<> Trend Micro Incorporated December 27, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro Safe Lock(TM) Intelligent Manager 2.0 Service Pack 1 Patch 2 Build 58xx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About Trend Micro Safe Lock 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Safe Lock Intelligent Manager Enhancements 2.2 Safe Lock agents Enhancements 2.3 Safe Lock Intelligent Manager Resolved Known Issues 2.4 Safe Lock agents Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement ========================================================== 1. About Trend Micro Safe Lock ======================================================================== Trend Micro Safe Lock consists of an agent program called Safe Lock that resides on endpoints and a server program called Safe Lock Intelligent Manager that manages agents. Trend Micro Safe Lock protects fixed-function computers like Industrial Control Systems (ICS), Point of Sale (POS) terminals, and kiosk terminals from malicious software and unauthorized use. By using fewer resources and without the need for regular software or system updates, Safe Lock can reliably secure computers in industrial and commercial environments with little performance impact or downtime. Trend Micro Safe Lock Intelligent Manager provides centralized monitoring and management of Trend Micro Safe Lock agent deployment, status, and events. For example, administrators can remotely deploy agents, deploy initial agent Approved Lists, and change agent Application Lockdown states. Additionally, Safe Lock Intelligent Manager performs malware scans and administrators can view root cause information on files blocked from running by Safe Lock agents, reducing the time and effort needed to verify events and allowing quick responses to incidents. 1.1 Overview of This Release ===================================================================== This release is to expands supported platfroms and enhances Safe Lock Intelligent Manager and agents functionaility. 1.2 Who Should Install This Release ===================================================================== You should install this patch release if you are currently running Safe Lock Intelligent Manager 2.0 Service Pack 1 Patch 1 (build 5799 or before installed) 2. What's New ======================================================================== Note: Please install the Patch/SP before completing any procedures in this section (see "Installation"). Note: The agent program that resides on endpoints is referred to as Safe Lock agent, and the server program that manages agents is referred to as Safe Lock Intelligent Manager. This patch addresses the following issues and/or includes the following enhancement(s): 2.1 Safe Lock Intelligent Manager Enhancements ===================================================================== Trend Micro Safe Lock Intelligent Manager 2.0 Service Pack 1 Patch 2 includes the following features and benefits: Enhancement 1: Support for Windows 10 Creators Update and Windows Server 2016 Standard (64-bit). Enhancement 2: Intelligent Manager can be configured to schedule sending PDF reports. Enhancement 3: Administrators can remotely update the Approved List from Intelligent Manager. Enhancement 4: Enhanced Check Connection function added to the Agents tab Enhancement 5: Improved product license synchronization Enhancement 6: Remotely change agent password from Sltasks.exe 2.2 Safe Lock agents Enhancements ===================================================================== Trend Micro Safe Lock agent 2.0 SP 1 Patch 2 includes the following features and benefits: Enhancement 1: Support for Windows 10 Creators Update and Windows Server 2016 Standard (64-bit). Enhancement 2: Option to configure the agent Setup.ini file to initialize the Approved List upon running the installation. Enhancement 3: Use of regular expressions in the agent SLcmd.exe tool to specify exception path settings. 2.3 Safe Lock Intelligent Manager Resolved Known Issues ===================================================================== This release resolves the following issue(s): There are no resolved known issues in this release. 2.4 Safe Lock agents Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [Hotfix 5587] The Diagnostic Toolkit does not enable the debug logs of the Network Virus Protection feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch ensures that the Diagnostic Toolkit enables the debug logs correctly. Issue 2: [Hotfix 5588] Trend Micro Safe Lock unexpectedly blocks a Trusted Updater when it tries to rename a folder that contains many files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch ensures that Trend Micro Safe Lock does not block a Trusted Updater when it tries to rename a folder that contains many files. Issue 3: [Hotfix 5589] Trend Micro Safe Lock creates an empty debug log file during startup even when debug log is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch ensures that Trend Micro Safe Lock creates a debug log file only when debug log is enabled. Issue 4: [AEGIS 2.956 build 1065] Trend Micro Safe Lock Service may take longer than usual to stop. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch ensures that Trend Micro Safe Lock Service stops normally. Issue 5: [SEG-18687] Trend Micro Safe Lock is unable to perform a pre-scan when installing an agent from optical media. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch fixes the issue and ensures the successful installation of the agent from optical media. