TO DISPLAY OR HIDE COMMENTS FOR WRITERS INLINE ON THE PAGE, EDIT THE p.writer-instructions <STYLE> ELEMENT AS FOLLOWS:
display: none; <- HIDE THE COMMENTS
display: block; <- DISPLAY THE COMMENTS
Trend Micro Incorporated December 2020
For example, December 21, 2017
NOTICE: This Readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at https://docs.trendmicro.com.
TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at https://clp.trendmicro.com/FullRegistration?T=TM.
Deep Discovery Inspector is a third-generation threat management solution, designed and architected by Trend Micro to deliver breakthrough advanced persistent threat (APT) and targeted attack visibility, insight, and control.
Trend Micro Deep Discovery Inspector is the result of thorough investigations of targeted attacks around the world, interviews with major customers, and the participation of a special product advisory board made up of leading G1000 organizations and government agencies.
Deep Discovery Inspector provides IT administrators with critical security information, alerts, and reports.
Deep Discovery Inspector deploys in offline monitoring mode. It monitors network traffic by connecting to the mirror port on a switch for minimal or no network interruption.
If available, use the 50-word description provided by Marketing.
CAUTION: These descriptions sometimes contain errors, such as word usage or grammar mistakes. If needed, edit the text before you paste it into your file. Verify that the information is current by checking with Marketing.
See Chapter 1 of the Administrator's Guide or visit the following page for a list of new features and enhancements in this release:https://docs.trendmicro.com/all/ent/ddi/v5.7_SP2/en-us/ddi_5.7_sp2_olh/Whats-New.html
This section describes the new functions/features. Content can be lifted directly from the Admin Guide.
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
Delete the documentation that does not apply for this product.
In addition to this Readme file, the documentation set for this product includes the following:
Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Inspector. To access the Online Help, go to http://docs.trendmicro.com.
Administrator's Guide (AG): A PDF document that contains detailed instructions on how to configure and manage Deep Discovery Inspector, and explanations on Deep Discovery Inspector concepts and features.
AWS Deployment Guide: A PDF document that contains information about requirements and procedures for planning deployment, deploying, and troubleshooting Deep Discovery Inspector deployment on AWS.
Installation and Deployment Guide (IDG): A PDF document that contains information about requirements and procedures for planning deployment, installing Deep Discovery Inspector, and using the Preconfiguration Console to set initial configurations and perform system tasks.
Syslog Content Mapping Guide (SG): A PDF document that provides information about log management standards and syntaxes for implementing syslog events in Deep Discovery Inspector.
Quick Start Card (QSC): User-friendly instructions on connecting Deep Discovery Inspector to your network and on performing initial configurations.
Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com.
Include only appropriate requirements for your product.
For Enterprise agent-server products, list the size of the package that will be deployed to each agent, both 32-bit and 64-bit. This way, customers know the bandwidth requirements for remote machines.
See the Installation and Deployment Guide for a list of system requirements.
Include only appropriate requirements for your product. For Enterprise agent-server products, list the size of the package that will be deployed to each agent, both 32-bit and 64-bit. This way, customers know the bandwidth requirements for remote machines.
Size of Deployment Package
32-bit OS (i.e. Windows XP, Windows 2003...) = 100MB
64-bit OS (i.e. Windows XP, Windows 2008) = 90MB
Size of the new install package (32/64-bit) via Agent Packager Tool
MSI Package (Conventional Scan) = 100 MB
MSI Package (Smart Scan) = 90 MB
Setup Package (Conventional Scan) = 80 MB
Setup Package (Smart Scan) = 80 MB
Estimated size (in terms of bandwidth) per agent
32-bit agent total = 757 KB
64-bit agent total = 1004 KB
TIP: For Small Business agent-server products, only include estimated size (in terms of bandwidth) to reduce the complexity for customers.
If you do need to list system requirements:
List the minimum/recommended requirements for running the product. Content can be lifted directly from the Installation Guide.
Avoid writing "and above" or "later" or other text to imply that the product works with future software versions. It's impossible to validate that a product works correctly with future versions. If the system requirements that you receive from QA include "and above" or similar text, challenge them.
Only provide step-by-step instructions if not documented or if different from the information in the Installation Guide or Getting Started Guide.
