Deep Security as a Service release notes

Deep Security as a Service is regularly updated with fixes and enhancements.

If you'd like to read the Deep Security Agent release notes, go to the Deep Security Software page, select your agent platform and click the green plus sign.

2019 release notes

Read the release notes for:

2019-08-22

The following issue was resolved in this release:

  • Security events were not able to be sent to Managed Detection and Response.

2019-08-20

The following enhancements were included in this release:

  • Deep Security as a Service accounts using Azure Metered Billing are now moved to Freemium when cancelling their subscriptions.
  • When a computer is rebooted because of a reboot required alert, the Deep Security Manager system event and alert will have a corresponding "Alert Ended" event instead of "Error Dismissed" events.
  • The copyright date in Support > About is updated to 2019.

The following issues were resolved in this release:

  • Reconnaissance alerts could not be disabled because the option was not available.
  • Deep Security Manager showed many “Internal Software Error” system events when "Events Retrieved" and "Agent/Appliance Error" were not recorded in Administration > System Settings > System Events.

2019-08-15

The following enhancements were included in this release:

  • Included the Azure Subscription ID in the AzureVirtualMachineSummary in the Computers API.
  • Added a link to Your Account > Account Details > Upgrade to Paid for free trial users that redirects to the Deep Security as a Service offer on Azure Marketplace for Pay as You Go billing.
  • Added Bahrain as a new region in AWS.

The following issues were resolved in this release:

  • In Deep Security Manager, under Policies > Intrusion Prevention Rules > Application Types > (select DNS client) > Properties > General, the Port setting would change to "Any" after any updates to the port list.
  • In Malware Scan Configurations, when the scan type was Manual/Scheduled, the "Spyware/Grayware Scan Enabled" column always displayed "N/A".
  • When scheduling a monthly scheduled task, the "Next Run" time was a day later than expected.
  • Scheduled task scans could be initiated by a user for computer groups that they do not have access to in their roles, which caused an error to occur.
  • Deep Security Agent sometimes went offline when duplicate virtual UUIDs were stored in the database.

2019-08-08

The following enhancement was included in this release:

  • Added Managed Detection and Response to Deep Security as a Service. You can configure this feature on Administration > System Settings > Managed Detection and Response.

The following issue was resolved in this release:

  • Selecting "Security updates only" as the update content for a relay group on Administration > Updates > Relay Management > Relay Group Properties did not work as expected.

2019-08-06

The following enhancement was included in this release:

  • Updated AWS account addition error messages to be more specific and include Help Center link.

The following issue was resolved in this release:

  • The latest kernel update for some Linux operating systems, including Red Hat Enterprise Linux 7 and Amazon Linux, made a change that caused failures during agent-initiated communication heartbeats.

2019-08-01

The following issues were resolved in this release:

  • The "Recommended for Unassignment" filter on the Intrusion Prevention Rules page sometimes did not correctly filter rules.
  • Deep Security as a Service stopped displaying the alert "Agent/Appliance Upgrade Recommended (New Version Available)", even though the agent had not been upgraded.
  • The description for /api operations on single settings was incorrect.

2019-07-30

The following enhancements were included in this release:

  • Enhanced the "Malware Scan Failure" event description to indicate the possible reason for failure.
  • Added support for migration from the legacy Azure Marketplace offer to the new Azure Marketplace Consumption offer.

The following issue was resolved in this release:

  • In the Computer report, changed wording from "Latest Scan" to "Latest Port Scan".

2019-07-25

The following enhancement was included in this release:

  • Deep Security as a Service displays a warning banner when a relay is older than version 12.0.

The following issue was resolved in this release:

  • The Actions page would fail to load for some browsers in certain timezones.

2019-07-23

The following enhancement was included in this release:

  • Deleting the SOAP API is now prevented on currently-applied Deep Security Rule Updates.

The following issue was resolved in this release:

  • Deleting quarantined files from Deep Security as a Service resulted in a failure event.

