<> Trend Micro Incorporated May 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) TippingPoint(TM) Advanced Threat Protection for Networks Version 3.8 Service Pack 5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://downloadcenter.trendmicro.com TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ===================================================================== 1. About TippingPoint Advanced Threat Protection for Networks 2. TippingPoint Advanced Threat Protection for Networks Features 3. Documentation Set 4. System Requirements 5. Installation or Upgrade 6. Post-Installation Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About TippingPoint Advanced Threat Protection for Networks ======================================================================== TippingPoint ATP for Networks is a third-generation threat management solution, designed and architected by Trend Micro to deliver breakthrough advanced persistent threat (APT) and targeted attack visibility, insight, and control. Trend Micro TippingPoint ATP for Networks is the result of thorough investigations of targeted attacks around the world, interviews with major customers, and the participation of a special product advisory board made up of leading G1000 organizations and government agencies. TippingPoint ATP for Networks provides IT administrators with critical security information, alerts, and reports. TippingPoint ATP for Networks deploys in offline monitoring mode. It monitors network traffic by connecting to the mirror port on a switch for minimal or no network interruption. 2. TippingPoint Advanced Threat Protection for Networks 3.8 Service Pack 5 Features ======================================================================== This product release includes the following new features: Refreshed Dashboard widgets --------------------------- TippingPoint ATP for Networks provides an improved dashboard experience that utilizes modern technologies and graphics without Flash. Palo Alto Panorama and virtual system integration ------------------------------------------------- TippingPoint ATP for Networks improves its third-party integration options with Palo Alto Panorama and Palo Alto virtual system support. Enhanced Virtual Analyzer ------------------------- Virtual Analyzer includes the following enhancements: * Proxy configuration for internal Virtual Analyzer * New supported file types (Microsoft Publisher 2016, Microsoft Windows Command Script file, Microsoft Windows Batch file, and Scalable Vector Graphics) * Support Microsoft Office 2016 application for Office file analysis in sandbox images * Support for analysis of embedded URLs in PDFs * Deployment of sandbox images running Windows 10 (versions 1507 and 1511), Windows Server 2012, and Windows Server 2012 R2 operating systems * Integration of the following ActiveUpdate components: - Network Content Inspection Engine (Linux, User mode, 64-bit) - Network Content Inspection Pattern - Virtual Analyzer Configuration Pattern - Deep Discovery Trusted Certificate Authorities Smart filter import and export ------------------------------ TippingPoint ATP for Networks adds the ability to share customized investigations through the import and export of smart filters. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com * Administrator's Guide: A PDF document that contains detailed instructions on how to configure and manage TippingPoint ATP for Networks, and explanations on TippingPoint ATP for Networks concepts and features. * Installation and Deployment Guide: A PDF document that contains information about requirements and procedures for planning deployment, installing TippingPoint ATP for Networks, and using the Preconfiguration Console to set initial configurations and perform system tasks. * Syslog Content Mapping Guide: A PDF document that provides information about log management standards and syntaxes for implementing syslog events in TippingPoint ATP for Networks. * Quick Start Card: User-friendly instructions on connecting TippingPoint ATP for Networks to your network and on performing initial configurations. * Online Help: Web-based documentation that is accessible from the TippingPoint ATP for Networks management console and provides explanations of components and features, as well as procedures needed to configure TippingPoint ATP for Networks. To access the Online Help, go to http://docs.trendmicro.com * Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== -------------- Host appliance -------------- Trend Micro provides the TippingPoint ATP for Networks appliance hardware. No other hardware is supported. ------------------------ Preconfiguration console ------------------------ * For VGA connection: - Monitor with a VGA port - VGA cable * For serial connection: - Computer with a serial port - RS232 serial cable - Serial communication application (HyperTerminal) ------------------ Management console ------------------ * Google Chrome(TM) * Mozilla(TM) Firefox(TM) * Microsoft(TM) Internet Explorer(TM) 11.0 * Microsoft(TM) Edge Recommended resolution: 1280x800 or higher 5. Installation or Upgrade ======================================================================== See Chapter 4 of the Installation and Deployment Guide for installation instructions. See Chapter 6 of the Administrator's Guide for upgrade instructions. 6. Post-Installation Configuration ======================================================================== If upgrading from a previous version: Clear the browser cache after completing the upgrade and before logging on to the TippingPoint ATP for Networks management console. Clearing the Browser Cache 1. On Google Chrome: a. Go to "Settings". b. Click "Show advanced settings...". c. Under "Privacy", click "Clear browsing data...". d. Select "Cookies and other site and plug-in data" and "Cached images and files". e. Click "Clear browsing data". 2. On Microsoft Internet Explorer: a. Go to Tools > Internet Options > General. b. Under "Browsing history", click "Delete". The "Delete Browsing History" window opens. c. Select "Temporary Internet files and website files" and "Cookies and Website data". d. Click "Delete". The "Delete Browsing History" window closes. e. On the "Internet Options" window, click "OK". 3. On Mozilla Firefox: a. Go to Options > Privacy. b. Click "Clear your recent history". c. Select "Cache and Cookies". d. Click "Clear now". 4. On Microsoft Edge: a. Click the Hub icon. b. Click the History icon. c. Click "Clear all history". d. Select "Cookies and saved website data" and "Cached data and files". e. Click "Clear". 7. Known Issues ======================================================================== The following are the known issues in this release: 1. After migrating from TippingPoint ATP for Networks 3.8 SP3 or earlier, no error message is sent when using user-defined TippingPoint SMS tag categories that are not valid with the new predefined tag categories. To avoid this issue, verify that the predefined tag categories exist in the Tag Categories list of the TippingPoint SMS Client. 