
User mode solution: User mode can now be enabled from the Deep Security Manager UI to provide event generation and protection through basic functions for Anti-Malware on systems that lack kernel support.
Enhancements
- The path property for Application Control Trust Entities rules can now use wildcards in a Universal Naming Convention (UNC) path without requiring a drive letter. SF06976162/SEG-189907/WS-4290
- Application Control Trust Entities rules now include User and Group property options. WS-2626
- In the Deep Security Manager console for AWS and Azure marketplace, the Contact Support button (Support > Contact Support), which linked to the retired legacy support system, has been removed. To create a support case, please visit https://success.trendmicro.com/en-US/product/?name=deep-security. DSM-769
- The Application Control Software Changes page (Actions) now includes software change attributes or signer information for Signer Name, Issuer Common Name, Issuer Organizational Unit, Issuer Organization, Issuer Locality, Vendor, Product Name, Process Name, Install Path, and File Path. DSM-662
- Service Gateway can now be configured (from Administration > System Settings > Proxies > Proxy Server Use) as a proxy for Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing). DSM-518
Resolved issues
- Updating Deep Security Agent sometimes caused Application Control software change events. SF07441007/PCT-9653/PCT-16914/WS-6246
- Application Control events generated by Trust Entities would display "None" in the RULESET column (Events & Reports > Application Control Events) even if they were associated with a ruleset. DSM-779
- The Kernel Support Package (KSP) was unexpectedly deleted on some systems. SF08057187/PCT-30396/PCT-36420/DSM-718
- Deep Security Manager sometimes became unresponsive and some Deep Security Agent upgrades would hang. PCT-11707/DSM-492
Deep Security Manager - 20.0.940 (20 LTS Update 2024-07-17)
Release date: July 17, 2024
Build number: 20.0.940
New Features
Trend Vision One integration enhancement: Intrusion Prevention System rules applied in Deep Security Manager can now be sent to Trend Vision One - Server & Workload Protection.
Trend Vision One migration tool: A tool is now available to help migrate from Deep Security Manager to Trend Vision One Endpoint Security - Server & Workload Protection.
Enhancements
- Deep Security Manager now supports PostgreSQL 15 & 16, AWS Aurora PostgreSQL 15 & 16, and AWS RDS PostgreSQL 15 & 16. PCT-5186/PCT-32769/DSM-144
Resolved issues
- Using Remote Desktop Protocol failed on some Windows Server 2022 systems. DSM-695
- Migrating on-premise policies or Deep Security Agents to Trend Vision One Endpoint Security using the migration tool resulted an
Invalid 'expires' attribute
entry in theserver0.log
file. This did not impact migration. DSM-657
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-11981/DSM-517
Highest Common Vulnerability Scoring System (CVSS) score: 9.8
Highest severity: Critical
Deep Security Manager - 20.0.926 (20 LTS Update 2024-06-19
Release date: June 19, 2024
Build number: 20.0.926
Enhancements
- Custom actions can now be configured for Process Memory Scan. Process Memory Scan applies to real-time, on-demand and manual scans. This requires Deep Security Agent version 20.0.1-12510 or later. DSM-539/DSM-656
- The event level for agent events 1005: Upgrading Driver and 1007: Driver Upgrade Succeeded was changed from Warning to Info. DSM-440
Resolved issues
- Deep Security Virtual Appliances would sometimes not show as upgradable, despite seeing agent upgrade recommended alerts for them in the management console. PCT-23179/PCT-27324/DSM-589
- When applying a new DSRU version, then rolling it back without restarting the DSM service, recommendation scan would incorrectly continue to use the new version. DSM-577
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-11810/VRTS-12278/DSM-483/DSM-568
Highest Common Vulnerability Scoring System (CVSS) score: 7
Highest severity: High
Deep Security Manager - 20.0.913 (20 LTS Update 2024-05-15)
Release date: May 15, 2024
Build number: 20.0.913
Enhancements
-
Advanced TLS Traffic Inspection configuration now has separate settings for inspecting inbound and outbound traffic. DSM-190Note: Enabling outbound traffic inspection requires additional configuration steps on the agent side.
- Deep Security Manager now supports configuring a Service Gateway proxy from the Trend Cloud One - Endpoint & Workload Security migration wizard. Using a Service Gateway proxy is only supported when all deployed Deep Security Agents are version 20.0.1-3180 or later. PCT-12854/DSM-367
- The "hostName" field now shows the device hostname when retrieving Service Gateway proxy information using the ProxyAPI. A new "ips" field is added to provide the device IP address information. DSM-533
Resolved issues
- When a proxy was configured in policy, creating a new tenant template would cause Internal Server errors. Proxy settings were removed from policies when creating a new tenant template. PCT-4709/DSM-306
- Trend Vision One returned a HTTP 400 error when Deep Security Manager sent a request to update the certificate. DSM-593
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-12054/PCT-25774/DSM-161/DSM-519
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.904 (20 LTS Update 2024-04-17)
Release date: April 17, 2024
Build number: 20.0.904
New Features
Cross-account AWS role registration: Seed region and Security Token Service (STS) endpoint selection can now be done using the AWS connector wizard and AWS account properties page in Deep Security Manager.
Enhancements
- Deep Security Manager now supports Oracle Database 23c. DSM-366
- Changed the Migration API default timeout for Cloud One Endpoint & Workload Security to 60 seconds. The previous default was 10 seconds, which sometimes led to timeout before agents were transferred from Deep Security Manager. The timeout can be set between 10 and 1200 seconds (20 minutes) using the
settings.configuration.defaultWorkloadSecurityMigrationApiTimeout
. PCT-21902/PCT-22361/PCT-22860/PCT-22249/DSM-579 - Updated third-party licenses for Deep Security Manager. DSM-564
- Improved Azure connector performance for some system configurations. DSM-472
Resolved issues
- Changes to the Deep Security Virtual Appliance OVF file's IP address (Computer > Properties > NSX Configuration > General) sometimes failed to be applied. PCT-20529/PCT-23331/DSM-545
- The public IP and network security group were not being displayed in the virtual machine summary for some Azure VM configurations. DSM-459
- Database connection issues sometimes caused Deep Security Manager to delete in-use Deep Security Agent installers. SEG-188888/PCT-7221/PCT-15200/DSM-348
- Deep Security Manager's console displayed Windows 10 Enterprise multi-session as "Windows Server 2019" when it should have displayed the platform as "Windows 10." SEG-131712/DS-69474/DSM-326
Deep Security Manager - 20.0.893 (20 LTS Update 2024-03-20)
Release date: March 20, 2024
Build number: 20.0.893
Enhancements
- Anti-Malware Manual Scan can now be configured from a policy on Deep Security Manager for Linux platforms. DSM-433
Resolved issues
- Event Forwarding conditions
StringLike
andStringNotLike
did not work for JSON formatted on multiple lines for aDescription
. SF07518120/PCT-12618/DSM-448 - Deep Security Manager sometimes displayed a Trend Micro Adversary Tactics and Techniques Detection pattern version (Administration > Updates > Security > Patterns) before it was available from the Trend Micro Update Server. DSM-439
Deep Security Manager - 20.0.883 (20 LTS Update 2024-02-21)
Release date: February 21, 2024
Build number: 20.0.883
New Features
- Deep Security Manager now supports dynamic updates of the XDR Device ID of the Trend Micro Endpoint Basecamp. DSM-250
Enhancements
- The Web Reputation Service backend query now uses port 443 by default for new installations and new tenants. PCT-10486/DSM-445
- In the Anti-Malware configuration, the default values for Predictive Machine Learning and Windows Antimalware Scan Interface (AMSI) settings are now marked as recommended. PCT-3844/DSM-301
Resolved issues
- Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes failed when Firewall, Web Reputation Service, or Intrusion Prevention System were enabled for Deep Security Manager. DSM-473
Deep Security Manager - 20.0.879 (20 LTS Update 2024-01-17)
Release date: January 17, 2024
Build number: 20.0.879
New Features
- Deep Security Manager now allows changing the IP address or fully qualified domain name (FQDN) for the NSX Manager. DSM-83/DSM-405
Enhancements
- The Tomcat version was updated in Deep Security Manager. DSM-431/DSM-160
- A number of URLs on a verge of becoming invalid were updated on the Deep Security Manager Support website. DSM-352
- Deep Security Manager copyright information was updated to year 2024. DSM-133
- A dedicated banner is now displayed within Deep Security Manager to notify the users of Deep Security Virtual Appliance about the Deep Security Virtual Appliance EOL status. DS-76857/DSM-131
- Security updates for VRTS-10045, VRTS-10068, VRTS-10070. DSM-133
- Deep Security Manager copyright information was updated to year 2024. DSM-133
- Deep Security Manager can now force the removal of the service reference ID when the VMware vCenter connector is removed. This service reference ID is automatically created by VMware NSX-T to bind the Trend Micro service with the security profile. SEG-160298/DSM-49
- The out-of-date computer status is now representd by three separate statuses: Out of Date (Anti-Malware Configuration Off), Out of Date (Anti-Malware Offline), and Out of Date (Agent Offline). This directly affects the functionality of the security pattern status widget, ensuring that the Out-of-Date Advanced Search results do not include Deep Security Agents with the statuses Agent Offline, Anti-Malware Configuration Off, and Anti-Malware Offline. DSM-135
Resolved issues
- Azure Connector experienced synchronization issue for Azure Virtual Machine Scale Sets with Flexible orchestration mode. DSM-436
- Apex Central did not have the information and therefore could not forward it to syslog or display in its log view due to the MCP content not being updated to include the FileSHA1 of an infected file. SEG-192045/PCT-6042/DSM-435
- The value of the behaviorMonitoringEnabled property in the Antimalware Configuration API was missing, resulting in a disconnect between the UI and API. PCT-5360/DSM-411
Known issues
- Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes fails when Firewall, Web Reputation Service, or Intrusion Prevention System are enabled for Deep Security Manager. DSM-473
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DSM-402
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.864 (20 LTS Update 2023-12-12)
Release date: December 12, 2023
Build number: 20.0.864
Enhancements
- Updated the Deep Security Manager UI to reflect Microsoft's product name change: Azure Active Directory is now Microsoft Entra ID. DSM-214
- Deep Security Manager reports (Events & Reports > Generate Reports) can now be generated using custom classifications by selecting CUSTOM from the classification list and filling in the name field. SF06301702/SEG-167348/DS-76507/DSM-8
- Deep Security Manager now limits Deep Security Virtual Appliance agent software upgrades to 20.0.0 versions. Note that 20.0.1 agent versions are not supported. DSM-311
- Upgrading Deep Security Agent for a limited support platform using the Use Latest Version for an Agent option (Computers > Details > Action > Upgrade Agent Software) now provides a warning that 20.0.1 agent versions are not supported for that platform. DSM-342/DSM-343/DSM-344
Resolved issues
- After upgrading to Deep Security Manager 20.0.797, the Deep Security Component Summary widget display was blank in the Apex Central console. DSM-236
- Overrides for Application Control Trust Entities settings were not being removed after using Remove or Remove All (from Computer or Policy > Overrides). DSM-120
- SAP scans generated Get Events Failed errors when Alert for all rules (Regardless of rule settings) was enabled (Alerts > Alert Configuration > Anti-Malware Alert > Alert Information > Options). SF05087843/SEG-173393/DS-77098/DSM-28
- Deep Security Manager API searches using the
greater than
parameter sometimes returned incorrect results. DSM-325 - The Schedule Agent Upgrade screen sometimes displayed incorrect agent versions until Deep Security Manager was restarted. DSM-329
Known issues
- Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes fails when Firewall, Web Reputation Service, or Intrusion Prevention System are enabled for Deep Security Manager. DSM-473
Deep Security Manager - 20.0.854 (20 LTS Update 2023-11-15)
Release date: November 15, 2023
Build number: 20.0.854
New Features
- Deep Security Manager now supports strong cipher suites when FIPS mode is enabled. DSM-211
Enhancements
- Deep Security Manager now supports the 20.0.1 Deep Security Agent versioning revision planned for January 2024. DSM-121
Resolved issues
- Using an Intrusion Prevention event containing a long note triggered an error with a message "Get Events Failed (Internal Server Error)". DSM-327
- The HostName lookup got stuck in some environments where the DNS setting was incomplete. DSM-307
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-11238/DSM-290
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Known issues
- Upgrading to Deep Security Agent 20.0.0-7943, 20.0.0-8137, 20.0.0-8268, or 20.0.0-8438 sometimes fails when Firewall, Web Reputation Service, or Intrusion Prevention System are enabled for Deep Security Manager. DSM-473
Deep Security Manager - 20.0.844 (20 LTS Update 2023-10-18)
Release date: October 18, 2023
Build number: 20.0.844
New Features
- Deep Security Manager now allows users to configure the agent Manual Scan from policy. DSM-16
Enhancements
-
In Events & Reports, the advanced search can now filter Intrusion Prevention events by "Flow" value.
