<> Trend Micro Incorporated July 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Inspector Version 3.8 Service Pack 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://downloadcenter.trendmicro.com TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ===================================================================== 1. About Deep Discovery Inspector 2. Deep Discovery Inspector Features 3. Documentation Set 4. System Requirements 5. Installation or Upgrade 6. Post-Installation Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About Deep Discovery Inspector ======================================================================== Deep Discovery Inspector is a third-generation threat management solution, designed and architected by Trend Micro to deliver breakthrough advanced persistent threat (APT) and targeted attack visibility, insight, and control. Trend Micro Deep Discovery Inspector is the result of thorough investigations of targeted attacks around the world, interviews with major customers, and the participation of a special product advisory board made up of leading G1000 organizations and government agencies. Deep Discovery Inspector provides IT administrators with critical security information, alerts, and reports. Deep Discovery Inspector deploys in offline monitoring mode. It monitors network traffic by connecting to the mirror port on a switch for minimal or no network interruption. 2. Deep Discovery Inspector 3.8 Service Pack 3 Features ======================================================================== This product release includes the following new features: Deep Discovery Director Support ------------------------------- Deep Discovery Inspector supports integration with Deep Discovery Director. Network Services Diagnostics ---------------------------- Deep Discovery Inspector improves ease-of-management by providing a consolidated diagnostics screen for network services. Check Point SAM Authentication ------------------------------ Deep Discovery Inspector supports a secured connection for sharing detection information with third-party Check Point OPSEC products. Virtual Analyzer Enhancement ---------------------------- The internal Virtual Analyzer provides an Internet connection test to ensure thorough sample analysis. Improved Ransomware Intelligence ----------------------------- The enhanced Threats at a Glance widget provides a summary of ransomware detections in your network. Improved Detection Capability ----------------------------- Deep Discovery Inspector provides increased protection by improving its detection capabilities. This release supports the deployment of sandbox images running Windows 10 operating system. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com * Administrator's Guide: A PDF document that contains detailed instructions on how to configure and manage Deep Discovery Inspector, and explanations on Deep Discovery Inspector concepts and features. * Installation and Deployment Guide: A PDF document that contains information about requirements and procedures for planning deployment, installing Deep Discovery Inspector, and using the Preconfiguration Console to set initial configurations and perform system tasks. * Syslog Content Mapping Guide: A PDF document that provides information about log management standards and syntaxes for implementing syslog events in Deep Discovery Inspector. * Quick Start Card: User-friendly instructions on connecting Deep Discovery Inspector to your network and on performing initial configurations. * Online Help: Web-based documentation that is accessible from the Deep Discovery Inspector management console and provides explanations of components and features, as well as procedures needed to configure Deep Discovery Inspector. To access the Online Help, go to http://docs.trendmicro.com * Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== -------------- Host appliance -------------- Trend Micro provides the Deep Discovery Inspector appliance hardware. No other hardware is supported. ------------------------ Preconfiguration console ------------------------ * For VGA connection: - Monitor with a VGA port - VGA cable * For serial connection: - Computer with a serial port - RS232 serial cable - Serial communication application (HyperTerminal) ------------------ Management console ------------------ * Google Chrome(TM) 46.0 or later * Mozilla(TM) Firefox(TM) 41.0 or later * Microsoft(TM) Internet Explorer(TM) 11.0 * Microsoft(TM) Edge * Adobe Flash player 8.0 or later Recommended resolution: 1280x800 or higher 5. Installation or Upgrade ======================================================================== See Chapter 4 of the Installation and Deployment Guide for installation instructions. See Chapter 6 of the Administrator's Guide for upgrade instructions. 6. Post-Installation Configuration ======================================================================== If upgrading from a previous version: Clear the browser cache after completing the upgrade and before logging on to the Deep Discovery Inspector management console. Clearing the Browser Cache 1. On Google Chrome: a. Go to "Settings". b. Click "Show advanced settings...". c. Under "Privacy", click "Clear browsing data...". d. Select "Cookies and other site and plug-in data" and "Cached images and files". e. Click "Clear browsing data". 2. On Microsoft Internet Explorer: a. Go to Tools > Internet Options > General. b. Under "Browsing history", click "Delete". The "Delete Browsing History" window opens. c. Select "Temporary Internet files and website files" and "Cookies and Website data". d. Click "Delete". The "Delete Browsing History" window closes. e. On the "Internet Options" window, click "OK". 3. On Mozilla Firefox: a. Go to Options > Privacy. b. Click "Clear your recent history". c. Select "Cache and Cookies". d. Click "Clear now". 4. On Microsoft Edge: a. Click the Hub icon. b. Click the History icon. c. Click "Clear all history". d. Select "Cookies and saved website data" and "Cached data and files". e. Click "Clear". 7. Known Issues ======================================================================== The following are the known issues in this release: 1. When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of Deep Discovery Inspector may be affected. Trend Micro recommends evaluating the system load capacity on Deep Discovery Inspector before using a Windows 10 sandbox environment for analysis. 2. The Web Inspection Service in Virtual Analyzer does not function when using the SOCKS5 proxy protocol. To avoid this issue, use the SOCKS4 or HTTP proxy protocol. 3. Threat Connect may not open successfully in Internet Explorer. To avoid this issue, use Firefox or Chrome, or enable protected mode in Internet Explorer. To enable protected mode, in Internet Explorer go to Internet Options > Security tab and then select "Enable Protected Mode (requires restarting Internet Explorer)" for both the "Internet" and "Trusted sites" zones. 