2. When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of TippingPoint ATP for Networks may be affected. Trend Micro recommends evaluating the system load capacity on TippingPoint ATP for Networks before using a Windows 10 sandbox environment for analysis. 3. After resetting the one-time password on an integrated Check Point appliance, suspicious objects and C&C callback addresses are not distributed to the Check Point appliance and the following message is generated in the TippingPoint ATP for Networks System Logs: "Unable to distribute suspicious objects to Check Point OPSEC. Verify that the Check Point OPSEC settings are correct and that no network problem exists." To avoid this issue, type and then save the new SIC one-time password in TippingPoint ATP for Networks. 4. Performing concurrent file downloads or log exports can cause the management console to behave unexpectedly. To avoid this issue, wait until a file download or log export completes before starting another. 5. On the Detections > Suspicious Objects screen, long URLs may be truncated. 6. After migration, account information on the Administration > Accounts screen might not appear. To view the information, clear the browser cache and refresh the page. 7. When opening an exported CSV file on a European Windows platform, all data might appear in the first column. To view the fields in separate columns, at the beginning of the CSV file, insert "sep=," as a new line and reopen the CSV file in Excel. 8. After rebooting from migration, immediately performing an update or firmware upgrade causes the internal Virtual Analyzer to fail. To prevent this issue, after rebooting from migration, go to the Administration > Virtual Analyzer > Internal Virtual Analyzer > Status screen and ensure that the status is "Running" before performing an update or firmware upgrade. 9. On the System Logs screen, if the selected time period contains a time change from standard time to daylight saving time or from daylight saving time to standard time, the timestamp information will shift after the time change occurs. 10. With the management console open in Firefox, if logs are still loading on the Detections > All Detections screen when the Export button is clicked, the loading process will be interrupted. Use Chrome or Internet Explorer instead. 11. After migration from a previous release, any customized dashboard configuration and dashboard layout changes are restored to default. 12. When selecting a widget layout option for a tab from the "Tab Setting" window, the selected layout may not display correctly. 13. When navigating to another tab immediately after landing on the Dashboard > Summary tab, tab layouts do not display correctly. 14. When editing advance filters on the Affected Hosts and All Detections screens and the system reaches the configured session timeout, TippingPoint ATP for Networks logs off the management console without notice and unsaved edits are lost. To avoid this issue, save frequently, and go to Administration > System Settings > Session Timeout and extend the session timeout setting. 15. Setting a proxy server using NTLMv2 authentication causes service failure. To avoid this issue, configure the proxy server with NTLMv1 authentication. 16. IPv6 address format cannot be used to configure IP settings for a proxy server or any TippingPoint ATP for Networks integrated products and services. Use IPv4 format instead. 17. On Suspicious Object and Deny/Allow List screens, some column widths may be truncated. Zoom out the browser display to view the complete information. 18. In the Threat Summary and Watch List widgets, if the selected time period is "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days". 19. In the Top Affected Host widget and all Top Trends widgets, if the selected time period is "Past 1 hour" or "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days". 20. When opening an exported .csv file on a Mac platform, TippingPoint ATP for Networks returns unreadable code in the first field. Open exported log files in Windows only. 21. In log and on-demand report queries, the "Custom range" calendar displays in browser time, not in TippingPoint ATP for Netorks system time. To align, set your browser time zone to your TippingPoint ATP for Networks system time zone. 22. The URL of a detected "Suspicious URL" displayed in a notification email is an active link. Avoid clicking on the link to the detected URL. 23. A manual "Update Components" action cannot be stopped while the action is in-process. 24. The date and time format of TippingPoint ATP for Networks does not follow an international standard. 25. Widget message strings that are too long will not appear on-screen. 26. Real-time widget data may be time-delayed during times of heavy network traffic. 27. To ensure widget height is consistent when auto-fit is enabled, select a one-widget-per-field widget arrangement in Tab Settings. 28. Each management console user account is provided with a partially independent dashboard. Changes to one user account dashboard affect the dashboards of other user accounts. 29. When uploading Virtual Analyzer images from an FTP server: - Enable the FTP server for both active and passive mode - Enable UTF-8, if the file path or name contains DBCS characters 30. On the Administration > Virtual Analyzer > Internal Virtual Analyzer screen, the Archive File Passwords feature only applies to the first encryption layer. Decryption of SMTP attachments is not supported. 31. The "Malicious Scanned Network Traffic" widget does not include historical data in the displayed statistics after the TippingPoint ATP for Networks appliance is restarted. The correct data eventually displays after a few minutes. 32. Traffic data in some widgets cannot be purged on the management console. The "Scanned Traffic by Protocol" widget displays data even after logs are deleted on the Administration > System Maintenance > Storage Maintenance screen. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact the TippingPoint Technical Assistance Center (TAC) by using any of the following options. Email Support ---------------------------------------- tippingpoint.support@trendmicro.com Phone Support ---------------------------------------- * North America: +1 866 681 8324 * International: +1 512 681 8324 For online support and additional international toll-free numbers, visit https://tmc.tippingpoint.com. Visit Us Online ---------------------------------------- * http://www.trendmicro.com/tippingpoint * http://docs.trendmicro.com * http://downloadcenter.trendmicro.com NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, Deep Discovery, TippingPoint and Trend Micro Control Manager are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed in the TippingPoint ATP for Networks management console by going to the Help > About screen.