<> Trend Micro, Inc. April 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Inspector Version 3.8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This Readme was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://docs.trendmicro.com Contents ===================================================================== 1. About Deep Discovery Inspector 2. Deep Discovery Inspector Features 3. Documentation Set 4. System Requirements 5. Installation 6. Post-Installation Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About Deep Discovery Inspector ======================================================================== Deep Discovery Inspector is a third-generation threat management solution, designed and architected by Trend Micro to deliver breakthrough advanced persistent threat (APT) and targeted attack visibility, insight, and control. Trend Micro Deep Discovery Inspector is the result of thorough investigations of targeted attacks around the world, interviews with major customers, and the participation of a special product advisory board made up of leading G1000 organizations and government agencies. Deep Discovery Inspector provides IT administrators with critical security information, alerts, and reports. Deep Discovery Inspector deploys in offline monitoring mode. It monitors network traffic by connecting to the mirror port on a switch for minimal or no network interruption. 2. Deep Discovery Inspector 3.8 Build Features ======================================================================== This product release includes the following new features: Interconnected Threat Response ------------------------------ APT is no longer limited to detection when Deep Discovery Inspector 3.8 is integrated with Trend Micro Control Manager, Deep Discovery Endpoint Sensor, and OfficeScan. With the ability to aggregate and automate remediation policies from a centralized location, Deep Discovery Inspector 3.8 provides a complete end-to-end APT solution. APT Insight Through Smart Filters --------------------------------- With the introduction of attack phases and host severity, Deep Discovery Inspector 3.8 now adds the ability to tightly couple detection data with key indicators. Users can easily review detection details based on predefined smart filters. Smart filters automatically reduce investigation scope by arranging data that is related to ongoing tasks and can be created and modified for customized investigation. Ease of Use and Navigation ---------------------------- Deep Discovery Inspector 3.8 comes with a completely refreshed management console that groups options more efficiently and removes unnecessary elements and ambiguous navigation options. IPv6 Compatible --------------- Deep Discovery Inspector 3.8 can be deployed in IPv6 environments and tap into IPv6 network streams, perform analysis, and output IPv6-based network detection results. Virtual Analyzer Image Preparation Tool --------------------------------------- Preparing a custom sandbox is now easier with the introduction of the new Virtual Analyzer Image Preparation Tool. This assisted and automated process simplifies the conversion of existing golden images into Virtual Analyzers without managing the manual configuration process. Latest Sandboxing Technologies ------------------------------ Malware attempts to get around sandboxing technologies are getting smarter and more sophisticated. The relevancy of the sandbox environment should also extend to the latest operating system releases. Deep Discovery Inspector 3.8 introduces the ability to perform sandboxing on Windows 2003/2008 and Windows 8.1 for better real-life APT detonation analysis. Improved Web Services API ------------------------------ Deep Discovery Inspector 3.8 includes the ability to programmatically output Virtual Analyzer detections in OpenIOC format. This enables better integration with third party security intelligence repositories and products. SDK and documentation are refreshed based on the new changes in this release. 3. Documentation Set ======================================================================== In addition to this Readme, the documentation set for this product includes the following: * Administrator's Guide -- A PDF document that contains detailed instructions on how to configure and manage Deep Discovery Inspector, and explanations on Deep Discovery Inspector concepts and features. * Installation and Deployment Guide -- A PDF document that contains information about requirements and procedures for planning deployment, installing Deep Discovery Inspector, and using the Preconfiguration Console to set initial configurations and perform system tasks. * User's Guide -- A PDF document that contains general information about Deep Discovery Inspector concepts and features and introduces selected sections of the management console to users with viewer accounts. * Quick Start Card -- User-friendly instructions on connecting Deep Discovery Inspector to your network and on performing initial configurations. Electronic versions of the printed manuals are available at: http://docs.trendmicro.com * Online Help -- Web-based documentation that is accessible from the Deep Discovery Inspector management console and provides explanations of components and features, as well as procedures needed to configure Deep Discovery Inspector. To access Online Help, open the management console and click the Help icon. * Trend Community -- Get help, share your experiences, ask questions, and discuss security concerns in the forums with fellow users, enthusiasts, and security experts. http://community.trendmicro.com/ * Support Portal -- This searchable online database of known product issues includes specific problem-solving and troubleshooting topics and provides the latest information about known product