Deep Security Manager FR 2019-10-23

This feature release includes Deep Security Manager only. The recommended agents for use with this feature release are the latest Deep Security 12 long-term support agents. Deep Security 12 feature release agents will be part of an upcoming feature release. We are releasing Deep Security Manager independently of the agents to allow customers to provide feedback on the latest version of the manager now. Releasing Deep Security Manager independently is an example of how the changes to the feature release process in 2019 provide increased flexibility to allow you to better accept content on your own schedule. With this feature release, you can upgrade and deploy Deep Security Manager now so you are in a position to deploy and use the feature release agents when they become available.

New features

Enhanced platform support

Deep Security Manager

  • Oracle 18 database support
  • Oracle 19c database support
  • PostgreSQL 11 database support

Google Cloud Platform: Google Cloud Platform (GCP) has been integrated with Deep Security. You can now view new GCP instances that come online or are removed, and which instances have protection. If you are using multiple clouds on-premise and in your data center, Deep Security can provide visibility for all of your environments. This feature is available for VMs that have Deep Security Agent 12.0 or later installed. For details, see Add a Google Cloud Platform account.

Improved management and quality

Enhanced visibility of scheduled scan tasks and event based tasks: Scheduled scan tasks and event-based tasks have been improved by providing scan visibility as well as specific reasons for each uncompleted Anti-Malware scan and recommended actions to resolve the scan.

Advanced billing reporting: The Security Module Usage Report now includes the Cloud Account ID (AWS Account ID, Azure Subscription ID or GCP Project ID) for protected instances.

Enhancements

  • Updated the AWS account addition error messages to be more specific and include a Help Center link.
  • When creating a smart folder, you can now select "Task(s)" as the filter criteria, which filters for values displayed in the "Task(s)" column on the Computers page. For example, you could create a smart folder that lists all computers that contain "Scheduled Malware Scan Pending (Offline)" as the task. Additionally, if you are using the Deep Security API to search for computers, you can now search on the value of the tasks/agentTasks and tasks/applianceTasks fields.
  • Added FileSize attribute to the Application Control event description sent to SNS.
  • A deployment script for Deep Security Agent for AIX is now available in Deep Security Manager.
  • Improved the diagnostic logging options for the AWS connector related features.
  • Deep Security Manager now prevents you from importing duplicate Trusted Certificates.
  • When creating a smart folder, you can now select "Version" as the filter criteria to filter computers based on their Agent version.
  • Improved the scan failure event description by adding more details.

Resolved issues

  • The memory usage percentage display on the "Manager Node Status" dashboard widget did not match the last recorded system memory usage percentage. (SF02218013/SEG-55761/DS-39149)
  • In Deep Security Manager, under Policies > Intrusion Prevention Rules > Application Types > (select DNS client) > Properties > General, the Port setting would change to "Any" after any updates to the port list. (SEG-55634/DS-39444)
  • Reconnaissance alerts could not be disabled because the option was not available. (SEG-49907/DS-35122)
  • Some Azure Virtual Machine types categorized incorrectly. (SF01885266/SEG-48561/DS-33951)
  • Users of AWS Marketplace metered-billing would see an error reported in system events when the billing job was processed. (SF1899351/SEG-48580/DS-33955)
  • Integrity Monitoring detailed change and recommendation reports was not running against smart folders. (SF2056260/SEG-51781/DS-35886)
  • When the Computers page was grouped by status, it sometimes didn't display the correct total number of computers for each group. (SF01655622/SEG-44858/DS-37769)
  • When Deep Security Manager was connected to both a case-sensitive Microsoft SQL database and VMware NSX, the Deep Security Manager upgrade readiness check would sometimes fail and block the upgrade. (SF02060051/SEG-52044/DS-38405)
  • Scheduled task scans could be initiated by a user for computer groups that they do not have access to in their roles, which caused an error to occur. (SF02119582/SEG-53275/DS-38892)
  • Deep Security Agent sometimes went offline when duplicate virtual UUIDs were stored in the database. (SF01722554/SEG-41425/DS-39272)
  • False alerts regarding the license expiration were occasionally raised. (SF01484611/SEG-41437/DS-33831)
  • Using a local key secret containing the $ symbol stopped the upgrade or fresh install of Deep Security Manager. (SF02013831/SEG-57243/DS-39526)
  • Deep Security used an open source library called SIGAR that is no longer maintained or supported. This can cause applications to crash and other unintended issues in the future. (SF02184158/SEG-54629/DS-39394)
  • When an invalid or unresolvable SNMP server name was configured in Administration > System Settings > Event Forwarding > SNMP, it caused SIEM & SNS to also fail. (SF02339427/SEG-57996/DS-39865)
  • Forwarding events "via Deep Security Manager" with SIEM event forwarding would not work if the Deep Security Manager hostname was not obtained through DNS resolution. (SEG-50655/DS-37374)
  • The events exported via AWS SNS did not contain the HostOwnerID, which corresponds to the AWS Account ID. (SF02420860/SEG-59870/DS-41089)
  • In the computer or policy editor in Deep Security Manager, under Anti-Malware > General > Real-Time Scan > Schedule > Edit, the Assigned To tab was sometimes empty, even when the schedule was assigned correctly to computers and policies. (SF02374723/SEG-58761/DS-41036)
  • Due to issues discovered during internal testing with SQL 2008 we will now be blocking upgrades to Deep Security feature release when SQL 2008 is the Deep Security Manager database. Microsoft SQL Server 2008 is no longer supported by Microsoft and therefore is no longer being tested and supported for use as a database for the latest releases of Deep Security Manager. For more information from Microsoft please see SQL server 2008 and SQL server 2008 R2 end of support. For the full list of databases supported for use with Deep Security Manager please see Deep Security Manager requirements system requirements. (DS-36715)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit our Vulnerability Responses. (DS-28754/DS-32322/DS-33833/DS-26068)

  • Upgraded Apache Tomcat to 8.5.43. (DS-38558)