2019-07-16

The following enhancements were included in this release:

  • Added Azure Marketplace Metered Billing to Deep Security as a Service.
  • Improved the error message for locked out API keys.

The following issues were fixed in this release:

  • Deep Security Manager was slow showing the details of a system event.
  • A NullPointerException resulted in an agent communication failure.

2019-07-11

The following enhancement was included in this release:

  • Added an error message in /api/computers to clarify that /computers does not support deleting a computer that was added using a cloud connector.

The following issues were fixed in this release:

  • The /api accepted requests to enable SAP on computers that do not support SAP.
  • Application Control events did not include a "Size" column
  • The Alert Status widget sometimes showed the wrong total numbers.
  • When the Computers page was grouped by status, it sometimes didn't display the correct total number of computers for each group.

2019-07-09

The following enhancements were included in this release:

  • Refined the malware scan cancellation event description to indicate that it may be caused by the computer rebooting or shutting down.
  • Updated Deep Security Manager so it allows a security update to proceed when the Deep Security Agent software upgrade has been scheduled for a later time. This ensures Deep Security Agents always have the latest security rules and patterns.
  • Reduced the response time when calling /api/computers?expand=none.

The following issues were fixed in this release:

  • New groups added to an AWS connector were not inheriting the existing permissions assigned to that connector.
  • Two tagging-related counters under the Additional Information section on Administration > System Information were not being incremented.
  • Viewing a run once scheduled task where the next run time was N/A would result in an Internal Server Error.
  • There was an issue in the SOAP API with the /antiMalwareEventRetrieve endpoint.

2019-06-27

The following issues were fixed in this release:

  • Creating a new role from the API wizard screen automatically pushed the API wizard to the next page instead of returning to the initial wizard screen.
  • The command GET /api/tenants did not return a response if a tenant was in a state of suspension due to a database lock.

2019-06-25

The following enhancement was made in this release:

  • Event Based Tasks property description now updates immediately in properties window.

The following issues were fixed in this release:

  • On the Deep Security Manager dashboard, the Software Updates widget always displayed results for all computers, even when the dashboard was filtered to display a subset of computers.
  • The /api/systemsettings/ endpoint had an issue that caused a 4xx error response.
  • The /api system setting platformSettingAgentInitiatedActivationEnabled sometimes didn't match what was displayed in the Deep Security Manager.
  • The scheduled scan "Scan Computers for Integrity Changes" failed when the target host was set to "Group".
  • When the Deep Security Manager refreshed, the information provided by "Last IP Used" and "Last communication time" on the Computers details page disappeared.
  • Non-activated computers under an Azure account had the incorrect platform name.

2019-06-20

The following enhancement was made in this release:

The following issue was fixed in this release:

  • When a policy was assigned to a large number of computers, it sometimes took a long time to load the "Intrusion Prevention" tab in the policy editor.

2019-06-18

The following enhancement was made in this release:

  • Ensured that synchronous tenant creation in /api/tenants returns a tenant with an "active" state.

The following issue was fixed in this release:

  • The Scripts API and the Scripts object were returned in Deep Security as a Service for tenants despite them only being applicable to the primary tenant.

2019-06-13

The following enhancements were made in this release:

  • Improved the description of the Malware scan failure event by adding more details.
  • Added three new statuses in the Azure registration status list.

The following issues were fixed in this release:

  • Deep Security Manager referred to Amazon Simple Notification Service instead of AWS Simple Notification Service.
  • On the day that Daylight Saving Time occurs, a weekly scheduled task was possibly triggered twice in Deep Security Manager.

2019-06-11

The following issue was fixed in this release:

  • A Japanese translation in the Deep Security Manager was incorrect.

2019-06-06

The following enhancements were made in this release:

  • Updated Deep Security Manager to clean up homeless EC2 hosts if they fail at rehoming and are not able to talk to Deep Security Manager for three days.
  • Added validation to the Administrators API to ensure primary contacts have emails.
  • Added the ability to search Computer vCloud VMs in the API with a joined search.
  • Added new functionality in the /systemsettings /api endpoint to be able to describe and modify specific settings by passing /systemsettings/.