The "Flow" field is now added to Intrusion Prevention syslog events. SF06798790/SEG-177960/DS-77724/DSM-9 - Application Control global block by hash rules can now be configured using a MD5 or SHA-1 file hash. (Previously, only SHA-256 could be used.) SEG-108464/DS-74144/DSM-18
- Application Control Trust Entities rules that use the process name property can now be configured using wildcards in the Deep Security Manager UI. DS-75316/DSM-18
- Trust Entities process name properties can now use Universal Naming Convention (UNC) paths to files or peripheral devices on a local area network. DS-77133/DSM-18
- Trust Entities "Allow by target" rules can now use the process name property. DS-77364/DSM-18
Resolved issues
- When configuring Role Properties, applying changes to the "Clear Warnings/Errors for" permission under the Computer Rights tab displayed the incorrect result in the console. DSM-195
- Application Control shared rulesets sometimes triggered policy updates to systems that did not support Application Control. DS-76766/DSM-18
- Software auto-authorized on agents by a Trust Entities rule are no longer automatically added to the shared rulesets. This will prevent software from remaining authorized if the corresponding trust entities rule is no longer applied. DS-74855/DSM-18
Known issues
- Deep Security Notifier may fail to start when deployed as an Anti-Malware Protected Process Light (AM-PPL) in Windows. As a workaround, deploying the Notifier as an AM-PPL has been disabled by default. See Deep Security Notifier service is unable to start or stop. DSM-297
Deep Security Manager - 20.0.833 (20 LTS Update 2023-09-20)
Release date: September 20, 2023
Build number: 20.0.833
Enhancements
- The permission to clear warnings and errors "canClearWarningsAndErrors" can now be granted separately to roles. SF06516228/SEG-168657/DS-77463
- Changed the error message displayed when a user that doesn't have the necessary permissions tries to edit Device Control settings. SEG-180964/C1WS-14961/DSM-56
-
Some default values for Real Time Anti-Malware configuration have changed: DS-77469/C1WS-13588/DSM-36
- Predictive Machine Learning: Pass > Quarantine
- Windows Antimalware Scan Interface (AMSI): Pass > Terminate
- When creating a Smart Folder, vCenter Power State is now a Computer Property option. DSM-6/DS-77643
- Smart Folder Computer Property options are now sorted in alphabetical order. DSM-6/DS-77643
Resolved issues
- In the web console, AIX 7.3 agents did not display the OS version in the Platform field. DS-72424/DSM-128
- The User Management > Roles > Role Properties window did not load if a lot of computers were protected. SEG-170672/DS-76826/C1WS-12373/DSM-10
- The SHA256 hash value of files will now be included in SNS Anti-Malware events when SHA256 is selected in Anti-Malware > Advanced > File Hash Calculation. SEG-168652/DS-76448/C1WS-14048/DSM-7
- Deep Security Manager sometimes set a wrong date for Next Run Time while running the scheduled task, which lead to a Java DateTimeException and display of an internal server error. This could prevent the reservation task from working properly. SF07190612/SF07191522/SEG-192240/SEG-192321/DSM-169
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-10326/DSM-158
Highest Common Vulnerability Scoring System (CVSS) score: 6.1
Highest severity: Medium
Deep Security Manager - 20.0.817 (20 LTS Update 2023-08-23)
Release date: August 23, 2023
Build number: 20.0.817
Enhancements
- The Deep Security Manager console now shows more information on the status of the Trend Micro LightWeight Filter Driver. DS-77465
- Add Device Control information to the Security Module Usage Report. DS-77319
Deep Security Manager - 20.0.802 (20 LTS Update 2023-07-19)
Release date: July 19, 2023
Build number: 20.0.802
Enhancements
- Updated Deep Security Manager to add SQL Server 2022 database support. SF06543523/SEG-169639/SEG-171432/DS-76501
- If the computer is a Podman Host, computer details now display the Podman version. DS-76683
Resolved issues
- When creating a new Scheduled Task, the "Next Run Time" value displayed in the Scheduled Task list was incorrect. SF06593263/SEG-171126/DS-76900
- Upgrade Agent Software actions would sometimes fail on Amazon Linux platforms. DSM-14
- Deep Security Manager would sometimes fail to synchronize to a Vision One Service Gateway. SF06928392/SEG-182692/DSM-19
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-6038/DSM-32/DSM-55
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.789 (20 LTS Update 2023-06-28)
Release date: June 28, 2023
Build number: 20.0.789
New Features
Trend Vision One Inventory support: Deep Security Manager integration with Vision One now supports Endpoint Inventory, Inventory Group, and Inventory Compliance.
Enhancements
- Deep Security Manager now supports PostgreSQL 14. SF06514546/SEG-169342/DS-76494
- Deep Security Manager now supports AWS Aurora PostgreSQL 14. DS-77594
- Deep Security Manager now supports VMware Cloud Director 10.4. SEG-152378/DS-74227
- Deep Security Manager now supports AWS RDS PostgreSQL 14. DS-76494
- Improved the processing of rules in recommendation scan. Recommendation scan does not work on Deep Security Manager versions earlier than 20.0.789 (20 LTS Update 2023-06-28) after applying 24-024.dsru. PCT-27452/PCT-27565
Resolved issues
- The Deep Security Manager console sometimes froze when opening the agent migration pop-up window. SEG-180945/DS-78114
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-9496/DS-77146
Highest Common Vulnerability Scoring System (CVSS) score: 4.3
Highest severity: Medium
Deep Security Manager - 20.0.768 (20 LTS Update 2023-05-17)
Release date: May 17, 2023
Build number: 20.0.768
New Features
Device Control: Deep Security Manager version 20.0.768 or later now supports Device Control for Windows Server platforms, helping to protect external storage devices connected to protected endpoints. This requires Deep Security Agent 20.0.0.6313 or later. For for information, see Supported features by platform.
Resolved issues
- Deep Security Manager sometimes generated Tenant reports containing incorrect information for Deep Security Agents running in a multi-tenant environment. SF06301702/SEG-162798/DS-76311
- Deep Security Manager's dashboard sometimes failed to include events within the status and event history widgets. SF06492268/SEG-168155/DS-76201
Deep Security Manager - 20.0.759 (20 LTS Update 2023-04-19)
Release date: April 19, 2023
Build number: 20.0.759
Enhancements
- Agent Version Control is now available when configuring agent upgrade Scheduled Tasks. SF06094463/SEG-159727/DS-74710
- Due to product name changes, all mentions of Trend Micro Vision One were changed to Trend Vision One. DS-76215
Resolved issues
- Under certain conditions, Deep Security events would incorrectly report that 'The component "Advanced Threat Scan Engine" has been removed'. SF05801044/SEG-147779/DS-75232
-
Some lists in the management console were causing performance issues in environments with more than 50,000 hosts. SF05874881/SEG-149417/DS-72746
The affected lists include, but are not limited to, the lists under System Event, Computer, Single Report, Scheduled Reports, Scheduled Task, Alert, and Dashboard.
Deep Security Manager - 20.0.741 (20 LTS Update 2023-03-15)
Release date: March 15, 2023
Build number: 20.0.741
New Features
Service Gateway: Deep Security Manager version 20.0.741 or later now supports Service Gateway, providing forward proxy functionality.
