Deep Security Manager FR 2019-12-12

Feature releases include all the improvements from previous releases. Read the Release notes from previous releases if you'd like to know all of the improvements from past FRs.
This feature release includes Deep Security Manager only. The recommended agents for use with this feature release are the latest Deep Security 12 long-term support agents. Deep Security 12 feature release agents will be part of an upcoming feature release. We are releasing Deep Security Manager independently of the agents to allow customers to provide feedback on the latest version of the manager now. Releasing Deep Security Manager independently is an example of how the changes to the feature release process in 2019 provide increased flexibility to allow you to better accept content on your own schedule. With this feature release, you can upgrade and deploy Deep Security Manager now so you are in a position to deploy and use the feature release agents when they become available.

New features

Improved security

Agent version control: Agent version control gives you and your security operations team control over the specific versions of the Deep Security Agent that can be used by features like deployment scripts and upgrade on activation. This provides increased control over the Deep Security Agent used in your environment. For more information, see Configure agent version control.

Improved management and quality

Upgrade on activation: Deep Security Manager now has options (Administration > System Settings > Agents > Automatically upgrade Linux/Windows agents on activation) that enable you to automatically upgrade the Deep Security Agent on Linux and Windows computers to the version specified in Administration > System Settings > Updates > Software > Agent Version Control when the agent is activated or reactivated. For details, refer to Automatically upgrade agents on activation.


  • Added the "Kernel Unsupported" system event to indicate if your computer has been upgraded to an unsupported kernel.
  • Added a reason ID for the "Manual Malware Scan Cancellation complete" system event. The reason ID is displayed in REST API calls, SNS information and SIEM information.
  • Renamed the scheduled task "AWS Billing Usage Task" to "Metered Billing Usage Task" because the task now applies to both AWS and Azure billing.
  • Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager.
  • Aggregated identical agent events in a single heartbeat under a single event.
  • Modernized the Policies > Lists > Port Lists page.
  • Added the Validate the signature on the agent installer checkbox on Support > Deployment Scripts. For more information, see Check digital signatures on software packages.
  • Improved the "License Changed" event description by specifying if the plan ID is for Azure Marketplace billing.
  • Reduced the maximum number of computers displayed on the Computers page from 2000 to 500 to improve performance.
  • Renamed the Service Token setting to Data Source GUID on Administration > System Settings > Managed Detection and Response.
  • Added the ability to auto-activate guest VMs protected by the Deep Security Virtual Appliance in an NSX-T environment.
  • Added a "Agent GUID" column to the Computers page so you can search computers by the Agent GUID.
  • Included a search bar under Administration > Updates > Software > Local.
  • Enhanced scheduled tasks:
    • Task enabled has been renamed to Enable task on the last screen of the Create Scheduled Task wizard
    • Synchronize cloud account now indicates it only supports vCloud and Azure connectors
    • Computer/group selection details now display in list view for Anti-Malware scans and Intrusion Prevention tasks
  • Added the ability to hide all empty AWS regions, VPCs, subnets, and directories, reducing clutter and increasing load speed on the Computers page.
  • Added the ability for the Deep Security Administrator to hide unresolved recommendation scan results from the Intrusion Prevention, Integrity Monitoring and Log Inspection tab in the policy pages. To hide the unresolved recommendation scan results, use the following commands
  • Intrusion Prevention:

    dsm_c -action changesetting -name -value false

    Integrity Monitoring:

    dsm_c -action changesetting -name com.trendmicro.ds.integrity:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false

    Log Inspection:

    dsm_c -action changesetting -name com.trendmicro.ds.loginspection:settings.configuration.showUnresolvedRecommendationsInfoInPolicyPage -value false

Resolved issues

  • When Deep Security Manager was deployed in an environment with a large number of hosts and protection rules, the manager would sometimes load data for all hosts, even if the user only requested data from some of the hosts. (SF02552257/SEG-62563/DS-43188)
  • When booting up, Deep Security Manager validates the database schema of the events tables. Logs always said that the schema was updated, even if no update was actually required. (DS-43196)
  • Active Directory synchronization sometimes would not finish. (SEG-52485/DS-38203)
  • When a custom Anti-Evasion posture was selected in a parent policy (in the policy editor Settings > Advanced > Network Engine Settings > Anti-Evasion Posture > select 'Custom'), that setting did not appear in the child policies. (SF02434648/SEG-60410/DS-41597)
  • On Linux systems, the default maximum number of the concurrent opened files did not meet Deep Security Manager's needs, resulting in the manager failing to acquire file handles. As a result, features in Deep Security Manager failed randomly and a "Too many open files" message appeared in logs. (SEG-59895/DS-43192)
  • The "Activity Overview" widget sometime displayed the incorrect database size. (SF02449882/SEG-63362/DS-43946)
  • When sorting the "Alert Configuration" page by the "ON" column, the number of alerts was sometimes incorrect. (SF02578797/SEG-63560/DS-43685)
  • Certain smart folder search criteria caused an IllegalStateException error. (SF02436019/SEG-60330/DS-41369)

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit our Vulnerability Responses.