The following issues were fixed in this release:

  • Failures were caused by the AWS connector synchronizations running longer than one hour and using cross account role authentication.
  • SUSE Enterprise Server 15 was displayed as SUSE Enterprise Server when computers were added by AWS connector.
  • Users with select computer permissions could not create certain scheduled tasks.
  • The Alert Status widget sometimes showed the wrong total numbers.
  • Integrity Monitoring detailed change and recommendation reports from running against smart folders.
  • The Solaris Deep Security Agent deployment script did not support Solaris 10 Update 4 and Solaris 11.4.
  • The Japanese translation of Inactive Agent Cleanup warning was translated incorrectly.

2019-05-30

The following issues were fixed in this release:

  • Failures occurred during AWS connector synchronizations that ran longer than 15 minutes and used cross-account role authentication.
  • A hyperlink error occurred when navigating to an api key from the 'assigned to' tab in a role.

2019-05-23

The following issues were fixed in this release:

  • Several issues occurred for the Auto-Tag Rules page of any protection module on Events & Reports > Events, depending on how the columns were sorted.
  • System events took too long to appear on Deep Security Manager.
  • Unnecessary scheduled task information was sent to agents.

2019-05-16

The following enhancements were made in this release:

  • Added the new query paramater 'expand' to /api/computers to filter which data should be included in the response.
  • Updated "security update scheduled tasks" so when they're created, modified, or deleted through the /api, a policy is sent.
  • Added the FileSize attribute to the Application Control event description sent to SNS.
  • Improved Amazon WorkSpaces state mapping.
  • Implemented a backoff retry strategy when making "assumeRole" API calls to the AWS Security Token Service. Also, reduced the amount of "assumeRole" calls that are made during an AWS connector synchronization by sharing an existing EC2 client throughout the synchronization. Both of these changes should help reduce the number of failures caused by Security Token Service throttling exceptions.

The following issues were fixed in this release:

  • Viewing certain alerts resulted in an "Internal Server Error" page.
  • The Deep Security Manager contains links for more information about the Trend Micro Smart Protection Network. Those links pointed to an outdated URL.

2019-05-09

The following enhancements were made in this release:

  • Added the Azure and AWS Cloud IDs for each host to the Security Module Usage Report.
  • Added the AWS account ID to Computers in /api if they are managed by an AWS cloud connector.
  • Enabled the "Product Usage Data Collection" setting by default. This can be disabled on Administration > System Settings > Advanced of the Deep Security Manager.
  • Renamed "Recurring Reports" (located under Events & Reports > Generate Reports) to "Scheduled Reports" to make its purpose clearer.
  • Exposed a new setting to /api: firewallSettingSyslogConfigId.
  • Improved various Japanese translations.
  • Updated support URLs for the Japan region.

The following issues were fixed in this release:

  • Intrusion Prevention events with no rule ID incorrectly showed the default severity as an empty string instead of "N/A".
  • The deprecated "quarantineRecordID" field was being removed from the response of the legacy Anti-Malware Events API without notice.
  • When generating multiple reports simultaneously, the report data was sometimes incorrect.
  • When a Deep Security tenant name contained double-byte characters, the TrendMicroDSTenant syslog field would contain the tenant ID instead of the tenant name.
  • The error message for an incorrect application password in Azure connector was imprecise.
  • Certain links to API keys did not work as expected.
  • Some Azure Virtual Machine types were categorized incorrectly which caused the billing of Azure Virtual Machines through Deep Security as a Service to be inaccurate.

2019-04-18

The following enhancements were made in this release:

  • When creating a smart folder, you can now select "Version" as the filter criteria to filter computers based on their Agent version.
  • Scheduled Tasks to "Check for Security Updates" now have an optional timeout field, which is used to select the window of time after the scheduled start time in which security updates may be started.
  • Updated the Trend Micro Threat Encyclopedia URL.