Deep Security Manager - 20.0.737 (20 LTS Update 2023-02-23)
Release date: February 23, 2023
Build number: 20.0.737
Enhancements
- Deep Security Manager 20.0.737 or later now supports Red Hat Enterprise Linux 9 (64-bit). SF06130289/SEG-157410/DS-74295
- Deep Security Manager now enforces certificate updates to RSA-2048 and SHA-256 for agents using unsupported certificates. Deep Security Agent version 20.0.0-6313 or later does not support SHA-1) For more details, see Upgrade the Deep Security cryptographic algorithm. DS-76297
- Updated Deep Security Manager to add API Smart Folder functionality. DS-75375
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-75668/DS-75924
Highest Common Vulnerability Scoring System (CVSS) score: 8.1
Highest severity: High
Deep Security Manager - 20.0.725 (20 LTS Update 2023-01-18)
Release date: January 18, 2023
Build number: 20.0.725
Resolved issues
- Updated Deep Security Manager to include an OS (operating system) field for syslog forwarding if
settings.configuration.addPlatformInSyslogMessage
is set to true by console command. For more information, see Adding AWS instance ID or OS fields in syslog messages in Deep Security Manager (DSM). DS-73163
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-74793
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.716 (20 LTS Update 2022-12-15)
Release date: December 15, 2022
Build number: 20.0.716
Resolved issues
- When exporting the list of computers to CSV, the Docker Host and CRI-O Host field value was not included correctly. SF05232601/SEG-131041/DS-73391
- The Deep Security Manager would report Rocky Linux 8 as an unknown Linux OS when registered through the AWS connector. DS-71999
Deep Security Manager - 20.0.711 (20 LTS Update 2022-11-16)
Release date: November 16, 2022
Build number: 20.0.711
Enhancements
- Updated Deep Security Manager to include Project ID for computers using Google Cloud Platform. SF05811253/SEG-147466/DS-72694
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-74218
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.703 (20 LTS Update 2022-10-19)
Release date: October 19, 2022
Build number: 20.0.703
Enhancements
- With Multi-Factor Authentication enabled, changing an account password now requires verifying the user's MFA code (in addition to the user's old password). DS-73341
- Updated Deep Security Manager to notify users of trust entity ruleset changes in the computer's status bar. DS-70956
- Updated Deep Security Manager to allow using question marks in Application Control trust rule
paths
property fields to match a single additional character in the path. DS-71604 - Updated the Deep Security Manager's UI tooltip for trust entity rules to describe the latest wildcard functionality. DS-69964
- Updated Deep Security Manager to use the latest Simple Object Access Protocol (SOAP) components to protect against vulnerabilities affecting older versions. DS-73080
Resolved issues
- Reports generated by Deep Security Manager (Events & Reports > Generate Reports) did not display Chinese language characters properly. SF05883379/SEG-149459/DS-72858
- Anti-Malware events sometimes displayed a blank file path with invalid Unicode encoding. 01746052/SEG-46912/DSSEG-3653
- Application Control rule permissions configured by administrators did not result in the corresponding functionality for users. As examples, a rule with its permissions set to Hide was still visible to users, and one with a Custom configuration preventing users from creating new rules did not prevent them from doing so. DS-68693
- In Trust Entity Management (Policies > Common Objects > Application Control Rules > Trust Entities), the horizontal scroll bar in the Edit Trust Ruleset window was covering rules displayed at the bottom of the window. DS-70435
Deep Security Manager - 20.0.686 (20 LTS Update 2022-09-21)
Release date: September 21, 2022
Build number: 20.0.686
Resolved issues
- If an Application Control shared ruleset was successfully created on a Deep Security Agent using the API, creating another shared ruleset with the API on the same agent would fail. DS-71034
- Deep Security Manager sometimes displayed the wrong state for items in an Anti-Malware Report (Events & Reports > Generate Reports). SF05780825/SEG-149707/DS-72871
- With Perform Ongoing Recommendation Scans set to Yes and an Ongoing Scan Interval set to 4 Weeks (Computer or Policy > Settings > General > Recommendations), Deep Security Manager executed the scans much more frequently than the set interval. SF05658685/SEG-148153/DSSEG-7707
Deep Security Manager - 20.0.677 (20 LTS Update 2022-08-17)
Release date: August 17, 2022
Build number: 20.0.677
New Features
Windows Server 2022 support: Deep Security Manager version 20.0.677 or later now supports Windows Server 2022.
Enhancements
- Updated Deep Security Manager to encrypt user login details. DS-71448
Resolved issues
- Under Events & Reports > Firewall Events, when using Action and Contains filters to search for Fail Open: Deny, the search results failed to display matching events. SF05740930/SEG-146282/DS-72636
- VMware vCloud accounts missing their OS type caused synchronization to fail. SF05830546/SEG-147983/DS-72518
- VMware vCloud connectors with more than 25 Virtual Data Centers only displayed 25 in Deep Security Manager. SEG-147252/DS-72376
- When Deep Security Relay were rehomed to a vCenter connector, they lost their original hostname in Deep Security Manager. SF05519505/SEG-140015/DS-72596
- Deep Security Manager sometimes generated unexpected Computer Updated system events. SF05496967/SEG-138407/DSSEG-7672
Deep Security Manager - 20.0.664 (20 LTS Update 2022-07-21)
Release date: July 21, 2022
Build number: 20.0.664
Enhancements
- Updated Deep Security Manager to include port 443 by default (along with ports 80 and 8080) for Ports to Monitor for Potentially Harmful Web Pages (Computer or Policy > Web Reputation > Advanced). This change prepares Web Reputation SSL inspection support on port 443 for future (not yet released) Deep Security Agent versions.
- Updated Deep Security Manager to add the
-disablemfa
parameter. This parameter allows users to disable Multi-factor authentication (MFA) when using thedsm_c
command line to perform a password reset. DS-69590
Resolved issues
- Deep Security Manager was sometimes unable to synchronize with Microsoft Active Directory (AD) users. SEG-138257/SF05452498/DS-70873
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-71624
Highest Common Vulnerability Scoring System (CVSS) score: 9.8
Highest severity: Critical
Deep Security Manager - 20.0.651 (20 LTS Update 2022-06-15)
Release date: June 15, 2022
Build number: 20.0.651
Enhancements
- Updated Deep Security Manager to provide more information for Anti-Malware Engine Offline events, including an ID indicating the event's cause and a link in the description leading to recommended actions. Also, a system log entry for the event is now generated if SIEM is enabled. DS-70595
- Updated Deep Security Manager to save disk space by removing outdated versions of the agent installer package. DS-67840
- Updated Deep Security Manager to trigger event based tasks related to creating a computer when adding an active directory computer with the "Add Active Directory" wizard. DS-68877
- Updated Deep Security Manager to remove support for 8.0 and 9.0 Deep Security Agents, since these versions are past their EOL dates. For more information, see Deep Security LTS life cycle dates. DS-70332
Deep Security Manager - 20.0.644 (20 LTS Update 2022-05-18)
Release date: May 18, 2022
Build number: 20.0.644
Resolved issues
- Some rules did not display properly in Deep Security Manager when columns were sorted By Group (under Policies > Common Objects > Rules or under Computers > Computers). SEG-127353/DS-68348
- Agent activation sometimes became stuck in a loop which caused high memory consumption for Deep Security Manager. DS-71234
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases.DS-71244/DS-65171
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.635 (20 LTS Update 2022-04-21)
Release date: April 21, 2022
Build number: 20.0.635
New Features
Advanced TLS traffic inspection: Deep Security Manager now provides an option to configure advanced TLS traffic inspection, removing the need to configure TLS credentials manually and adding support for more ciphers. You can verify the status of the feature by viewing the policy properties (Policy > Intrusion Prevention > General > Advanced TLS Traffic Inspection). For more information, see Enable Advanced TLS traffic inspection.
Azure and GCP connector migration support: Azure and GCP (Google Cloud Platform) connectors can now be migrated from Deep Security Manager to Trend Micro Cloud One - Workload Security. For more information, see Migrate cloud accounts to Workload Security.
Resolved issues
- Deep Security Manager was not receiving the number associated with systemEventID errors for system configurations using Simple Network Management Protocol (SNMP). SEG-122864/04711592/DS-67387
- Intrusion Prevention events containing number strings, such as IP addresses, sometimes resulted in Get Events Failed
NumberFormatException
errors in Deep Security Manager. SEG-120226/SF04838989/DSSEG-7216 - Deep Security Manager was sometimes unable to sync with vCloud. SEG-135846/SF05409802/DS-70336
- Deep Security Manager did not properly display Computer Moved events. DS-70669
- When a Deep Security Agent with an existing Application Control local ruleset was removed from Deep Security Manager, the ruleset for that agent still appeared in the manager (under Policies > Application Control Rules > Software Rulesets). DS-68173
- If the REST API was used to select the
critical-and-heuristic
parameter for Document Exploit Protection, Deep Security Manager would not display that selection for the malware scan configuration (under Computer or Policy > Anti-Malware > General > Edit). DS-67975
Deep Security Manager - 20.0.619 (20 LTS Update 2022-03-22)
Release date: March 22, 2022
Build number: 20.0.619
New Features
FIPS mode for Amazon Linux 2: Deep Security Manager version 20.0.619 or later now supports FIPS mode for AWS Marketplace deployment. This is supported for Deep Security Agent version 20.0.0-2971 or later.
