Trend Micro Deep Security 9.6 Service Pack 1 Patch 1 Update 8 公開のお知らせ(2017/06/05):サポート情報 : トレンドマイクロ
(情報元のブックマーク数
Trend Micro Deep Security 9.6 Service Pack 1 Patch 1 Update 8リリース。
Trend Micro Deep Security 9.6 Service Pack 1 Patch 1 Update 8 を下記日程にて公開いたしました。
■ 公開開始日
2017 年 06 月 05 日 (月)
■ 対象モジュールDeep Security Manager
※Deep Security Managerのモジュールのみの公開になります。■ 追加機能/修正内容
追加機能や修正内容は付属のReadmeをご覧ください。
※日本語のReadmeは一か月以内を目安に公開いたします。■ 入手方法
本製品の各コンポーネントは最新版ダウンロードページの「統合サーバセキュリティ対策」カテゴリからダウンロードできます。
サポート情報 : トレンドマイクロ
「最新版ダウンロードページ」
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancements are included in this release:
Enhancement 1: [DSSEG-832]
Sometimes, when a communication session between the
Deep Security Manager and Agent ended, the manager
would encounter a null point exception error when
checking the versions of agents.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-781/SEG-875]
In some environments, the Anti-Malware Solution
Platform (AMSP) could cause high disk input/output
when the common scan cache was on.
Solution 2: By default, the AMSP common scan cache is on. To
disable it, open a Windows command prompt on the Deep
Security Manager computer, go to the Deep Security
Manager root folder, and run this command:
dsm_c -action changesetting -name settings.configuration.disableAmspCommonScanCache -value true
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-852]
Deep Security Manager now provides a single
deployment script for both Windows and Linux and adds
the ability to allow customers to select a proxy
setting and add it to the deployment script.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issues:
Issue 1: [DSSEG-1062/SEG-7362]
If the database connection was not stable when the
Deep Security Manager service started, the manager
could fail to get a setting from the database and
think it hadn't done the setting migration yet. If
that happened, the manager would mistakenly perform
the setting migration again and cause some settings
to be restored to their default values.
Solution 1: This issue is resolved in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-1047]
The Azure connector did not support Azure (China)
accounts.
Solution 2: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-1024]
The Deep Security Manager was affected by one or more
of the CVEs reported in the Oracle Critical Patch
Update issued April 18, 2017 and by a vulnerability
related to CVE-2014-3490.
Solution 3: The Java JRE used in the Deep Security Manager has
been upgraded to the version released for the above-
mentioned Critical Patch Update (Java 8 u131). The
vulnerability related to CVE-2014-3490 is also
resolved.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-1020/SEG-4929]
If the database connection was not stable when the
Deep Security Manager service started, the manager
could fail to get a setting from the database and
think it hadn't done the setting migration yet. If
that happened, the manager would mistakenly perform
the setting migration again and cause some settings
to be restored to their default values.
Solution 4: After applying this fix, if Deep Security Manager
cannot get the setting from the database due to an
unexpected error, it will not perform the setting
migration at that time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-837/385457]
When the “Use a Schedule for Upgrade” option is
selected, the upgrade time is on based on the time
zone of the Deep Security Manager computer. However,
the schedule displayed under “Policies > Common
Objects > Other > Schedules” reflected the time zone
where the user is located, which could be different
from the time zone of the Deep Security Manager. This
difference sometimes caused confusion.
Solution 5: The schedules displayed on the "Schedules" page are
not associated with any time zone. But when a
schedule is applied to a rule or task, it will be
applied using the Deep Security Manager or Agent's
local time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-744/SEG-1206]
The default ICRC log level for a Deep Security Agent
on Linux is "debug", which causes the ds_am-icrc.log
file to grow quickly.
Solution 6: Change the default ICRC log level to "warn". For a
fresh agent installation, the default ICRC log level
will be set to "warn" by default. To update an
existing agent on Linux:
1. Upgrade the Deep Security Manager to the build that
contains the fix.
2. On the Deep Security Manager computer, open a
Windows command prompt, go to the Deep Security
Manager root folder, and run this command:
dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true
3. Upgrade the Deep Security Agent to the build that
contains the fix.
4. After the agents are upgraded and the default ICRC
log level has been corrected, we recommend that you
turn off the key. To do this, go to the Deep
Security Manager computer, open a Windows command
prompt, go to the Deep Security Manager root folder,
and run this command:
dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~