The following issues were fixed in this release:

  • RelayListID was not returned in /api/computers.
  • The Japanese translation for the terms "Equals" and "Does Not Equal" in the computers and events search pages were incorrect.
  • Certain Scheduled Tasks created through /api would fail to run properly.

2019-04-11

The following enhancements were made in this release:

  • Added the Japanese translations for strings introduced with the new application control APIs.
  • Enabled API rate limiting to prevent malicious or accidental over-use. Refer to the Automation Center for details.
  • Enhanced the AWS connector to improve robustness and availability when used with highly dynamic, large scale environments.

The following issues were fixed in this release:

  • The Japanese translation for the term "Untested" in the web reputation strings was incorrect.
  • The error responses in Application Control global rules API endpoints were incorrect.
  • False alerts regarding the license expiration were occasionally raised.
  • The total number displayed on the Recurring Reports page was incorrect.
  • The event-based task that assigned a policy to AWS Workspaces did not function when "Cloud Account Name" was used as a condition.

2019-04-04

The following enhancements were made in this release:

  • When creating a smart folder, you can now select "Task(s)" as the filter criteria, which filters for values displayed in the "Task(s)" column on the Computers page. For example, you could create a smart folder that lists all computers that contain "Scheduled Malware Scan Pending (Offline)" as the task. Additionally, if you are using the Deep Security API to search for computers, you can now search on the value of the tasks/agentTasks and tasks/applianceTasks fields.
  • Updated the Japanese translation for the multi-tenant setting "Allow Tenants to add with Cloud Accounts".
  • Removed the wizard that allowed a precheck for computers that required a reboot and generated a list of results in CSV format.

2019-03-28

This release resolved issues and contained enhancements that are not visible to customers.

2019-03-21

The following enhancements were made in this release:

  • Expanded support in /computers to be able to search on numerous objects. See the API reference documentation on the Automation Center for a list on what is now searchable.
  • Added platform version information in the Software page to distinguish between SuSE 11 and SuSE 12.

The following issues were fixed in this release:

  • Alerts associated with hosts did not show the host information in the Target field of the Alerts page. Additionally, an Internal Server Error is displayed on the Alert detail page if the linked host was deleted.
  • The Deep Security Manager showed "Internal server error" when browsing the hosts in the Computers page.
  • When a policy was created based on a relay-enabled agent, the policy contained the relay state. All agents that were assigned with the policy automatically became relays.
  • When scrolling through Events & Reports > Generate Reports > Single Report, the bottom section floated which obscured the controls behind it.
  • Amazon SNS settings were not saved when reverting to the basic SNS configuration from the JSON SNS configuration.

2019-03-14

The following enhancements were made in this release:

  • Introduced Application Control API capabilities to /api. The following API endpoints have been added: /api/applicationcontrolglobalrules, /api/rulesets, /api/softwarechanges, and /api/softwareinventories. The following settings have been added to computerSettings for the Computers API: maintenanceModeState, maintenanceModeDuration, maintenanceModeStartTime (read-only), and maintenanceModeEndTime (read-only).
  • Removed Azure 'Quick' mode. Previously, the Add Azure Account wizard in Deep Security as a Service included the ability to select a Quick mode and an Advanced mode. In this release, Quick mode has been removed because it required giving excessive permissions to Deep Security as a Service. If you used Quick mode in prior releases, there is no impact to your deployment.
  • Updated /api so all calls to non-existent endpoints return a 404 error.
  • Updated event based tasks so that patterns that match negative regular expressions yield more accurate matches.

The following issues were fixed in this release:

  • The generated Windows deployment script had a syntax error when a proxy server was selected to contact Deep Security Manager.
  • The total number displayed on the Recurring Reports page was incorrect.
  • On the Deep Security Manager Dashboard, the Software Updates widget always displayed all computers and could not be filtered.
  • System events in the Computer details page did not load properly.
  • Parent group permissions were not inherited in sub-groups for the Azure Connector.

