Softpedia >Windows >Antivirus >Trend Micro Deep Security >  Changelog

Trend Micro Deep Security Changelog

What's new in Trend Micro Deep Security 9.5.3 SP1 Build 2754

Feb 20, 2015
  • NEW:
  • Extended support for Microsoft Azure:
  • Deep Security can now connect to Microsoft Azure accounts using
  • shared certificates. For more information, see the Deep Security
  • 9.5 SP1 Installation Guide (Cloud).
  • SSL Enhancements:
  • Extended SSL Support for TLS 1.2 and the following ciphers:
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • Extended Proxy Support for Relays:
  • Relay Groups can now be configured to use unique proxy servers
  • to retrieve Security Updates from Trend Micro. The option is
  • available in the Relay Group's properties window.
  • Support for log only HTTP Protocol Decoder errors:
  • Certain errors determined by the HTTP Protocol decoder can now
  • be manually set to be log only. The errors are:
  • Double Decoding Exploit
  • Illegal Character in URI
  • Invalid Hex Encoding
  • Invalid Use of Character
  • Invalid UTF8 Encoding
  • Scan Engine Enhancement:
  • Scan Engine (VSAPI) has been updated to version 9.8.
  • RESOLVED KNOWN ISSUES:
  • When a DSM Admin user sets the Local override password to enable Deep Security Agent Self Protection, if the password contains a colon (:), for example, "pass:word", any DSA command that requires authentication (like TRACE or ResetAgent) will fail with ERROR 403 forbidden error. The code that parses the username:password string is fixed to handle passwords that include colons (:).
  • Deep Security Relay 9.0 uses a version of the Nginx web server and its statically linked openssl that are affected by vulnerabilities CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, and CVE-2014-0076. This release updates the Nginx web server program and statically linked openssl in the Deep Security Relay 9.0 to remove the vulnerability.
  • In general, file names are encoded in UTF-8 on Linux, but Linux doesn't enforce this. It is up to applications to handle non-UTF-8 encoded file names. DSA was designed to handle UTF-8 encoding. If the file name is encoded in multibytes encoding, the log event fails to record the file path. Deep Security product currently does not plan to support multibytes encoding. This fix provides a workaround. If non-UTF-8 encoding is detected in a file path, the file path will be represented in a hex string, which can be used as a hint about which file triggered an event.
  • If an environment variable is defined under the scan exclusions directory list, and that environment variable is defined under the "Settings > view environment variable" tab, the exclusion does not work properly. The files that match the environment variable are still scanned. This release ensures that scan exclusions that use environment variables work properly.
  • When users change the default relay port in Deep Security Manager, the relay's listening port does not change. This release ensures that the relay configuration is updated promptly after users change the default relay port in Deep Security Manager.
  • When the Deep Security is configured to use one or more proxies to download security updates, each Deep Security Relay will attempt to establish contact with each all the sources before downloading instead of just one. This release will let IAU module try only one source before downloading. If it fails, then try next source.

New in Trend Micro Deep Security 8.0 (Aug 29, 2012)

  • Agentless Integrity Monitoring
  • In Deep Security 7.5, Integrity Monitoring functionality was available only with the Deep Security Agent. In Deep Security 8.0, the Deep Security Virtual Appliance now also provides Integrity Monitoring to protect Agentless virtual machines.
  • IPv6 Support
  • Deep Security Relay:
  • The Deep Security Relay is a server which relays Deep Security Updates from the Trend Micro Update Server to the Deep Security system. Relays improve performance by distributing the task of delivering updates to the Manager, Appliances, and Agents of your Deep Security installation.
  • Multiple Deep Security Relays can be installed (at least one is required), and they can be arranged in hierarchies to optimize bandwidth (e.g. configuring the Agents on all computers in a remote office to use a particular Relay).
  • Smart Protection Network:
  • File Reputation Services: Deep Security Agents and Appliances store the Anti-Malware Pattern which is used as the initial file threat detection and elimination tool during scans. If the risk of the file cannot be determined by Agent/Appliance, a query is sent to the Smart Protection Network or Smart Protection Server to be assessed.
  • Web Reputation Services: Web Reputation services track the credibility of Web domains by assigning a reputation score based on factors such as a Web site's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis. Web reputation services assign reputation scores to specific pages or links within sites instead of classifying or blocking entire sites.
  • Web Reputation:
  • Deep Security's Web Reputation module allows web pages to be blocked based on their web reputation ratings. Web Reputation uses the Trend Micro Smart Protection Network.
  • Further configuration enables specific URLs to be blocked or allowed. End-users are redirected to a page explaining that the page they were trying to view was blocked by their administrator for security reasons and they are given a link to a site where they can request access to the blocked page.
  • The Web Reputation protection feature is available with a Deep Security Anti-Malware protection license.
  • Smart Feedback:
  • Trend Micro Smart Feedback provides continuous communication between Trend Micro products and the company's 24/7 threat research centers and technologies. With Smart Feedback, products become an active part of the Trend Micro Smart Protection Network, where large amounts of threat data is shared and analyzed in real time. This interconnection enables never before possible speeds at identifying, analyzing, and stopping new threats—a level of responsiveness that addresses the thousands of new threats and threat variants released daily.
  • Coordinated Approach:
  • Changes in the way the coordinated approach is implemented mean that if you have a protection feature activated and capable at both the Deep Security Virtual Appliance and a Deep Security Agent on a virtual machine protected by that Appliance, then the protection feature will be in effect at the Agent only. The Firewall, DPI, and Web Reputation modules can take advantage of Coordinated Protection. Anti-Malware, Integrity Monitoring, and Log Inspection are not yet supported.
  • Auto-Tagging and Trusted Source:
  • As part of the Integrity Monitoring protection, Auto-Tagging allows administrators to automatically tag events from protected computers based on the similarity to selected known-good events. The source for known-good events can be a local Trusted Computer, or known good signatures from Trend Micro's Certified Safe Software Service. Tags can be used to organize Events in order to simplify the task of Event monitoring and management.
  • Agent Notifier:
  • The Deep Security Notifier is a Windows System Tray application that displays security notifications to users of protected computers. It also provides a pop-up user notification when the Deep Security blocks malware or access to web pages.
  • The Notifier can be installed on its own on computers protected by a Virtual Appliance. It is automatically installed by default with the Deep Security Relay and Deep Security Agent on Windows.
  • Agent Self-Protection:
  • Administrators can use Deep Security Manager to prevent local end-users from uninstalling, stopping, or otherwise modifying the Deep Security Agents.