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this readme.txt, the documentation set for this product includes the following: - Installation Guide (IG): Provides product overview, deployment plan, installation steps, and basic information intended to help you deploy Trend Micro Safe Lock Intelligent Manager. - Administrator's Guide (AG): Provides post-installation instructions on how to configure the settings to help you get Trend Micro Safe Lock Intelligent Manager "up and running". Also includes instructions on performing other administrative tasks for the maintenance of Trend Micro Safe Lock Intelligent Manager and for the deployment and maintenance of Trend Micro Safe Lock agents. - Knowledge Base: Provides a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Refer to the Installation Guide for detailed information. 5. Installation ======================================================================== Refer to the Installation Guide for detailed information. 6. Post-Installation Configuration ======================================================================== Please cleanup browser cache before you open web console when you install this patch to environment which previous build is installed. 7. Known Issues ======================================================================== Known issues in this release are listed below. 7.1 Safe Lock Intelligent Manager ===================================================================== 7.1.1 Installation and Uninstallation ===================================================================== a. Installed Safe Lock 1.x agents block and prevent the installation of Trend Micro Safe Lock Intelligent Manager. Trend Micro Safe Lock Intelligent Manager must be installed before Trend Micro Safe Lock agent when installing both on the same endpoint. Safe Lock agent can be installed after installation of Safe Lock Intelligent Manager is complete. b. During Safe Lock Intelligent Manager re-installations using an existing Microsoft SQL Server, any mismatch between the original Safe Lock Intelligent Manager server IP address and the new Safe Lock Intelligent Manager server IP address results in the original Safe Lock Intelligent Manager database being erased and a new database being used. c. Safe Lock agents Trusted Updater or Predefined Trusted Updater do not support the installation of Trend Micro Safe Lock Intelligent Manager. Remove Safe Lock agent from the endpoint before installing Safe Lock Intelligent Manager. Safe Lock agents can be installed after installation of Safe Lock Intelligent Manager is complete. d. Safe Lock Intelligent Manager remote installations to endpoints running Windows 2000 Server may not automatically reboot even if the reboot is needed. e. Safe Lock Intelligent Manager remote installations may not succeed because the svchost.exe process can end unexpectedly in the following versions of Windows: - Windows 2000 (SP4) - Windows Server 2003 (SP1/SP2) - Windows XP (SP1/SP2/SP3) f. After installing the Safe Lock agent and Safe Lock Intelligent Manager together on an endpoint running Windows Server 2008 without SP2, then specifying IIS 7.0 as the web server, the Safe Lock Intelligent Manager web console and applications using IIS 7.0 may not work as expected. g. The installer may not launch if there is not enough disk space on the target endpoint. Ensure that the target endpoint meets the specified requirement for free space. h. Safe Lock Intelligent Manager is unable to remotely uninstall Safe Lock agents on Windows 7 or later version from Windows Server 2008. Windows Server 2008 R2 does not have an issue. 7.1.2 Web Console ===================================================================== a. Google Chrome blocks downloaded packages of Trend Micro Safe Lock agent from the web console. b. Long group names on the Agent Management directory may be corrupted when the web console is accessed through Internet Explorer. This issue can be avoided by using Chrome or Firefox. c. The close button on the Dashboard page may not function if the console is accessed through Chrome or Firefox and that another dialog box from the browser has just been closed. d. Component version may be displayed incorrectly on the web console if the Intelligent Manager server is updated during a component update. e. Command Deployment Status shows random characters after clicking a Download link in Internet Explorer 7 or 8 when an Internet Explorer's security setting(Downloads > Automatic prompting for file downloadsis disabled). f. IIS server 7.0 or below is associated with a delay (typically 10 seconds) during the first Trend Micro Safe Lock Intelligent Manager web console log on. 7.1.3 Agent Communication ===================================================================== a. When a script is blocked, two messages are recorded in the Windows Event Log. For example, *.bat will be blocked twice by Safe Lock agents and will therefore create two block events. b. Network antivirus software may prevent files containing known malicious content from being sent from Safe Lock agents to Safe Lock Intelligent Manager for scanning. c. In some cases, if a Safe Lock agent is unable to send a blocked file to Safe Lock Intelligent Manager for scanning, Safe Lock Intelligent Manager reports the status of the file as "Pending Scan". However, in these cases, the file is never sent and the status is permanently reported as "Pending Scan". d. Safe Lock Intelligent Manager is unable to sync license status to agents after the Safe Lock Intelligent Manager license expires. Specify a valid Activation Code in Trend Micro Safe Lock Intelligent Manager to keep licenses consistent if your Activation Code expires. 