See the Quick Start Card and Chapter 4 of the Installation and Deployment Guide for installation instructions.
See Chapter 6 of the Administrator's Guide for upgrade instructions.
Only provide step-by-step instructions if not documented or if different from the information in the Installation Guide or Getting Started Guide.
Explain what the customer should do after the installation. This could include additional steps, for example:
Restart the HTTP and FTP scanner services using the Control Panel.
If no further action required, write the following:
If upgrading from a previous version:
Clear the browser cache after completing the upgrade and before logging on to the Deep Discovery Inspector management console.
For details, see Chapter 6 of the Administrator's Guide or visit the following page:https://docs.trendmicro.com/all/ent/ddi/v5.7_SP2/en-us/ddi_5.7_sp2_olh/Clearing-the-Browser.html
Include advice to register the product and update. Use the following boilerplate text if appropriate for your product.
Describe things that are still not working or are causing a problem. Do not describe what caused the problem; only include the symptom the customer would have seen, and say it's been fixed.
Do not describe every known issue; describe only the major issues.
Describe how to resolve the problem or at least how to work around it if possible.
If the readme is for a beta release, review the list of issues before sending out the final readme - some of the issues may have been fixed and should no longer appear in the list.
Known issues in this release:
7.1 Scan issue(s)
a. The Manual Scan progress screen may display directories not specified as scan target.
b. Scan exclusion settings for spyware/grayware are disregarded after installation.
7.2 Citrix integration issue
When the "Client Console Access Restriction" is disabled on a Citrix server, notification messages display simultaneously in each logon session.
Deep Discovery Inspector version 5.7 SP2 supports migration from only Deep Discovery Inspector versions 5.7 and 5.7 SP1.
When Deep Discovery Director - Network Analytics as a Service is integrated without a proxy, and then a proxy is enabled for Deep Discovery Director - Network Analytics as a Service, Deep Discovery Inspector can no longer connect to Deep Discovery Director - Network Analytics as a Service. To reconnect Deep Discovery Inspector to Deep Discovery Director - Network Analytics as a Service, disable Deep Discovery Director - Network Analytics as a Service in the Deep Discovery Director management console, and then enable Deep Discovery Director - Network Analytics as a Service in the Deep Discovery Director management console and enable the appliance proxy settings before saving the configuration settings.
When Deep Discovery Director - Network Analytics (DDD - NA) on-premises 3.0 is integrated with Deep Discovery Inspector and then you migrate to Deep Discovery Inspector 5.7 or above, the DDD - NA integration will not be migrated. To continue using DDD - NA after migration, perform a fresh install of Deep Discovery Director 5.2 (Install in consolidated mode > Install internal Network Analytics version) and reintegrate with Deep Discovery Inspector.
Deep Discovery Inspector deployed in AWS truncates mirrored packets larger than 8947 bytes due to the AWS traffic mirror limitation. To avoid truncation, the MTU size in the traffic mirror source needs to be set to equal or less than 8947 bytes.
The encapsulated remote mirroring feature in Deep Discovery Inspector (under Show advanced settings in the Administration > System Settings > Network Interface screen) supports only IPv4 addressing to receive mirrored traffic. IPv6 addressing is not supported.
During peak resource usage on a Deep Discovery Inspector virtual appliance deployed with a virtual distributed switch that is configured for encapsulated remote mirroring, the ESXi mirroring source might drop packets during transmission.
For Backup / Restore under Administration > System Maintenance, Deep Discovery Inspector 5.7 only supports configuration restored from Deep Discovery Inspector 5.5, 5.6 and 5.6 SP1. Also, cross-language backup/restore is not supported.
Deep Discovery Inspector 5.0 and above cannot communicate with Smart Protection Server version 3.2 or earlier. To avoid this issue, upgrade your Smart Protection Servers to version 3.3, or go to Administration > Monitoring / Scanning > Web Reputation and then configure the smart protection source as "Trend Micro Smart Protection Network".
Deep Discovery Inspector 5.0 and above cannot communicate with the following products or services when TLS enforcement for Secure Protocol is enabled:
After opening the Deep Discovery Inspector management console from Control Manager or Apex Central using single sign-on, features that involve file upload behavior do not function, such as migration, hot fix application, and configuration import.