Enhancements
- Updated Deep Security Manager to use the term protected instead of anonymous when referring to Trend Micro Feedback being shared with the Smart Protection Network. DS-70101
Resolved issues
- Deep Security Manager failed to migrate policies to Trend Micro Cloud One - Workload Security if a module's license had expired. DS-69595
- In a Security Module Usage Cumulative Report (Events & Reports > Generate Reports), Application Control usage hours were not being included properly under System Usage hours. DS-67494
- The Deep Security Manager Trust Entities New Ruleset window (Trust Entities > Trust Ruleset > New) had its OK and Close buttons blocked on some screen resolutions. DS-68838
- Behavior Monitoring status of Deep Security Agents for Linux was inconsistent on Deep Security Manager versions later than 20.0.312. With Behavior Monitor detection disable, the manager console sometimes still showed that it was enabled under the default settings for Anti-Malware real-time or advanced real-time scans. DS-69536
- There was a connectivity issue when a Deep Security Agent had FIPS mode enabled but Deep Security Manager did not. DS-70038
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. SEG-132505/SF05278860/DS-69608/DS-69764
Highest Common Vulnerability Scoring System (CVSS) score: 9.8
Highest severity: Critical
Deep Security Manager - 20.0.605 (20 LTS Update 2022-02-16)
Release date: February 16, 2022
Build number: 20.0.605
Enhancements
- Updated Deep Security Manager to allow users to toggle real time container protection (from Computer or Policy Settings > General). This setting is enabled by default. SEG-115751/DS-68963
Resolved issues
- Filtering Smart Folders by Folder Name sometimes displayed results for folders or groups that no longer existed. SEG-120786/SF04858677/DSSEG-7220
- With event-based task settings enabled for NSX Security Group Change (Administration > Event-Based Tasks), Deep Security Manager would trigger auto-activation of a virtual machine if it was removed from an NSX Security Group. DS-36694
- Deep Security Manager displayed the wrong description for Move Failed (No Response) system events. DS-69407
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-5866/DS-62223
Highest Common Vulnerability Scoring System (CVSS) score: 8.2
Highest severity: High
Deep Security Manager - 20.0.585 (20 LTS Update 2022-01-17)
Release date: January 17, 2022
Build number: 20.0.585
New Features
Application Control Trust Entities: This feature lets you configure trust rules to auto-authorize software changes in your environments, reducing the number of software changes and security events you need to manage manually. For details, see Application Control Trust Entities.
Enhancements
- Deployment scripts used to install Trend Micro Endpoint Basecamp (required to forward security events to Trend Micro Vision One) have been updated with a new certificate issuer organization name.
Resolved issues
- Moving Deep Security Agents to Workload Security would fail if Deep Security Manager was configured with a proxy that doesn't require authentication credentials. DS-68710
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-68725, DS-67244
Highest Common Vulnerability Scoring System (CVSS) score: 9.1
Highest severity: Critical
Deep Security Manager - 20.0.560 (20 LTS Update 2021-12-16)
Release date: December 16, 2021
Build number: 20.0.560
New Features
Trusted Certificates Detection Exceptions: Deep Security Manager version 20.0.560 or later now allows you to configure Trusted Certificates Detection Exceptions (from a policy's Details & Anti-Malware & Advanced tab) to exclude files from Anti-Malware scanning based on their digital certificate. This is currently supported for Deep Security Agent version 20.0.0-3445 or later on Windows platforms only. For more information, see Exclude files signed by a trusted certificate.
Resolved issues
- Deep Security Manager was unable to retrieve security settings from groups containing more than 1000 computers. SF05006314/SEG-124719/DS-67938
- Deep Security Manager was sending suspicious objects to Deep Security Agent even after the objects' expire time had ended. DS-67917
- Deep Security Manager was not displaying virtual machines that had been upgraded to VMware Cloud Director 10.3 or 10.3.1, even though they were still connected. SEG-123585/SF04968350/DS-67513
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-68162/DS-65579
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.543 (20 LTS Update 2021-11-18)
Release date: November 18, 2021
Build number: 20.0.543
Enhancements
- Updated Deep Security Manager to hide the Trend Micro Vision One promotion banner for 24 hours after being dismissed by a user. DS-55349
- You can now use Azure application certificate authentication when adding an Azure connector. For details, see Add a Microsoft Azure account to Deep Security. DS-63762
-
Improved migration from Deep Security Manager to Workload Security in the following ways:
- Updated Deep Security Manager to handle connectivity issues better during migration to Workload Security, preventing the console UI from being blocked or stuck in a loading loop. DS-67841
- Updated Deep Security Manager so that the Computer Group list for Deep Security Agents being migrated to Workload Security no longer displays computer groups generated by connectors. DS-67776
- Updated Deep Security Manager Move Failed system events to include additional event details from the Workload Security side. DS-67921
- Updated Deep Security Manager to check for inactivated computers with the same hostname as computers being migrated to Workload Security. If a matching hostname is found, the manager now updates the existing computer instead of marking the task as Move Failed. DS-67527
- Updated Deep Security Manager's policy migration page (Support > Migrate to Workload Security > Configurations) to note that Rule Updates must be up to date before migration, and that common objects in Workload Security are overwritten if they have the same name as migrated objects. DS-67777
- Updated Deep Security Manager to remove the Migrate to Workload Security option (shown when right-clicking a computer) for computers that are not migratable. DS-67666
Resolved issues
- Software Update sometimes failed if the kernel support package and the agent installer were both the same version. DS-67547
- Deep Security Manager system events sometimes had No Description in the description field. DS-66878
- Deep Security Manager sometimes received alerts for agents that had not been activated. DS-64523
- After an update, Deep Security Manager kept a copy of the previous version's online help files. SEG-120770/SF04858311/DS-66969
- In Deep Security Manager's Computers tab, the LAST COMMUNICATION column sometimes did not sort correctly. SEG-120751/SF04862693/DS-67579
- Deep Security Manager was unable to migrate agent/appliance initiated agents (AIA) with certain configurations over to Workload Security. SEG-124938/DS-67861
- When the Migrate With Settings Overridden at Computer Level option was selected, Deep Security Manager incorrectly tried to migrate rule assignments, which could cause the migration to Workload Security to fail. DS-67528
- For Deep Security Managers using an Oracle Database, any computers requesting migration to Workload Security would have their status show Moving even if the migration was successful. DS-67930
- Deep Security Manager sometimes encountered a runtime exception that would prevent computers from moving to Workload Security during migration. DS-67932
Deep Security Manager - 20.0.513 (20 LTS Update 2021-10-14)
Release date: October 14, 2021
Build number: 20.0.513
New Feature
Migrate to Workload Security using the Deep Security Manager UI: Deep Security Manager now supports moving agents and policy configurations to Trend Micro Cloud One Workload Security using the Deep Security Manager UI. This includes the following:
- Migrate agents using the UI
- Migrate configurations using the UI
- Migrate agents with settings overridden at the computer level
- Move multiple agents at the same time with a single BatchComputerMoveTask API call
For more information, see Migrate to Workload Security.
Resolved issues
- While syncing Trend Micro Vision One (XDR) status, Deep Security Manager sometimes failed to synchronize the Sandbox as a Service status at the same time. DS-66122
Deep Security Manager - 20.0.503 (20 LTS Update 2021-09-23)
Release date: September 23, 2021
Build number: 20.0.503
New Feature
Control kernel package updates: This update introduces a new way to manage your kernel support packages. Deep Security Manager now provides an option to automatically update the kernel package when an agent restarts on Linux. For details, see Disable optional Linux kernel support package updates.
Enhancements
- Updated Deep Security Manager to integrate with Trend Micro Vision One for Threat Intelligence (previously known as Connected Threat Defense). DS-61106
-
Updated Deep Security Manager to allow the removal of Integrity Monitoring baseline data using a console (dsm_c) command. Removing baseline data does not affect the protection you receive from Integrity Monitoring, but does remove the following:
- The option to View Baseline data from the manager console
- The ability to use Trusted Common Baseline as a source of Auto-Tagging
- The ability to generate an Integrity Monitoring Baseline Report
As baselines have grown larger and workloads have become more dynamic, the ability to support the Integrity Monitoring baseline in the Deep Security Manager console has become increasingly challenging. We are committed to evolving the design of Integrity Monitoring to meet the performance and operational needs of our customers. Through discussions with our customers, it was determined that in its current form, Integrity Monitoring was not always delivering the value to offset the performance and operational overhead required to maintain baseline data. For more details on disabling baseline data, see Database performance issue due to lots of Integrity Monitoring baseline data. DS-60498
Resolved issues
- Deep Security Agent automatic upgrades sometimes failed if Deep Security Manager had Upgrade on Activation and Event-based Tasks enabled at the same time. SEG-105646/SF04249597/DS-62190
- The Deep Security Manager console command to add a trusted certificate sometimes failed for LDAPS server certificates. SEG-116063/SF04716472/DS-65277
- Some API key fields used to migrate to Workload Security were missing from the Workload Security Links API document. DS-66022
- In environments with multiple vCenter connectors undergoing frequent vMotion, Deep Security Manager sometimes encountered a deadlock causing Engine Offline errors for Anti-Malware, Firewall, and Intrusion Prevention. SEG-115729/SF04696226/DS-65311
- Deep Security Manager sometimes couldn't retrieve a computer's information, causing VMware NSX synchronization to fail. SEG-117202/DS-65610
- Deep Security Virtual Appliance IPv6 addresses sometimes displayed in the Deep Security Manager console even if the IPv6 was not available in the environment. SEG-118810/SF04806948/DS-66263
- Deep Security Manager Scheduled Reports (Events & Scheduled Reports) with a Using Policy computer filter sometimes still showed all computers in the generated reports. SF04676734/SEG-116345/DS-65336
- Deep Security Agent upgrade failures sometimes occurred if Default Real-Time Scan File List or Directory List exclusions were created with duplicate names in Deep Security Manager. DS-65746
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-5934/DS-63325/DS-65607
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.482 (20 LTS Update 2021-08-25)
Release date: August 25, 2021
Build number: 20.0.482
Enhancements
- Updated Deep Security Manager to support PostgreSQL 12 and PostgreSQL 13 in FIPS mode. For more information see FIPS 140-2 support. DS-63876
- Updated Deep Security Manager's Workload Security Link API to support URLs containing "https" when attempting to Migrate to Workload Security. DS-65095
Resolved issues
- Deep Security Manager Scheduled Tasks (Administration > Scheduled Tasks) configured to run daily would sometimes run hourly. SEG-108098/DS-64247
- In Deep Security Manager's Computers page, the LAST MANUAL SCAN FOR MALWARE and LAST SCHEDULED SCAN FOR MALWARE columns sometimes did not sort properly.
- Tenants were sometimes unable to update their license if the primary tenant enabled a proxy server with credentials (Administration > System Settings > Proxies > Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing)).