2019-03-07

The following enhancements were made in this release:

  • Updated the Deep Security Manager so it can distinguish whether or not a reboot is required after a Deep Security Agent upgrade. When the agent software requires an upgrade, you can view the number of computers that must be rebooted to complete the upgrade, and the number that do not. You can choose to proceed immediately with the respective upgrades, or schedule the upgrades for a more appropriate time. A list of computers and their precheck results can be saved in CSV format.
  • Updated the privacy policy link on the Deep Security as a Service sign up page.

The following issues were fixed in this release:

  • If you have a large number of computer groups and policies and clicked Events & Reports > Generate Reports and then quickly switched to the "Recurring Reports" tab before the initial page was fully loaded, Deep Security Manager would display a spinner but the "Recurring Reports" tab was not populated unless the customer returned to the "Single Report" tab and allowed enough time for it to fully load. In this release, the Deep Security Manager console has been improved. Instead of presenting "Single Report" and "Recurring Reports" as tabs on the "Generate Reports" page, they are now separate items under "Generate Reports" in the navigation pane, which allows you to access them independently. The solution also makes the initial response of the "Single Report" page visible to the user much earlier and loads the necessary content on demand, significantly reducing latency.
  • Deployment of the Deep Security Agent on Amazon Linux 2 WorkSpaces sometimes failed.
  • The "Deep Security Protection Module Failure" error was not automatically dismissed after a successful upgrade.

2019-02-21

The following issue was fixed in this release:

  • Japanese translation of microseconds was incorrect.

2019-02-14

The following enhancements were made in this release:

  • Changed the file format of the database export in the Deep Security Manager diagnostic package from XML to CSV. CSV files help to reduce memory and CPU demand when generating diagnostic packages and result in much smaller file sizes.
  • Added a system event for when a computer needs to be rebooted to complete the Deep Security Agent software upgrade.
  • Updated the "Task(s)" column on Computers to indicate if a computer requires a reboot to complete an agent upgrade.

The following issues were fixed in this release:

  • Concurrent REST API calls sometimes caused slow API response.
  • UNC paths could not be added to Anti-Malware > Advanced > Behavior Monitoring Protection Exceptions.

2019-02-07

The following enhancements were made in this release:

  • Added security enhancements for the API.
  • Added field trimming to some Log Inspection and Anti-Malware event fields.
  • Updated the system event for policy changes. Anti-Malware configurations in a system event will now show the correct state of each configuration.
  • Updated the Japanese version of Computers > Support > Deployment Scripts on the Deep Security Manager with a minor wording modification

The following issues were fixed in this release:

  • In Deep Security Manager, when you went to Events & Reports > Events > Anti-Malware Events > Identified Files and did an advanced search by Computer IP address, computers with the incorrect IP address were displayed.
  • When an Integrity Monitoring event was forwarded to a syslog server, source user information was not included.
  • When AWS connector synchronization occurred with a large amount of instances to be deleted, the deletion occasionally failed and resulted in some terminated instances remaining on Computers in the Deep Security Manager.

2019-01-31

The following enhancements were made in this release:

  • Updated the Anti-Malware configuration API to include additional validation around scan actions.
  • Added an error message to the "Generate an API Key for the Tenant" endpoint that displays if a tenant is not in an active state.
  • Improved the error message in the API so that if there is a rule dependency issue, the error message includes the rule ID of the rule that cannot be directly assigned.

The following issues were fixed in this release:

  • System events reported an incorrect module status when changes to the inherited policies were made.
  • On the Deep Security Manager, the Users, Contacts, and API Keys pages did not display their respective information properly.

2019-01-24

The following enhancement was made in this release:

  • The new API endpoint "/api/agentdeploymentscripts" has been introduced. Use this endpoint to generate Deep Security Agent deployment scripts for Linux, Windows or Solaris platforms.

The following issues were fixed in this release:

  • Performing an advanced search on an empty string value would not return all results when using an Oracle database.
  • AWS classic instances were being added to the root group instead of the connector.

2019-01-17

The following enhancement was made in this release:

  • Improvements to the REST API "/rest/alerts" endpoint to ensure that accurate results are returned.

2019-01-10

This release resolved issues and contained enhancements that are not visible to customers.