When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of Deep Discovery Inspector may be affected. Trend Micro recommends evaluating the system load capacity on Deep Discovery Inspector before using a Windows 10 sandbox environment for analysis.
After resetting the one-time password on an integrated Check Point appliance, suspicious Objects and C&C callback addresses are not distributed to the Check Point appliance and the following message is generated in the Deep Discovery Inspector System Logs: "Unable to distribute suspicious objects to Check Point OPSEC. Verify that the Check Point OPSEC settings are correct and that no network problem exists." To avoid this issue, type and then save the new SIC one-time password in Deep Discovery Inspector.
Performing concurrent file downloads or log exports can cause the management console to behave unexpectedly. To avoid this issue, wait until a file download or log export completes before starting another.
After migration, information on some screens might not appear. To view the information, clear the browser cache and refresh the page.
When opening an exported CSV file on a European Windows platform, all data might appear in the first column. To view the fields in separate columns, at the beginning of the CSV file, insert "sep=," as a new line and reopen the CSV file in Excel.
After rebooting from migration, immediately performing an update or firmware upgrade causes the internal Virtual Analyzer to fail. To prevent this issue, after rebooting from migration, go to the Administration > Virtual Analyzer > Internal Virtual Analyzer > Status screen and ensure that the status is "Running" before performing an update or firmware upgrade.
On the System Logs screen, if the selected time period contains a time change from standard time to daylight saving time or from daylight saving time to standard time, the timestamp information will shift after the time change occurs.
With the management console open in Firefox, if logs are still loading on the Detections > All Detections screen when the Export button is clicked, the loading process will be interrupted. Use Chrome or Internet Explorer instead.
After migration from a previous release, any customized dashboard configuration and dashboard layout changes are restored to default.
When navigating to another tab immediately after landing on the Dashboard > Summary tab, tab layouts do not display correctly.
When editing advance filters on the Affected Hosts and All Detections screens and the system reaches the configured session timeout, Deep Discovery Inspector logs off the management console without notice and unsaved edits are lost. To avoid this issue, save frequently, and go to Administration > System Settings > Session Timeout and extend the session timeout setting.
IPv6 format cannot be used to configure IP settings for Proxy or for all Deep Discovery Inspector integrated products and services. Use IPv4 format instead.
In the Threat Summary and Watch List widgets, if the selected time period is "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days".
In the Top Affected Hosts widget and all Top Trends widgets, if the selected time period is "Past 1 hour" or "Past 24 hours" and contains a time change from standard time to daylight savings time or from daylight savings time to standard time, the widgets display the wrong information. To view correct information when selecting a time period that contains a seasonal time change, select "Past 7 days" or "Past 30 days".
When opening an exported .csv file on a Mac platform, Deep Discovery Inspector returns unreadable code in the first field. Open exported log files in Windows only.
In log and on-demand report queries, the "Custom range" calendar displays in browser time, not in Deep Discovery Inspector system time. To align, set your browser time zone to your Deep Discovery Inspector system time zone.
The URL of a detected "Suspicious URL" displayed in a notification email is an active link. Avoid clicking on the link to the detected URL.
A manual "Update Components" action cannot be stopped while the action is in-process.
On some Deep Discovery Inspector screens, the date and time format does not follow an international standard.
Each management console user account is provided with a shared dashboard. Changes to one user account dashboard affect the dashboards of other user accounts.
When uploading Virtual Analyzer images from an FTP server:
The Malicious Scanned Network Traffic widget does not include historical data in the displayed statistics after the Deep Discovery Inspector appliance is restarted. The correct data eventually displays after a few minutes.
Traffic data in some widgets cannot be purged on the management console. The Scanned Traffic by Protocol widget displays data even after logs are deleted on the Administration > Storage Maintenance screen.
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.https://www.trendmicro.com/en_us/contact.html
NOTE: This information is subject to change without notice.
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information
Copyright 2020, Trend Micro Incorporated. All rights reserved.
Substitute trademarks specific to your product for the %%%.
Trend Micro, the Trend Micro logo, Deep Discovery, Deep Discovery Inspector, Trend Micro Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.