Trend Micro Deep Security 11.0 Update 3 公開のお知らせ:サポート情報 : トレンドマイクロ
Trend Micro Deep Security 11.0 Update 3リリース、
Deep Security 11.0 Update 3 のモジュールを公開いたします。
■ 公開開始日2018 年 10 月 24 日 (水)
■ 対象モジュール
Deep Security Manager
Linux 版 Deep Security Agent
Windows 版 Deep Security Agent
Windows 版 Deep Security Notifier
■ 追加機能/修正内容追加機能や修正内容は付属の Readme をご覧ください。
※日本語のReadmeは一か月以内を目安に公開いたします。■ 入手方法
Deep Securityヘルプセンターからダウンロードできます。
サポート情報 : トレンドマイクロ
「Deep Securityヘルプセンター」
また、以下の製品 Q&A も合わせてご参照ください。
Update プログラムとは
Deep Security Manager 11.0 Update 3
2. What's New ======================================================================== 2.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-2684] With this release, customers can add an NSX Manager when Deep Security Manager is operating in FIPS mode. When adding an the NSX Manager to Deep Security Manager, after you enter the NSX Manager information and click "Next", Deep Security Manager gets the NSX server certificate. After adding the vCenter and NSX server successfully, you can install the Deep Security Virtual Appliance and enable FIPS mode for the appliance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2901] In this release, a time zone improvement has been added to the Deep Security Manager logging. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2724] The version of the Java JRE used in Deep Security Manager has been upgraded to Java 8 u181. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2929/SEG-36736/01211295/GCC1-1-828168859] The 'Cancel "Upgrade Agent"' button on the 'Actions' tab of the Computer details page did not function properly. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2892/SEG-37280/SF01255727] Deep Security Manager does not successfully synchronize with Microsoft Azure cloud accounts when Deep Security Manager is using a proxy in an air-gap environment. Solution 2: With this release, Deep Security Manager is able to synchronize when the proxy setting does not contain a credential. However, the Azure connector cannot synchronize successfully with a credential in the proxy setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2855] "User Session Validation Failed" events occurred unexpectedly when the Deep Security Manager sign-in page was accessed. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-2849/SEG-34129] The status of the Deep Security Virtual Appliance displayed as "Managed (VM Stopped)" instead of "Offline" when the Deep Security Virtual Appliance was power off. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-2848] After migrating a virtual machine from one ESX host to another, a duplicate entry for that virtual machine was displayed on the Computers page in Deep Security Manager. Solution 5: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-2791/SEG-13784] Customers were prevented from upgrading Deep Security Manager when their environment contained Deep Security Agents on unsupported platforms. Solution 6: The Deep Security Manager installer no longer performs a pre-check of agents and relays, which unblocks the Deep Security Manager upgrade. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-2701] The Deep Security Manager did not display system event 934 - Software Update: Anti-Malware Windows Platform Update Successful. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-2691] On Linux, Deep Security Manager files were readable by all local users. Solution 8: The permissions of Deep Security Manager files on Linux have been changed so that they are no longer accessible by local users. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-2812] Beginning with JDK version 8u181, the JVM enforces endpoint identification for LDAPS connections by default. The JVM verifies the server address of an Active Directory connector against the server certificate Common Name (or subjectAltName, if it exists). As a result, if the existing Active Directory connector uses a server address that does not match the certificate CN (or subjectAltName), the connector would not be able to synchronize successfully. Solution 9: This issue is fixed in this release. When performing a fresh install, endpoint identification is enabled. When performing an upgrade, if any tenants have an existing Active Directory connector (for either a computer or a user) that connects using LDAPS, endpoint identification is disabled. If no Active Directory connector is found, endpoint identification is enabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent 11.0 Update 3 for Linux
2. What's New ======================================================================== 2.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-2828/SEG-34684] Previously, the network engine would sometimes fill the MAC field in event logs with zeros for outgoing packets, to make the logs easier to read. This release removes this behavior to avoid issues in an overlay network environment. In the event logs, the MAC address for outgoing packets may be empty or contain a random number. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2745/00389528/441559/00513686/00611107/ 00528775/SF00340345/00425845/538145/SF00374619/ SF179909/SF159145/SF318628/00368352] In this release, the Deep Security Agent installer checks the installation platform to prevent installation of an agent that does not match the platform. This feature is supported on: - Amazon Linux and Amazon Linux 2 - Red Hat Enterprise Linux 6 and 7 - CentOS 6 and 7 - Cloud Linux 7 - Oracle Lnux 6 and 7 - SUSE Linux Enterprise Server 11 and 12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2606] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2875/SEG-28060/00853021] After upgrading Deep Security Agent from version 9.6 to 10.0 on a Linux platform, the Component Set version was not updated, which caused the Security Update Status to display "Out-of-Date". Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2835/SEG-33414/00854640] The Deep Security Agent's CPU usage spiked every 10 seconds. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2739] When Deep Security Agent was installed on a virtual machine (VM) and the VM was reverted to an earlier state, Log Inspection event data was not synchronized properly between the Deep Security Agent and Deep Security Manager. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent 11.0 Update 3 for Windows, and Deep Security Notifier 11.0 Update 3 for Windows
2. What's New ======================================================================== 2.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-2769] The Deep Security Agent installer no longer installs all feature modules when the module plug-in files are located in the same folder as the installer. The required plug-in files are downloaded from a Relay when a policy is applied to a protected computer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-2258] The Anti-Malware engine offline error is no longer reported when the computer is preparing to shutdown. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-2606] The version of OpenSSL used by the Deep Security Agent and Deep Security Relay has been updated to openssl-1.0.2o. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-2875/SEG-28060/00853021] After upgrading Deep Security Agent from version 9.6 to 10.0 on a Linux platform, the Component Set version was not updated, which caused the Security Update Status to display "Out-of-Date". Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-2835/SEG-33414/00854640] The Deep Security Agent's CPU usage spiked every 10 seconds. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-2739] When Deep Security Agent was installed on a virtual machine (VM) and the VM was reverted to an earlier state, Log Inspection event data was not synchronized properly between the Deep Security Agent and Deep Security Manager. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~