issues. http://esupport.trendmicro.com 4. System Requirements ======================================================================== -------------- Host appliance -------------- Trend Micro provides the Deep Discovery Inspector appliance hardware. No other hardware is supported. ------------------------ Preconfiguration console ------------------------ * For VGA connection: - Monitor with a VGA port - VGA cable * For serial connection: - Computer with a serial port - RS232 serial cable - Serial communication application (HyperTerminal) ------------------ Management console ------------------ * Google Chrome(TM) 40.0 or later * Mozilla(TM) FireFox(TM) 35.0 or later * Microsoft(TM) Internet Explorer(TM) 10.0 or 11.0 * Adobe Flash player 8.0 or later Recommended Resolution Rate: 1024*768 5. Installation or Upgrade ======================================================================== See Chapter 4 of the Installation and Deployment Guide for installation instructions. See Chapter 6 of the Administrator's Guide for upgrade instructions. 6. Post-Installation Configuration ======================================================================== If upgrading from a previous version: Clear the browser cache after completing the upgrade and before logging on to the Deep Discovery Inspector management console. Clearing the Browser Cache 1. On Google Chrome: a. Go to "Settings". b. Click "Show advanced settings...". c. Under "Privacy", click "Clear browsing data...". d. Select "Cookies and other site and plug-in data" and "Cached images and files". e. Click "Clear browsing data". 2. On Microsoft Internet Explorer: a. Go to Tools > Internet Options > General. b. Under "Browsing history", click "Delete". The "Delete Browsing History" window opens. c. Select "Temporary Internet files and website files" and "Cookies and Website data". d. Click "Delete". The "Delete Browsing History" window closes. e. On the "Internet Options" window, click "OK". 3. On Mozilla FireFox: a. Go to Options > Privacy. b. Click "Clear your recent history". c. Select "Cache and Cookies". d. Click "Clear now". Note: Trend Micro recommends updating the scan engine and pattern files immediately after installation. 7. Known Issues ======================================================================== The following are the known issues in this release: 1. In Deep Discovery Inspector 3.8, setting a proxy server using NTLMv2 authentication causes a service failure for the Active Update components. To avoid this issue, configure the proxy server with NTLMv1 authentication. 2. To centrally manage the Suspicious Object List from Control Manager, use an internal Virtual Analyzer with Control Manager 6.0 SP2, or wait until Control Manager 6.0 SP3 is available. 3. Notification of Retro Scan detections is not available when VLAN support is enabled. 4. IPv6 format cannot be used to configure IP settings for Proxy or for all Deep Discovery Inspector integrated products and services or monitor specific IP ranges and ports. Use IPv4 format instead. 5. On Suspicious Object and Deny/Allow List screens, some column widths may be truncated. Zoom out the browser display to view the complete information. 6. Deep Discovery Inspector overwrites and renames an existing on-demand report when generating a new on-demand report with the same type and time settings. 7. In the Threat Summary and Watch List widgets, if the selected time period is "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days". 8. In the Top Affected Host widget and all Top Trends widgets, if the selected time period is "Past 1 hour" or "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days". 9. If Deep Discovery Inspector performs a URL query with a local Smart Protection Server, unrated and new domain categories cannot be identified and logged in Deep Discovery Inspector. 10. Deep Discovery Inspector 3.8 does not display values for host severity detections from Deep Discovery Inspector 3.5 or 3.6. 11. When opening an exported .csv file on a Mac platform, Deep Discovery Inspector 3.8 returns unreadable code in the first field. Open exported log files in Windows only. 12. In log queries, the "Custom range" calendar displays in browser time, not in Deep Discovery Inspector system time. To align, set your browser time zone to your Deep Discovery Inspector system time zone. 13. The URL of a detected "Suspicious URL" displayed in a notification email is an active link. Avoid clicking on the link to the detected URL. 14. After performing a migration, reconfiguring any Internal Virtual Analyzer settings immediately after rebooting the system causes Virtual Analyzer to fail. To avoid this issue, after rebooting, go to "Administration > Virtual Analyzer > Internal Virtual Analyzer > Status and verify the status as "Running" before reconfiguring any internal Virtual Analyzer settings. 15. Deep Discovery Inspector will not open in a Google Chrome browser with an IPv6 address. When using an IPv6 address for Deep Discovery Inspector, open in Mozilla FireFox or Microsoft Internet Explorer. 16. To enable the SNMP trap function, enable the SNMP agent first. 8. Contact Information ======================================================================== Contact Trend Micro through fax, phone, and email, or visit the Trend Micro website at: http://www.trendmicro.com Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm On the Trend Micro "About Us" screen click the appropriate link in the "Contact Us" section. Note: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized, and cloud environments. Powered by the Trend Micro(TM) Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, and Trend Micro Control Manager are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== Third-party licensing agreements can be viewed on the Deep Discovery Inspector Solutions CD.