Deep Security Manager - 20.0.1003 (20 LTS Update 2024-12-10) / Deep Security Linux Agent - 20.0.1-25771 (20 LTS Update 2024-12-10)＠ DeepSecurity Agentでバージョンコントロールが実装されたみたい。

Enhancements

• CPU usage for real-time Anti-Malware can now be configured on Linux using the Deep Security Manager console (Administration > System Settings > System Events). The options are unlimited, low, and extremely low CPU usage. DSM-881
• Unused system events no longer appear in the Deep Security Manager console (Administration > System Settings > System Events) PCT-3185/PCT-26855/PCT-34591/SEG-179061/DSM-279

Security updates

Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. DSM-874/DSM-886

• Highest Common Vulnerability Scoring System (CVSS) score: 8.5
• Highest severity: High

New features

• Version Control Policy: Deep Security Agent now supports Version Control Policy, which allows Trend Vision One version control policies to manage agent and component updates for any endpoint with the Trend Micro Endpoint Basecamp (XBC) agent installed. For more information, see Version Control Policies. This is currently in pre-release, and is only supported for Trend Vision One - Server & Workload Protection.

• Quarantine auto-cleanup: Deep Security Agent will now automatically purge parts of files in the quarantine folder if its disk space usage exceeds the maximum amount. Max disk space usage (1024 MB by default) is configurable from Computer (or Policy) > Anti-Malware > Advanced > Identified Files. This feature is only available for Cloud One Workload Security at this time.

Enhancements

• Deep Security Agent 20.0.1.25771 or later supports FIPS mode for Ubuntu 22.04. DSA-7699
• Deep Security Agent now supports Advanced TLS Traffic Inspection for Intrusion Prevention on Apache Tomcat servers running OpenJDK 8 on 64-bit Linux operating systems. DSA-8244
• Deep Security SAP Scanner can now report results to SAP applications when it identifies password-protected compressed files attached to an email in Microsoft Outlook Item (MSG) format. SF07873657/PCT-23367/DSA-7716
• Deep Security Agent can now trigger the installation of Endpoint Basecamp from Trend Cloud One - Endpoint & Workload Security. DSA-7532
• Anti-Malware's Behavior Monitoring detection level and prevention level can now be configured. DSA-6796
• Deep Security Agent now detects if its relay proxy is Trend Vision One Service Gateway Forward Proxy Service, and uses the Service Gateway domain allow list to decide whether the connection should use the relay proxy or not. SF07267852/PCT-29311/DSA-6274
• Deep Security Agent now supports additional options to fine tune detection sensitivity for Anti-Malware, Behavior Monitoring, Predictive Machine Learning, Process Memory Scan, and the Windows Antimalware Scan Interface (for real-time scan only). DSA-6062
• Improved detection and protection against malicious processes that can be launched through a memory file descriptor (memfd). DSA-6009

Resolved issues

• Events including packet data were being logged with an incorrect packet size. PCT-45556/DSA-8074
• Some systems with Anti-Malware enabled encountered a memory leak. DSA-8243
• Some systems encountered a memory issue that caused Anti-Malware to stop working. PCT-46330/DSA-8156
• Deep Security SAP Scanner would incorrectly report scan failures when two or more files with the same content were included in a compressed file. PCT-38781/DSA-7324
• Deep Security Agent had higher than usual CPU usage if Integrity Monitoring was disabled following an Integrity Monitoring scan. SF07991055/PCT-31459/DSA-6195
• Rebooting caused some systems to hang if agent self-protection was enabled. PCT-27574/PCT-29800/DSA-6007
• When SAP was enabled, duplicate exclude paths were sometimes created and would remain even after SAP was disabled. DSA-7595

Security updates

• This release contains updates to third-party libraries. DSA-7124

New features

• Version Control Policy: Deep Security Agent now supports Version Control Policy, which allows Trend Vision One version control policies to manage agent and component updates for any endpoint with the Trend Micro Endpoint Basecamp (XBC) agent installed. For more information, see Version Control Policies. This is currently in pre-release, and is only supported for Trend Vision One - Server & Workload Protection.

Enhancements

• Deep Security Agent can now trigger the installation of Endpoint Basecamp from Trend Cloud One - Endpoint & Workload Security. DSA-7532
• Updated Deep Security Agent to reduce the duration of on-demand scans when the CPU Usage is set to Medium (Computer or Policy > Settings > General > CPU Usage Control). DSA-8171
• Deep Security Agent for Windows platforms now supports wildcard * use in Anti-Malware process path exclusions. PCT-36703/DSA-7768
• Deep Security SAP Scanner can now report results to SAP applications when it identifies password-protected compressed files attached to an email in Microsoft Outlook Item (MSG) format. SF07873657/PCT-23367/DSA-7562
• Deep Security Agent now detects if its relay proxy is Trend Vision One Service Gateway Forward Proxy Service, and uses the Service Gateway domain allow list to decide whether the connection should use the relay proxy or not. SF07267852/PCT-29311/DSA-6274
• Deep Security Agent can now add existing detections (by malware name, or rule ID for Anti-Malware or Behavior Monitoring) to the Rule Exceptions list from Computer or Policy > Anti-Malware > Advanced. DSA-6318
• Deep Security Agent now supports additional options to fine tune detection sensitivity for Anti-Malware, Behavior Monitoring, Predictive Machine Learning, Process Memory Scan, and the Windows Antimalware Scan Interface (for real-time scan only). DSA-6062

Resolved issues

• Events including packet data were being logged with an incorrect packet size. PCT-45556/DSA-8074

Deep Security Agent had higher than usual CPU usage if Integrity Monitoring was disabled following an Integrity Monitoring scan. SF07991055/PCT-31459/DSA-6195

• Anti-Malware manual scans of files or folders with special characters sometimes failed. PCT-43895/DSA-8126
• The Trend Micro Windows Filtering Platform (TBIMWFP) driver caused a memory leak on some systems, which led to higher than normal memory usage. DSA-7968
• Deep Security SAP Scanner would incorrectly report scan failures when two or more files with the same content were included in a compressed file. PCT-38781/DSA-7557
• The Anti-Malware Solution Platform (AMSP) service was crashing on some systems. PCT-41566/DSA-7952

Security updates

• This release contains updates to third-party libraries. DSA-7124
• Security updates are included in this release. For more information about Trend Micro protection against vulnerabilities, see Vulnerability Response. Note that in line with responsible disclosure practices, Common Vulnerabilities and Exposures (CVE) details are only available for select security updates once patches are available for all impacted releases. VRTS-13016/DSA-7645
• Highest Common Vulnerability Scoring System (CVSS) score: 7.8
• Highest severity: High

Resolved issues

• Events including packet data were being logged with an incorrect packet size. PCT-45556/DSA-8074

Enhancements:

• Advanced Threat Scan Engine update: Advanced Threat Scan Engine has been updated to version 24.550.