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-5932/DS-63442/DS-51695/ VRTS-5930/DS-63071/ VRTS-5929/DS-63072
Highest Common Vulnerability Scoring System (CVSS) score: 6.5
Highest severity: Medium
Deep Security Manager - 20.0.463 (20 LTS Update 2021-07-22)
Release date: July 22, 2021
Build number: 20.0.463
Enhancements
- Updated Deep Security Manager to include two different action options in the Anti-Malware Scan Interface (AMSI): Customers can now select either Pass or Terminate. DS-63691
- Updated Deep Security Manager to support migrating policies to Workload Security using the new MigratePolicy API command. This command automates the process of migrating the Deep Security Policies from their current on-premise manager to a Cloud One Workload Security tenant. DS-63316
- Updated Deep Security Manager to check if the virtual machine's IP address is reachable during the rehoming process for vCenter. DS-63514
Resolved issues
- Deep Security Manager was sometimes unable to send emails on systems with more than one network interface card (NIC). DS-63254
- Deep Security Agents using agent-initiated activation (AIA) sometimes went offline following a certificate update. DS-58106
- When generating an Agent Version Report (Events & Reports > Generate Reports), the report generated as if All Computers was selected in the Computer Filter section regardless of which option was actually selected. DS-64133
- Filtering a Smart Folder by Tag was not working properly for new events added with Auto-Tagging (Events & Reports > Events > (Select an event type) > Auto-Tagging). DS-61210
- When a virtual machine (on vCenter) had multiple IP addresses, Deep Security Manager was sometimes unable to select the correct IP address. SEG-109694/SF04486485/DS-63235
- Deep Security Manager would sometimes re-download an outdated Kernel Support Package (KSP) that had previously been deleted. SEG-101335/04121383/DS-60849
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-64012/ VRTS-5931/DS-63070
Highest Common Vulnerability Scoring System (CVSS) score: 6.8
Highest severity: Medium
Deep Security Manager - 20.0.447 (20 LTS Update 2021-06-28)
Release date: June 28, 2021
Build number: 20.0.447
New Feature
Re-parent agents: Deep Security Manager now supports moving agents to Trend Micro Cloud One Workload Security using the new MoveAgent API command. This command automates the process of re-parenting an activated Deep Security Agent from its current on-premise manager to a Workload Security tenant. If re-parenting is unsuccessful, the agent will re-activate with its on-premise manager, retaining its previous configuration.
Due to feature differences between the Deep Security and Workload Security managers, move tasks may be refused to prevent unexpected behaviors. You should disable the following before moving agents:
- FIPS 140-2: Deep Security Manager will refuse move tasks if FIPS 140-2 support is enabled.
- Deep Security Virtual Appliance: Computers protected by Deep Security Virtual Appliance (agentless or combined mode) will refuse move tasks.
- SAP NetWeaver integration: Agents with SAP NetWeaver integration will accept move tasks. However, after being moved to Workload Security, the SAP NetWeaver integration will not be available until it is supported on Workload Security.
Enhancements
- Updated Deep Security Manager to add PostgreSQL 12 and PostgreSQL 13 database support. DS-59911
- Removed the Windows logo that was displayed next to Predictive Machine Learning in the Deep Security Manager UI. Predictive Machine Learning is currently supported by all Windows agents, as well as Linux agents version 20.0.0-2395 or later. DS-62929
- Updated Deep Security Manager to note which agent versions support Behavior Monitoring Pass action: Deep Security Agent 20.0.0-1559 or later on Windows and Deep Security Agent 20.0.0-1822 or later on Linux. DS-62937
- Updated the Activity Data Forwarding description (Administration > System Settings > Trend Micro Vision One) to provide more information on script deployment. DS-63278
- Updated the Endpoint Basecamp deployment script (Administration > System Settings > Trend Micro Vision One > Activity Data Forwarding) to improve support on some platforms, and updated script deployment error messages to be more descriptive. SEG-109629/DS-63157
Resolved issues
- In Deep Security Manager's Tenants page (Administration > Tenants), some columns were being sorted based only on the first digit of the number of events or jobs, instead of being sorted based on the entire number. SEG-107657/DS-62544
- Deep Security Manager had high memory consumption when querying databases with a large number of security profiles. SEG-103097/SF04265571/DS-61490
- Anti-Malware Real-Time Scan Configuration policies sometimes did not reset to their inherited value properly. DS-63835
- System event messages sometimes contained information referencing the wrong operating system. SF04443281/SEG-111629/DS-64089
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases.DS-63110/DS-61049
Highest Common Vulnerability Scoring System (CVSS) score: 5.8
Highest severity: Low
Deep Security Manager - 20.0.414 (20 LTS Update 2021-05-24)
Release date: May 24, 2021
Build number: 20.0.414
Enhancement
- Updated Deep Security Manager to enhance the Identified Files download mechanism, including the ability to download from agent-initiated Deep Security Agents, and a new File Status field on identified files to indicate download progress. DS-60741
Resolved issues
- Under some configurations an internal error prevented users from generating a Deep Security Best Practice Guide Report.SF04154114/SEG-99975/DS-60897
- An account permissions issue sometimes caused Trend Micro Vision One registration to fail or display the wrong status (under Administration > System Settings > Trend Micro Vision One). DS-61893
- Deep Security Manager sometimes had connectivity issues preventing computers from importing properly and preventing Deep Security Relays from activating or deactivating. DS-58417
- Deep Security Manager sometimes incorrectly prevented users with an Auditor role from viewing Firewall Rules (Policies > Rules > Firewall Rules). SF04220398/SEG-102016/DS-60847
- Deep Security Manager links to Japanese language content failed to load in setups using an air gapped Online Help package (Administration > Updates > Local). 04442246/SEG-108814/DS-63080
- Deep Security Manager sometimes stopped processing scheduled tasks if the database connection was unstable. DSSEG-6689/DS-62963
Deep Security Manager - 20.0.393 (20 LTS Update 2021-04-27)
Release date: April 27, 2021
Build number: 20.0.393
Enhancements
- Updated Deep Security Manager to add a message to an event's description if the event is purged by one of the Automatically Delete Events Older Than options (Administration > System Settings > Storage). DS-59349
- Updated Deep Security Manager to increase the number of >Maximum TCP Connections (Computers > Computers > Details > Settings > Advanced) to 1000000 by default. DS-61032
Resolved issues
- Deep Security Manager version upgrade sometimes failed when a key value contained special characters. SEG-99875/SF04106715/DS-60581
- Anti-Malware Scheduled Scan was not working under some configurations. DS-54952
- The Deep Security Manager console's load time was sometimes slower than normal when many policies existed and/or were assigned to roles. SEG-90429/SF03787758/DS-58871
- The Automatically Delete Server Logs Older Than setting (Administration > System Settings > Storage) appeared for tenants when it should have only appeared for the primary tenant. DS-58669
- The View Renewal Instructions URL was broken in License Properties (Administration > Licenses > View Details). SEG-104258/SF04308332/DS-61343
- Deep Security Manager was sometimes unable to synchronize with AWS Connectors. SEG-102091/SF04198233/DSSEG-6726
- Deep Security Manager was unable to validate credentials for some AWS connectors when their region data changed unexpectedly in the database. SEG-97924/DS-60541
- Deep Security Manager was sometimes unable to access existing Real-Time Malware Scan Configurations (Policies > Common Objects > Other > Malware Scan Configurations). SEG-86700/SF03646616/DS-55577
- A Data Pruning malfunction (Administration > System Settings > Storage) sometimes led to a large number of events, causing performance issues between the Deep Security Manager and database. SEG-97589/SF04073627/DS-61356
- System Event Reports in Deep Security Manager (Events & Reports > Generate Reports) were sometimes generated with data missing. DS-61752
- Deep Security Manager was sometimes unable to generate a password-protected Single Report or password-protected Scheduled Reports (Events & Reports > Generate Reports). SEG-105241/SF04341549/DS-61718
- Updating the password for an Azure Connector (Computers > Computers > right-click Azure Connector > Properties > Connection) sometimes did not work, causing the account to lose its connection to Deep Security Manager. DS-60479
- Deep Security Manager sometimes could not remove a vCenter Connector that had NSX installed. DS-61101
- Deep Security Manager's Anti-Malware Protection Status on the Dashboard sometimes displayed incorrect information. SEG-103625/SF04271447/DS-61598
- Application Control hours were not being calculated when generating a Security Module Usage Cumulative Report (Events & Reports > Generate Reports). SEG-100505/SF04174981/DS-60675
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-51780/DS-61318
Highest Common Vulnerability Scoring System (CVSS) score: 8.2
Highest severity: Medium
Deep Security Manager - 20.0.366 (20 LTS Update 2021-03-24)
Release date: March 24, 2021
Build number: 20.0.366
New Feature
Deploy Trend Micro Endpoint Basecamp for Trend Micro Vision One (XDR): After onboarding to Trend Micro Vision One (XDR), you can now select the Trend Micro Endpoint Basecamp Agent Deployment Script (Support > Deployment Scripts) to automatically deploy it along with your Deep Security Agent on Linux or Windows platforms.