7.1.4 SLtasks ===================================================================== a. The Sltasks.exe command, "--removeitems", only supports CSV files in the UTF-8 format. b. Intelligent Manager is unable to export or save files with long file names. A long name file is truncated when the file is exported or saved. c. Intelligent Manager may not be able to restart on Windows 10 after a system reboot if the hardware specifications are low. To resolve the issue, consider changing the ServicesPipeTimeout value to 1 minute or more. Find the value in the following path and key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control "ServicesPipeTimeout" (milliseconds) d. If Administrators try to check connection for a certain agent after cancel the check connection for a lot of agents, the "Check Connection" window will stay at the screen for a long time until all the other test connection process are finished. 7.1.5 File Hash Generator ===================================================================== a. Long file names on the File Hash Generator interface may not be fully displayed these files names are hovered over with a cursor. b. The banner on the File Hash Generator interface may disappear when the DPI is set to 125% or above. 7.1.6 Miscellaneous ===================================================================== a. Root cause analysis is unable to indicate information for blocked files located on mapped network drives. b. When Safe Lock Intelligent Manager uses a local server requiring authentication (UNC) for updates, Windows XP, 7, 8, and 8.1 are sometimes unable maintain enough simultaneous network connections to update all specified components. c. Safe Lock agents are unable to upload their debug log to Trend Micro Safe Lock Intelligent Manager if that debug log is over 2GB. 7.2 Safe Lock agents ===================================================================== For information, see Readme file for Safe Lock agents. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Previous releases include the following: Trend Micro Safe Lock 2.0 - December 15, 2014 Trend Micro Safe Lock 2.0 Patch 1 - May 12, 2015 Trend Micro Safe Lock 2.0 Service Pack 1 - April 21, 2016 Trend Micro Safe Lock 2.0 Service Pack 1 - July 26, 2016 Trend Micro Safe Lock 2.0 Service Pack 1 - October 7, 2016 Trend Micro Safe Lock 2.0 Service Pack 1 Patch 1 - April 27, 2017 Trend Micro Safe Lock 2.0 Service Pack 1 Patch 2 - December 27, 2017 8.1 Service Pack 1 ===================================================================== 8.1.1 Safe Lock Intelligent Manager Enhancements ===================================================================== Enhancement 1: Safe Lock Intelligent Manager supports Safe Lock agents that are built under NAT-enabled routers. Enhancement 2: Administrators can remotely deploy trusted applications to multiple target endpoints using the hash values. Enhancement 3: Using the Remote Task Tool, administrators can remotely apply patches or hotfixes to Safe Lock agents with the firewall settings enabled on the managed endpoints. Enhancement 4: Administrators can manage Safe Lock agents by putting them into groups and subgroups on the Agent Management console. Enhancement 5: Administrators can configure Application Lockdown statuses or add files to the Approved List of all the Safe Lock agents in a selected group in one single operation using the Send Command function. 8.1.2 Safe Lock Intelligent Manager Resolved Known Issues ===================================================================== There are no resolved known issues in this release. 8.1.3 Safe Lock agents Enhancements ===================================================================== For information, see Readme file for Safe Lock agents. 8.1.4 Safe Lock agents Resolved Known Issues ===================================================================== For information, see Readme file for Safe Lock agents. 8.2 Service Pack 1 Patch 1 ===================================================================== 8.2.1 Safe Lock Intelligent Manager Enhancements ===================================================================== Enhancement 1: Support Windows 10 Enterprise (32-bit/64-bit), Windows 10 IoT Enterprise (32/64bit), and Windows 10 Anniversary Update. Enhancement 2: Administrators can remotely export and import agent configuration files or Approved Lists remotely from Intelligent Manager. Enhancement 3: Administrators can remotely remove target items from multiple agent Approved Lists using the Remote Task Tool. Enhancement 4: Intelligent Manager supports log forwarding to an external syslog server that supports the Common Event Format. Enhancement 5: Support Storage Device Blocking for the storage devices including floppy disk/removable device/ network drive/CD/DVD, which could be enabled or disable remotely from Safe Lock Intelligent Manager. Enhancement 6: Intelligent Manager supports remote access control of storage devices on managed endpoints. The storage devices include USB drives, CD/DVD drives, floppy disks, and network drives. Enhancement 7: Intelligent Manager logs events of Storage Device Blocking configuration and adding of Trusted Files. 8.2.2 Safe Lock Intelligent Manager Resolved Known Issues ===================================================================== There are no resolved known issues in this release. 8.2.1 Safe Lock agents Enhancements ===================================================================== For information, see Readme file for Safe Lock agents. 8.2.2 Safe Lock agents Resolved Known Issues ===================================================================== For information, see Readme file for Safe Lock agents. 9. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and Safe Lock are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 11. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide