Deep Security Manager - 20.0.954 (20 LTS Update 2024-08-21) / Deep Security Linux Agent - 20.0.1-17380 (20 LTS Update 2024-08-21) ＠ 各種機能強化、修正対応

New Features

• User mode solution: User mode can now be enabled from the Deep Security Manager UI to provide event generation and protection through basic functions for Anti-Malware on systems that lack kernel support.

Enhancements

• The path property for Application Control Trust Entities rules can now use wildcards in a Universal Naming Convention (UNC) path without requiring a drive letter. SF06976162/SEG-189907/WS-4290
• Application Control Trust Entities rules now include User and Group property options. WS-2626
• The Application Control Software Changes page (Actions) now includes software change attributes or signer information for Signer Name, Issuer Common Name, Issuer Organizational Unit, Issuer Organization, Issuer Locality, Vendor, Product Name, Process Name, Install Path, and File Path. DSM-662
• Service Gateway can now be configured (from Administration > System Settings > Proxies > Proxy Server Use) as a proxy for Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing). DSM-518

Resolved issues

• Updating Deep Security Agent sometimes caused Application Control software change events. SF07441007/PCT-9653/PCT-16914/WS-6246
• The Deep Security Manager Support button was leading to a "404 page not found" error. DSM-784
• Application Control events generated by Trust Entities would display "None" in the RULESET column (Events & Reports > Application Control Events) even if they were associated with a ruleset. DSM-779
• The Kernel Support Package (KSP) was unexpectedly deleted on some systems. SF08057187/PCT-30396/PCT-36420/DSM-718
• Deep Security Manager sometimes became unresponsive and some Deep Security Agent upgrades would hang. PCT-11707/DSM-492

Enhancements

• Web Reputation Service "Smart Protection Server Disconnected" events now include FQDN or IP address information in the description field. DSA-5408
• SAP Scanner now classifies Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages as text files. SF07895338/PCT-24359/DSA-5790
• SAP Scanner now associates JavaScript with compatible file extensions. For details, see Supported MIME types. SF08102626/PCT-31518/DSA-6192
• Deep Security Agent can now receive Trend Micro Service Gateway Generic Caching Service (GCS) settings from Endpoint Basecamp. This is only supported for Trend Vision One - Server & Workload Protection Agent. DSA-6392

Resolved issues

• Anti-Malware engine would sometimes crash. DSA-5536
• SAP Scanner would incorrectly classify valid CSV files if the data was formatted on a single line. SF07967718/PCT-26844/DSA-6102
• SAP Scanner sometimes incorrectly identified image files as ASP scripts. SF07764878/PCT-20406/DSA-6122
• Kernel Support Package (KSP) would not reload automatically after being imported. DSA-6159
• Deep Security Agent could not load the policy if some policy configuration fields contained curly brackets. DSA-6189
• Deep Security Agent would fail to activate if the hostname contained non-ASCII characters. PCT-32214/DSA-6268
• Deep Security Agent sometimes failed to shut down completely if integrating with Trend Micro Endpoint Basecamp (XBC) agent. SF08143019/PCT-32915/DSA-6347
• Deep Security Agent would incorrectly create a temporary directory named /opt/ds_agent@tmp during installation. DSA-6412

Known issues

• Deep Security Agent Application Control causes high CPU usage. PCT-36414

Enhancements

• Web Reputation Service "Smart Protection Server Disconnected" events now include FQDN or IP address information in the description field. DSA-5408
• SAP Scanner now classifies Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages as text files. SF07895338/PCT-24359/DSA-5790
• SAP Scanner now associates JavaScript with compatible file extensions. For details, see Supported MIME types. SF08102626/PCT-31518/DSA-6192
• Deep Security Agent can now receive Trend Micro Service Gateway Generic Caching Service (GCS) settings from Endpoint Basecamp. This is only supported for Trend Vision One - Server & Workload Protection Agent. DSA-6392
• uAgentWscHandler.exe is a new process that supports Windows Anti-Malware Protected Process Light technology and integrates with Windows Security Center on Windows 10 or Windows 11. DSA-5138

Resolved issues

• SAP Scanner would incorrectly classify valid CSV files if the data was formatted on a single line. SF07967718/PCT-26844/DSA-6102
• SAP Scanner sometimes incorrectly identified image files as ASP scripts. SF07764878/PCT-20406/DSA-6122
• Deep Security Agent could not load the policy if some policy configuration fields contained curly brackets. DSA-6189
• Deep Security Agent would fail to activate if the hostname contained non-ASCII characters. PCT-32214/DSA-6268
• Deep Security Agent would sometimes cause an Operating System crash if Advanced TLS inspection was enabled. PCT-34149/DSA-6346

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Response. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. VRTS-12301/DSA-5967/DSA-6150

• Highest CVSS score: 7.8
• Highest severity: High

Known issues

• Deep Security Agent Application Control causes high CPU usage. PCT-36414

Resolved issues

• Deep Security Agent could not load the policy if some policy configuration fields contained curly brackets. DSA-6189
• Deep Security Agent would fail to activate if the hostname contained non-ASCII characters. PCT-32214/DSA-6268