Enhancements
- Updated Deep Security Manager to make error messages, and the actions required to troubleshoot them, clearer during Trend Micro Vision One (XDR) registration. DS-61057
Resolved issues
- Deep Security Manager System Event Reports (Events & Reports > Generate Reports) sometimes had no data in the section for Most Active Computers Ranked by Number of System Events. DS-28985
- Malware Scan Status on the Dashboard sometimes displayed the wrong data. DS-57263
- Deep Security Manager's Security Updates Overview (Administration > Updates > Security) sometimes showed No Scheduled Task even if there was one in Administration > Scheduled Tasks. SEG-97381/DS-60271
- Entering certain terms in the Computers search field (in the Computers tab) would cause the search to fail and display an Internal server error. SEG-98108/SF03976840/DS-60133
- A user with View-Only privileges was able to make changes to Deep Security Manager's Application Control Ruleset actions. SEG-81133/03347924/DS-61041
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-61209/VRTS-4382/03116764/DS-49429
Highest Common Vulnerability Scoring System (CVSS) score: 7.5
Highest severity: High
Deep Security Manager - 20.0.344 (20 LTS Update 2021-02-23)
Release date: February 23, 2021
Build number: 20.0.344
Enhancements
- Updated Deep Security Manager's Anti-Malware default real-time scan exclusions to enhance performance. DS-55169
- Updated Deep Security Manager UI to rename Trend Micro XDR as Trend Micro Vision One. DS-60273
- Updated Deep Security Manager to add deployment script support for CentOS 8 and RedHat 8. DS-60413
- Updated Trend Micro Vision One tab Learn More links to point to content based on the language of a user's locale (EN/JP). DS-60487
- Updated the Deep Security Software page to fix some incorrect links. DS-60494
- Updated Deep Security Manager to add 2 Days as an option for Inactive Agent Cleanup (Administration > Agents > Inactive Agent Cleanup). SEG-91358/SF03711833/DS-59591
- Updated Deep Security Manager to improve vCenter connectivity when a Deep Security Agent's IP is unreachable, and when Manager-Initiated communication is enabled. DS-58526
- Updated Deep Security Manager to add support for ports 32767-65535. SEG-98840/SF04119337/DS-60122
- Updated the Deep Security Manager's XDR Basecamp (XBC) deployment script UI to provide a link to the latest platform support info on the online help center. DS-60206
Resolved issues
- When a VM was managed through both the Computers > Add Active Directory and Add Azure Account options, issues with host updates and rehoming occurred. SEG-97266/SF03911224/DS-59853
- Deep Security Manager's Anti-Malware Protection Status Widget (in the Dashboard tab) sometimes failed to display data. DS-48046
- Deep Security Manager integration with an SAML identity provider sometimes failed if all roles didn't match the expected format. SEG-90158/SF03783432/DS-57687
Deep Security Manager - 20.0.321 (20 LTS Update 2021-01-26)
Release date: January 26, 2021
Build number: 20.0.321
Enhancements
- Updated Deep Security Manager to display the correct deployment script when it is selected from the Platform menu (Administration > System Settings > Trend Micro Vision One). DS-59825
- Updated Deep Security Manager to support agentless mode for NSX-T on VMWare Cloud Director version 10.2 or later. DS-54044
Resolved issues
- Running multiple Check for Security Update scheduled tasks at the same time sometimes resulted in updates being skipped. DS-59715
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-59917
Highest Common Vulnerability Scoring System (CVSS) score: 6.1
Highest severity: Medium
Deep Security Manager - 20.0.313 (20 LTS Update 2021-01-18)
Release date: January 18, 2021
Build number: 20.0.313
New Feature
Trend Micro Endpoint Basecamp Agent: Trend Micro Endpoint Basecamp (XBC) Agent integrates XDR tools and functionality into Deep Security, following Trend Micro Vision One onboarding. For more information see Integrate with Trend Vision One (XDR).
Enhancements
- Updated vCenter to make changing an NSX Manager simpler by using the Remove NSX Manager button (Properties > NSX Manager) rather than editing the Manager Address: field. DS-58377
- Updated the Deep Security Manager so that, by default, Trend Micro Vision One is enabled after the onboarding experience and after migrating to a paid license. DS-58788
- Removed the News button from Deep Security Manager. For the latest news on product changes, see What's new? DS-58808
- Aligned package naming for Deep Security Manager and Deep Security Agent on the Download Center. DS-56806
- Updated Deep Security Manager to include the option to log Trend Micro Vision One issues (Administration > System Information > Diagnostic Logging...). DS-58533
- Updated Deep Security Manager's Default Real-Time Scan Configuration (Computers > Details > Anti-Malware > General > Real-Time Scan > Malware Scan Configuration) to enable Behavior Monitoring and Predictive Machine Learning by default. Later versions of Deep Security Agents (Windows agent 20.0.0.1559 or later, and Linux agent 20.0.0-1822 or later) will have Use Custom Actions set to Pass by default, and will log Anti-Malware Events. Earlier versions of agents will have Behavior Monitoring and Predictive Machine disabled if their Possible Malware Action to Take is set to Pass. DS-59282
- Updated the Deep Security Manager to make Trend Micro Vision One related settings and features consistent after the onboarding. DS-58788
- Updated the Deep Security Manager to improve Search Computer API and List Computer API performance. DS-56722
Resolved issues
- When the Deep Security Manager installer detected at least 16 GB of RAM on the operating system, it was not automatically allocating 8 GB of RAM to the Java Virtual Machine as is recommended for best performance. SEG-87319/03645194/DS-55701
- The Deep Security Manager was unable to communicate with agents in some environments, causing agent offline issues. SEG-86783/SF03637359/DS-56400
- Anti-Malware Scan scheduled tasks that timed out sometimes restarted instead of triggering a Scheduled Task Skipped event as expected. DS-59252
- The Deep Security Manager console command used to set a preferred IP address for Deep Security Agents with multiple IPs was sometimes not working, causing some agents to be unable to connect. DS-58878
- Deep Security Manager version update install was failing under some configurations. SEG-95357/SF03988405/DS-59222
- Deep Security Manager installed an incorrect version of the relay in some cases. DS-59634
- The Deep Security license check for Trend Micro Vision One registration was sometimes failing. DS-59645
- After changing the settings for a policy (Policies > Details > Settings > General), the Reset all settings to Inherent button did not work for Automatically Send Policy Changes to Computers or Perform Ongoing Recommendation Scans. DS-56830
- Links were sometimes not clickable in the Computer Status of the Dashboard tab, and for Agent/Appliance Upgrade Recommended (New Version Available) alerts opened in the List View of the Alerts tab. DS-57968
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-33781/DS-58415/DS-58917/DS-51741/DS-59636
Highest Common Vulnerability Scoring System (CVSS) score: 9.8
Highest severity: Critical
Deep Security Manager - 20.0.262 (20 LTS Update 2020-11-26)
Release date: November 26, 2020
Build number: 20.0.262
New Features
Integrate with Trend Micro Vision One: Trend Micro Vision One applies effective expert analytics and global threat intelligence using data collected across multiple vectors - email, endpoints, servers, cloud workloads, and networks. For more information, see Integrate with Trend Vision One (XDR).
Custom actions for Behavior Monitoring and Machine Learning: This release provides the ability to specify custom actions for Behavior Monitoring and Predictive Machine Learning.
Enhancements
- The Computer Description field for Smart Folders can be used as a search criteria. SEG-85288/DS-55034
Resolved issues
- In the Smart Folder Editor, the computer type was listed as Undefined instead of Physical Computers. DS-32765
- On the vCenter connector properties page, when a user clicked Remove NSX Manager and then re-registered the NSX-T manager, the network-related features displayed Not supported (NSX license limited). DS-56411
- An internal server error occurred when AWS was added to a Smart Folders sub-folder with the Version condition selected. DS-50785
- When Log Inspection or Intrusion Prevention rules were added, the Web Application Firewall sometimes blocked the page. DS-56448
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-57603
Highest Common Vulnerability Scoring System (CVSS) score: 3.7
Highest severity: Low
Deep Security Manager 20.0.198 (20 LTS Update 2020-10-19)
Release date: October 19, 2020
Build number: 20.0.198
Enhancements
- Enhanced the description of the Activation Failed event to specify why the event occurred. DS-29719
Resolved issues
- If you installed standalone agents on VMware VMs, and then you subsequently added vCenter to Deep Security Manager, you would see duplicate computer records in the manager for one VM. DS-55316
- The settings on Policies > Settings > Advanced could not be changed because the Inherited option could not be deselected. DS-56309
- The Administration > Updates > Security page took a long time to load.
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DS-54102/DS-53674
Highest Common Vulnerability Scoring System (CVSS) score: 6.5
Highest severity: Medium
Deep Security Manager 20.0.174 (20 LTS Update 2020-09-16)
Release date: September 16, 2020
Build number: 20.0.174
New features
Improved management and quality
Agent Version Report: The Agent Version Report has been created in order for you to view a summary of how many agents are using a specific agent version, the percentage of total agents each version is using and an overview of how many agents are online and how many are offline, all of which are broken down based on the Deep Security Agent's platform (OS). To generate the report, go to Events & Reports > Generate Reports > Single Report > New > Agent Version Report.
Azure Government improvement: Azure Government resources can be added through the Deep Security Manager Azure connector (Computers > Add > Add Azure Account). For more information, see How do I protect Azure Government instances?.
Database encryption: The process of encrypting the communication between Deep Security Manager and your database has been simplified. For more information, see Encrypt communication between the Deep Security Manager and the database.
Enhancements
- Reduced the time it takes to validate GCP service accounts when changing your GCP Account Properties configuration. Previously, this took a long time when there were a large number of auto-generated GCP projects. SEG-81743/SF03452889/DS-53515
- Updated the pager numbers, phone numbers and mobile numbers listed on the User Properties window (click your email at the top of the console and select User Properties) so they can be configured to exceed more than 30 digits.
- Updated the My User Summary on the console and the User and Contact Report (Events & Reports > Generate Reports > Single Report) to reflect the logins that have occurred in the last 30 days. SEG-81216/03407489/DSSEG-5897
- Added support for VMware Cloud Director (vCloud) 10.1.1 (with NSX-V only).
- Improved the "Scheduled report sending failed" error message by adding a more thorough description. For more information, see Troubleshoot: Scheduled report sending failed. SEG-77886/03221276/DS-54615
- Updated the New Malware Scan Configuration Properties (Policies > Common Objects > Malware Scans > New) default settings to match the default settings for the Default Malware Scan Configuration Properties.
Resolved issues
- The Computer Status widget on Deep Security Manager's dashboard did not display the correct number of managed computers. DS-53294
- The Deep Security Agent trusted certificates were not automatically renewed. SEG-79146/SF03240076/DS-52488
- The AWS Contract License Exceeded alert sometimes occurred even though the number of protected computers did not exceed the limit. SEG-82932/SF03491496/DSSEG-5974
- Imported VMs in vClouds were unable to activate. SEG-75542/03189161/DS-53447
- The console sometimes showed the incorrect Log Inspection status. /DS-54630
- Some Intrusion Prevention rules were designed to operate exclusively in Detect Only mode, however you were able to change their behavior on the policy and computer pages. DS-54667
- An incorrect number of overrides were displayed on Computer/Policy Editor > Overrides. SEG-83802/03513073/DS-54710
- There was a rights issue with Scheduled Tasks that caused incorrect behaviors to occur when creating them. SEG-78610/SF03320936/DS-53292
- The MasterAdmin could not create a scheduled task for all computers. DS-55522
- Ransomware Event History on the dashboard displayed incorrect information. DS-55494
Security updates
Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases.DS-52678 /DS-21167 /DS-53059
Highest Common Vulnerability Scoring System (CVSS) score: 7.0
Highest severity: High
Notices
Red Hat Enterprise Linux 5 and 6 are no longer supported platforms for Deep Security Manager. For a list of supported Deep Security Manager platforms, see Deep Security Manager requirements.