4. After resetting the one-time password on an integrated Check Point appliance, suspicious objects and C&C callback addresses are not distributed to the Check Point appliance and the following message is generated in the Deep Discovery Inspector System Logs: "Unable to distribute suspicious objects to Check Point OPSEC. Verify that the Check Point OPSEC settings are correct and that no network problem exists." To avoid this issue, type and then save the new SIC one-time password in Deep Discovery Inspector. 5. Performing concurrent file downloads or log exports can cause the management console to behave unexpectedly. To avoid this issue, wait until a file download or log export completes before starting another. 6. On the Detections > Suspicious Objects screen, long URLs may be truncated. 7. After migration, account information on the Administration > Accounts screen might not appear. To view the information, clear the browser cache and refresh the page. 8. When opening an exported CSV file on a European Windows platform, all data might appear in the first column. To view the fields in separate columns, at the beginning of the CSV file, insert "sep=," as a new line and reopen the CSV file in Excel. 9. After rebooting from migration, immediately performing an update or firmware upgrade causes the internal Virtual Analyzer to fail. To prevent this issue, after rebooting from migration, go to the Administration > Virtual Analyzer > Internal Virtual Analyzer > Status screen and ensure that the status is "Running" before performing an update or firmware upgrade. 10. After migration from Deep Discovery Inspector 3.8 or previous releases, at Administration > System Settings > Time, the region/city information of the time zone might be wrong. Under Time Zone, select the correct region/city. 11. On the System Logs screen, if the selected time period contains a time change from standard time to daylight saving time or from daylight saving time to standard time, the timestamp information will shift after the time change occurs. 12. On the Administration > Integrated Products/Services > Third-Party Products/Services screen, setting an invalid Tag category for HP TippingPoint Security Management System (SMS) integration prevents the distribution of suspicious objects to SMS, and no error message is sent. Make sure that all columns and tag categories configured in Deep Discovery Inspector are configured the same in HP TippingPoint. 13. When clicking the Back button of any browser to navigate to a previous page, the breadcrumb does not update. 14. With the management console open in Firefox, if logs are still loading on the Detections > All Detections screen when the Export button is clicked, the loading process will be interrupted. Use Chrome or Internet Explorer instead. 15. After migration from a previous release, any customized dashboard configuration and dashboard layout changes are restored to default. 16. When selecting a widget layout option for a tab from the "Tab Setting" window, the selected layout may not display correctly. 17. When navigating to another tab immediately after landing on the Dashboard > Summary tab, tab layouts do not display correctly. 18. When editing advance filters on the Affected Hosts and All Detections screens and the system reaches the configured session timeout, Deep Discovery Inspector logs off the management console without notice and unsaved edits are lost. To avoid this issue, save frequently, and go to Administration > System Settings > Session Timeout and extend the session timeout setting. 19. If a data set migrated from Deep Discovery Inspector 3.6 or 3.7 contains a daylight saving time period, the timestamp within the daylight saving time period will change to non-daylight saving in Deep Discovery Inspector 3.8 or above. 20. Setting a proxy server using NTLMv2 authentication causes service failure. To avoid this issue, configure the proxy server with NTLMv1 authentication. 21. IPv6 address format cannot be used to configure IP settings for a proxy server or any Deep Discovery Inspector integrated products and services. Use IPv4 format instead. 22. On Suspicious Object and Deny/Allow List screens, some column widths may be truncated. Zoom out the browser display to view the complete information. 23. In the Threat Summary and Watch List widgets, if the selected time period is "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days". 24. In the Top Affected Host widget and all Top Trends widgets, if the selected time period is "Past 1 hour" or "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days". 25. Deep Discovery Inspector 3.8 or above does not display values for host severity detections from Deep Discovery Inspector 3.6. 26. When opening an exported .csv file on a Mac platform, Deep Discovery Inspector 3.8 or above returns unreadable code in the first field. Open exported log files in Windows only. 27. In log and on-demand report queries, the "Custom range" calendar displays in browser time, not in Deep Discovery Inspector system time. To align, set your browser time zone to your Deep Discovery Inspector system time zone. 28. The URL of a detected "Suspicious URL" displayed in a notification email is an active link. Avoid clicking on the link to the detected URL. 29. A manual "Update Components" action cannot be stopped while the action is in-process. 30. Deep Discovery Inspector's date and time format does not follow an international standard. 31. Widget message strings that are too long will not appear on-screen. 32. Real-time widget data may be time-delayed during times of heavy network traffic. 33. To ensure widget height is consistent when auto-fit is enabled, select a one-widget-per-field widget arrangement in Tab Settings. 34. When opening the Deep Discovery Inspector management console from Control Manager using SSO, the Deep Discovery Inspector management console will not time out automatically. 35. Each management console user account is provided with a partially independent dashboard. Changes to one user account dashboard affect the dashboards of other user accounts. 36. When uploading Virtual Analyzer images from an FTP server: - Enable the FTP server for both active and passive mode - Enable UTF-8, if the file path or name contains DBCS characters 37. On the Administration > Virtual Analyzer > Internal Virtual Analyzer screen, the Archive File Passwords feature only applies to the first encryption layer. Decryption of SMTP attachments is not supported. 38. The "Malicious Scanned Network Traffic" widget does not include historical data in the displayed statistics after the Deep Discovery Inspector appliance is restarted. The correct data eventually displays after a few minutes. 39. Traffic data in some widgets cannot be purged on the management console. The "Scanned Traffic by Protocol" widget displays data even after logs are deleted on the Administration > System Maintenance > Storage Maintenance screen. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, Deep Discovery, Deep Discovery Inspector and Trend Micro Control Manager are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed on the Deep Discovery Inspector Solutions DVD.