Deep Security Manager 20 (long-term support release)
Release date: July 30, 2020
Build number: 20.0.60
Action required if you use cross-account roles to add AWS accounts to Deep Security using the API /rest/cloudaccounts/aws
To better align with AWS best practices and improve AWS account security, Trend Micro have made a change to the process of adding a new AWS account into Deep Security using cross-account roles. Previously, when using a cross-account role for authentication, Deep Security required two pieces of information: a role ARN, and an external ID trusted by the role. This has now changed to a new process where Deep Security provides the external ID, and requires that the role provided has included this external ID in its IAM trust policy. This change provides stronger security in shared Deep Security environments, and ensures that strong external IDs are always used. For details on the new process of adding cross-account roles using manager-generated external ID, see Add an AWS account using a cross-account role.
Action Required:
Switch your external ID to a manager-generated one: Update the external ID.
If you are using cross-account roles with the API /rest/cloudaccounts/aws
, see Action required if you are using cross-account roles with the API /rest/cloudaccounts/aws.
New features
Updated platform support
- Red Hat Enterprise Linux 8 (64-bit)
- Windows Server 2019 (64-bit)
- Oracle 18 database support
- Oracle 19c database support
- PostgreSQL 11 database support
- SQL Server 2019 database support
Google Cloud Platform: Google Cloud Platform (GCP) has been integrated with Deep Security. You can now view new GCP instances that come online or are removed, and which instances have protection. If you are using multiple clouds on-premise and in your data center, Deep Security can provide visibility for all of your environments. This feature is available for VMs that have Deep Security Agent 12.0 or later installed. For details, see Add a Google Cloud Platform account.
End of Support for Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 6 is no longer a supported platform for Deep Security Manager. Upgrade your operating system.
Improved Security
Continuous Anti-Malware protection for NSX-T environments: Deep Security Manager now sends guest VMs' Anti-Malware real-time configuration to all Deep Security Virtual Appliances that are under the same cluster. The effect is that the appliances can now maintain the protection of guest machines that use the Anti-Malware real-time feature during and after a vMotion migration from one ESXi host to another under the same cluster. This feature only applies to NSX-T environments.
Agent version control: Agent version control gives you and your security operations team control over the specific versions of the Deep Security Agent that can be used by features like deployment scripts and upgrade on activation. This provides increased control over the Deep Security Agent used in your environment. For more information, see Configure agent version control.
Improved management and quality
Differentiate between Red Hat and CentOS platforms: Deep Security Manager can distinguish between a Red Hat and CentOS platforms and operations.
Visibility, Protection, and Management on Google Cloud Platform (GCP):
- VMs are organized into projects, which lets you easily see which GCP VMs are protected and which are not.
- Assign policies automatically based on the GCP Instance Labels, GCP Network Tags, and other instance attributes while auto-scaling up.
- Group related GCP instances in Smart Folders based on the GCP instance labels, GCP network tags, and other instance attributes to simplify the management.
Automate Google and AWS accounts via REST API: As you move to more automated deployments, having APIs to perform common tasks becomes a greater requirement Deep Security provides REST APIs to allow you to automate the adding of both AWS and Google Cloud accounts into Deep Security.
Actionable recommendations for Anti-Malware issues: In order for you to understand what is happening in the Anti-Malware system, many Anti-Malware events have been updated to provide more details on why a cancellation or failure has occurred. These events can occur for manual, quick, or scheduled Anti-Malware scans. The enhanced detail is provided in the events with Deep Security Manager as well as provided through SIEM or AWS SNS.
Search Cloud Instance Metadata: Added the ability to do a simple search or advanced search for Cloud Instance Metadata on the Computers page. This allows you to easily find workloads with specific labels, network tags, and more.
Instance Metadata Service Version 2 (IMDSv2) support: IMDSv2 is supported in this release. For details, see How does Deep Security Agent use the Amazon Instance Metadata Service?
Upgrade on activation: Deep Security Manager now has options (Administration > System Settings > Agents > Automatically upgrade Linux/Windows agents on activation) that enable you to automatically upgrade the Deep Security Agent on Linux and Windows computers to the version specified in Administration > System Settings > Updates > Software > Agent Version Control when the agent is activated or reactivated. For details, refer to Automatically upgrade agents on activation.
Enhanced visibility of scheduled scan tasks and event based tasks: Scheduled scan tasks and event-based tasks have been improved by providing scan visibility as well as specific reasons for each uncompleted Anti-Malware scan and recommended actions to resolve the scan.
Reporting improvements to allow chargeback to cloud accounts: The Security Module Usage Report now includes the Cloud Account ID (AWS Account ID, Azure Subscription ID or GCP Project ID) for protected instances.
Multiple vCenters: You can add multiple vCenters in the Deep Security Manager, and associate them to the same NSX-T Data Center. An overwrite warning message is displayed if you are using NSX Data Center for vSphere (NSX-V), which does not support the use of multiple vCenters, or if the NSX-T Manager has being registered with another Deep Security Manager cluster.
Enhancements
UI improvements:
- Added file hash values to Anti-Malware events that are exported to CSV (Events & Reports > Anti-Malware Export > Export to CSV). SEG-61890/SF02510024/DS-53441</p>
- Updated the descriptions related to memory on the System Information page so they're more accurate and easier to understand.
- Improved the description of Behavior Monitoring events by including the reason the event occurred.
- Added a GCP Network Tag column to the Computers tab.
- Added GCP information such as Instance ID, Labels, Network tags, and more, to Computer Editor > Overview > General.
- Added the Cloud Instance Metadata field to the Computers page.
- Added a progress bar to Administration > User Management > Roles > New > Computer Rights > Selected Computers to indicate the status of the computers list that's loading.
- If there are a lot of agent events in a single heartbeat, they will be split into multiple "Event Retrieved" events.
- Enhanced the Relay management experience by providing possible solutions for the "Empty Relay Group Assigned" alert in the alert's description and removing the relay count for tenants that are using the Primary Tenant Relay Group.
- Added "Database Type" and "Database Server" columns to Administration > Tenants.
- Added the "Kernel Unsupported" system event to indicate if your computer has been upgraded to an unsupported kernel.
- Added a reason ID for the "Manual Malware Scan Cancellation complete" system event. The reason ID is displayed in REST API calls, SNS information and SIEM information.
- Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager.
- Added the Validate the signature on the agent installer checkbox on Support > Deployment Scripts. For more information, see Check digital signatures on software packages.
- Improved the "License Changed" event description by specifying if the plan ID is for Azure Marketplace billing.
- Renamed the Service Token setting to Data Source GUID on Administration > System Settings > Managed Detection and Response.
- Added a "Agent GUID" column to the Computers page so you can search computers by the Agent GUID.
- Included a search bar under Administration > Updates > Software > Local.
- When creating a smart folder, you can now select "Version" as the filter criteria to filter computers based on their Agent version.
- Added the ability to hide all empty AWS regions, VPCs, subnets, and directories, reducing clutter and increasing load speed on the Computers page.
- Aggregated identical agent events in a single heartbeat under a single event.
- Modernized the Policies > Lists > Port Lists page.
- When creating a smart folder, you can now select "Task(s)" as the filter criteria, which filters for values displayed in the "Task(s)" column on the Computers page. For example, you could create a smart folder that lists all computers that contain "Scheduled Malware Scan Pending (Offline)" as the task. Additionally, if you are using the Deep Security API to search for computers, you can now search on the value of the tasks/agentTasks and tasks/applianceTasks fields.
- Deep Security Manager now prevents you from importing duplicate Trusted Certificates.
- Redesigned the Computers > Add Account synchronization scheduling to handle many more connectors per tenant, reduce idle thread time, and sync connectors with invalid credentials less frequently.
- By default, the "My User Summary" widget on the Dashboard only displays information about sign-ins that have occurred within the last 24 hours.
- You can choose not to send packet data back to the Deep Security Manager by going to Administration > Agents> Data Privacy and selecting No.
- Deep Security Manager diagnostic packages have the ability to be encrypted. To encrypt your package and logs, go to Administration > Create Diagnostic Package > Enable AES 256 encryption and enter a password. Encrypted zips cannot be extracted using the default ZIP extraction tool available in Windows, it needs to be extracted by 3rd party tools like 7Zip, WinZip etc.
- Redacted potentially sensitive information from the diagnostic packages and logs.
Event-based tasks:
- Improved the capability of event-based tasks by adding support for GCP security automation with account name, labels, network tags and more in the task conditions.
- Introduced "Cloud Vendor" in the event-based tasks conditions in order to limit a task's scope for a specific public vendor (for example, AWS or GCP).
Commands:
- Added the following command:
- Run the command in Deep Security Manager to change the value in the database.
- Send the policy to your target Deep Security Agent to deploy the setting.
- Added the ability for the Deep Security Administrator to hide unresolved recommendation scan results from the Intrusion Prevention, Integrity Monitoring and Log Inspection tab in the policy pages. To hide the unresolved recommendation scan results, use the following commands
dsm_c -action changesetting -name com.trendmicro.ds.antimalware:settings.configuration.maxSelfExtractRTScanSizeMB -value 512
When Deep Security Agent could not determine the type of the target file, the scan engine loaded the file to memory to identify if it was a self-extract file. If there were many of these large files, the scan engine consumed lots of memory. Using the command above, the file-size limitation is set to 512MB for loading target files. When the file-size exceeds the set limitation, the scan engine will skip this process and scan the file directly.
To implement this enhancement:
Intrusion Prevention:
dsm_c -action changesetting -name com.trendmicro.ds.network:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false
Integrity Monitoring:
dsm_c -action changesetting -name com.trendmicro.ds.integrity:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false
Log Inspection:
dsm_c -action changesetting -name com.trendmicro.ds.loginspection:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false
Enhanced scheduled tasks:
- Task enabled has been renamed to Enable task on the last screen of the Create Scheduled Task wizard
- Synchronize cloud account now indicates it only supports vCloud and Azure connectors
- Computer/group selection details now display in list view for Anti-Malware scans and Intrusion Prevention tasks
Virtual Appliance:
- Added the ability to auto-activate guest VMs protected by the Deep Security Virtual Appliance in an NSX-T environment.
- Added the "VMware NSX Policy Configuration Conflict" system event. This event is generated when Deep Security Manager detects that a NSX-T group is configured with different security policies for Endpoint Protection and Network Introspection (E-W).
- Updated Deep Security Manager to allow vCloud accounts to be added even if the virtual machine hardware information is missing.
- When you upgrade the Deep Security Virtual Appliance SVM in NSX-T Manager, Deep Security Manager will now detect that a new SVM is now protecting guest VMs, and will auto-activate those VMs after the upgrade.
- Upgraded the vCloud Connector in Deep Security Manager supports vCloud 9.7 and vCloud 10.0.
- Added the ability to sync Deep Security Manager policies to NSX-T environments.
- Improved the experience when deleting vCenter Connectors with NSX-T Manager. Previously, you had to manually remove the NSX-T component as a service profile, endpoint rules and service deployments, or the vCenter deletion would fail.
- Deep Security Manager can now connect to NSX-T Data Center using LDAP account credentials. Previously, only local NSX-T account credentials could be used.
Other:
- When Anti-Malware actions fail, the results will be displayed in the Syslog result field.
Resolved issues
- When the Hide Unlicensed modules option was selected on Administration > User Management > Users > customer's current account > Settings, all of the modules were hidden. SEG-77037/03228448/DS-51202
- When the Alert on any Computer action was selected for Intrusion Prevention, Firewall, Integrity Monitoring or Log Inspection rules, the computers were not automatically updated with the new policy. SEG-66986/SF02684105/DSSEG-5201
- Sometimes, you couldn't edit a smart folder. SEG-74078/SF03120830/DSSEG-5450
- When the Alert on any Computer action was selected for Intrusion Prevention, Firewall, Integrity Monitoring or Log Inspection rules, the computers were not automatically updated with the new policy. DS-50216/SEG-77260
- Anti-Malware events that were marked as "Pass" were not properly counted on the dashboard or under Anti-Malware events. DS-49364/SEG-70872
- When an agent activated with no AWS metadata but then provided it on a later heartbeat, the cloud provider was not updated, which caused the computer to never be rehomed properly. DS-50713/SEG-77150
- When you did an advanced search on the Computers page for Status Light > Equals > Managed [Green], then selected Export to CSV, the CSV file did not contain the listed computers. DS-49936/SEG-74140
- Azure accounts could not be added in Azure Government regions because the login endpoint was changed. This only applies to Azure Marketplace deployments. DS-52399
- For tenants, the Security Module Usage Report was only visible if you had access to the default Full Access role. (SEG-70494/SF02940195/DS-47492)
- The sign-up page did not render properly in Internet Explorer. (SEG-73072/SF03075345/DS-48944)
- When several emails with large bodies were queued, they were loaded all at once instead of in batches, which caused a large amount of memory to be used. (SEG-71863/SF03024164/DS-49833)
- When the "Untagged" filter was selected on the dashboard, some widgets continued to display tagged items. (SEG-63290/SF02585007/DS-43795)
- Tenants in a multi-tenant setup could move their relays to the primary tenant relay group. This would cause the relays to disappear from their Relay Management page. Tenants are now prevented from moving their relays to the primary tenant relay group. (SEG-57715/02322762/DS-47509)
- Performance issues occurred when there were 1,000s of requests to download the same SVG file because the file was not cached. (SEG-64280/DS-45002)
- AIA hosts with the same Virtual UUID fail when "Activate a new Computer with the same name" was selected. (SEG-66346/02725330/DS-45423)
- In some multi-tenant environments, you could not log in as a tenant. For more information, see Known issues in Deep Security 9.0. (SF02873892/SEG-68674/DS-46391)
- When Integrity Monitoring was enabled but Anti-Malware was disabled, a warning message would appear indicating "Security Update: Pattern Update on Agents/Appliance Failed". (SEG-68454/SEG-67859/DS-32205)
- In the Malware Scan configurations window, the content of the Advanced tab was displayed in the General tab. (SEG-64701/SF02657864/DS-44176)
- Deep Security Manager had issues loading the computers trees on some pages when there were a lot of computers and folders. (SEG-58089/SF02345427/DS-44424)
- AWS connectors sometimes failed to synchronize. (SEG-66472/DS-45029)
- The column names in the CSV output of the "Security Module Usage Report" were partially misaligned with the data columns.(SEG-66717/SF02619240/DS-45130)
- In the Malware Scan Configuration window (Computers/Policies > Anti-Malware > General > Manual Scan > Edit > Advanced and select Scan Compressed File) the Maximum number of files to extract setting could not be set to 0, meaning unlimited. (SEG-65997/02685854/DS-45081)
- Deep Security Manager with PostgreSQL sometimes stopped forwarding events to AWS SNS. (SEG-67362/SF02798561/DS-45594)
- When Deep Security Manager was deployed in an environment with a large number of hosts and protection rules, the manager would sometimes load data for all hosts, even if the user only requested data from some of the hosts. (SF02552257/SEG-62563/DS-43188)
- When booting up, Deep Security Manager validates the database schema of the events tables. Logs always said that the schema was updated, even if no update was actually required. (DS-43196)
- Active Directory synchronization sometimes would not finish. (SEG-52485/DS-38203)
- When a custom Anti-Evasion posture was selected in a parent policy (in the policy editor Settings > Advanced > Network Engine Settings > Anti-Evasion Posture > select 'Custom'), that setting did not appear in the child policies. (SF02434648/SEG-60410/DS-41597)
- On Linux systems, the default maximum number of the concurrent opened files did not meet Deep Security Manager's needs, resulting in the manager failing to acquire file handles. As a result, features in Deep Security Manager failed randomly and a "Too many open files" message appeared in logs. (SEG-59895/DS-43192)
- The "Activity Overview" widget sometime displayed the incorrect database size. (SF02449882/SEG-63362/DS-43946)
- When sorting the "Alert Configuration" page by the "ON" column, the number of alerts was sometimes incorrect. (SF02578797/SEG-63560/DS-43685)
- Certain smart folder search criteria caused an IllegalStateException error. (SF02436019/SEG-60330/DS-41369)
- The memory usage percentage display on the "Manager Node Status" dashboard widget did not match the last recorded system memory usage percentage. (SF02218013/SEG-55761/DS-39149)
- In Deep Security Manager, under Policies > Intrusion Prevention Rules > Application Types > (select DNS client) > Properties > General, the Port setting would change to "Any" after any updates to the port list. (SEG-55634/DS-39444)
- Reconnaissance alerts could not be disabled because the option was not available. (SEG-49907/DS-35122)
- Some Azure Virtual Machine types categorized incorrectly. (SF01885266/SEG-48561/DS-33951)
- Users of AWS Marketplace metered-billing would see an error reported in system events when the billing job was processed. (SF1899351/SEG-48580/DS-33955)
- Integrity Monitoring detailed change and recommendation reports was not running against smart folders. (SF2056260/SEG-51781/DS-35886)
- When the Computers page was grouped by status, it sometimes didn't display the correct total number of computers for each group. (SF01655622/SEG-44858/DS-37769)
- When Deep Security Manager was connected to both a case-sensitive Microsoft SQL database and VMware NSX, the Deep Security Manager upgrade readiness check would sometimes fail and block the upgrade. (SF02060051/SEG-52044/DS-38405)
- Scheduled task scans could be initiated by a user for computer groups that they do not have access to in their roles, which caused an error to occur. (SF02119582/SEG-53275/DS-38892)
- Deep Security Agent sometimes went offline when duplicate virtual UUIDs were stored in the database. (SF01722554/SEG-41425/DS-39272)
- False alerts regarding the license expiration were occasionally raised. (SF01484611/SEG-41437/DS-33831)
- Using a local key secret containing the $ symbol stopped the upgrade or fresh install of Deep Security Manager. (SF02013831/SEG-57243/DS-39526)
- Deep Security used an open source library called SIGAR that is no longer maintained or supported. This can cause applications to crash and other unintended issues in the future. (SF02184158/SEG-54629/DS-39394)
- When an invalid or unresolvable SNMP server name was configured in Administration > System Settings > Event Forwarding > SNMP, it caused SIEM & SNS to also fail. (SF02339427/SEG-57996/DS-39865)
- Forwarding events "via Deep Security Manager" with SIEM event forwarding would not work if the Deep Security Manager hostname was not obtained through DNS resolution. (SEG-50655/DS-37374)
- The events exported via AWS SNS did not contain the HostOwnerID, which corresponds to the AWS Account ID. (SF02420860/SEG-59870/DS-41089)
- In the computer or policy editor in Deep Security Manager, under Anti-Malware > General > Real-Time Scan > Schedule > Edit, the Assigned To tab was sometimes empty, even when the schedule was assigned correctly to computers and policies. (SF02374723/SEG-58761/DS-41036)
Security updates
Security updates are included in this release. For more information about how Trend Micro protects against vulnerabilities, visit Vulnerability Responses. (DS-45446/DS-44955/DS-43627/DS-28754/DS-32322/DS-33833/DS-26068)
Highest Common Vulnerability Scoring System (CVSS) score: 9.8
Highest Severity: Critical
- Updated the JRE to the latest Java Update (8.0.241/8.43.0.6).
- Updated third-party libraries used by Deep Security Manager. (DS-24214)
- Upgraded Apache Tomcat to 8.5.53. (VRTS-4652)
Known issues
- If you are using an Oracle database, this upgrade will take longer than usual due to a database schema change. For more information about Deep Security Manager upgrades, see Upgrade Deep Security Manager.
- When a new Deep Security Virtual Appliance is deployed, the VM name is displayed as "Trend Micro_Custom - <version>", if you're using a local web server to store the Deep Security Virtual Appliance software package. This has no effect on the integrity of the appliance.
- Due to issues discovered during internal testing with SQL 2008, Trend Micro now blocks upgrades to Deep Security feature release when SQL 2008 is the Deep Security Manager database. Microsoft SQL Server 2008 is no longer supported by Microsoft and therefore is no longer being tested and supported for use as a database for the latest releases of Deep Security Manager. For more information from Microsoft, see End of support for SQL Server 2008 and SQL Server 2008 R2. For the full list of databases supported for use with Deep Security Manager, see Deep Security Manager requirements system requirements. (DS-36715)