<> TXOne Networks, Inc. June 30, 2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TXOne StellarProtect 1.2 Patch 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: This readme file was current as of the date above. TXOne Networks is a joint venture of Trend Micro and Moxa, and support for TXOne Networks products is provided by Trend Micro. All technical support goes through Trend Micro engineers. All customers are advised to check the Trend Micro website for documentation updates at: https://success.trendmicro.com/ TXOne Networks always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any TXOne Networks documents, please contact us at docs@txone-networks.com. Your feedback is always welcome. Please evaluate this documentation on the following site: https://docs.trendmicro.com/en-us/survey.aspx ================================================================ Contents ================================================================ 1. About TXOne StellarProtect 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 6. Known Issues 7. Release History 8. Contact Information 9 . About TXOne Networks 10. License Agreement ================================================================ 1. About TXOne StellarProtect ================================================================ StellarProtect is an agent-based protection product that resides on endpoints, and it is normally set up with a server program called StellarOne that allows for central management of agents. TXOne StellarProtect provides an ICS-compatible, high performance, and zero touch endpoint protection solution. The TXOne StellarProtect agent includes the following new features and benefits: - Industrial-Grade Next-Generation Antivirus: Secures OT assets with no interruption to operations with ICS root of trust and advanced threat scan - Operations Behavior Anomaly Detection: Detects abnormal operations and enforces least privilege-based control to prevent malware-free attacks - ICS Application Safeguard: Intelligently locates and secures the integrity of the ICS process from ICS targeted attacks - Device Control: Prevents insider threats by only allowing usage of USB ports on a case-by-case administrator-reviewed basis By using fewer resources and without the need for regular software or system updates, StellarProtect can reliably secure modernized computers in industrial and commercial environments with little performance impact or downtime. The TXOne StellarOne console provides centralized monitoring and management of TXOne StellarProtect's agent deployment, status, and events. For example, administrators can manage devices with global or group policies, configure StellarOne configurations and manage events and logs. In addition, StellarOne can be used to schedule StellarProtect's scanning operations. The administrator can view the blocked information from the StellarProtect agent and determine actions to be taken on these blocked files. This reduces the time and effort required to verify the threat, and facilitates a quick response to the incident. ================================================================ 2. What's New ================================================================ The TXOne StellarProtect agent now includes the following new features and benefits: TXOne StellarProtect 1.2.2011: - Group Mapping: User can register StellarProtect agent to a specific group directly via StellarOne console. ================================================================ 3. Documentation Set ================================================================ To download or view electronic versions of the documentation set for this product, go to https://docs.trendmicro.com/ - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying TXOne StellarProtect. - Administrator's Guide (AG): Provides post-installation instructions on how to configure the settings to help you get TXOne StellarProtect "up and running". Also includes instructions on performing other administrative tasks for the maintenance of StellarProtect. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to success.trendmicro.com ================================================================ 4. System Requirements ================================================================ 4.1 Hardware Requirements ================================================================ TXOne StellarProtect does not have specific hardware requirements beyond those specified by the operating system, with the following exceptions: - Available free disk space: 200MB minimum, 300MB recommended - Monitor and resolution: VGA (640x480), 16 colors NOTE: TXOne StellarProtect only supports CPUs with Intel 64 and IA-32 Architectures. ================================================================ 4.2 Software Requirements ================================================================ TXOne StellarProtect is developed based on the following version of the .Net framework: - .Net framework Ver 3.5 SP1 or 4.0 available NOTE: By default, StellarProtect uses port 14336, which is sometimes blocked by firewalls. Please make sure this port is kept open for StellarProtect's use. ================================================================ 4.3 Supported Operating Systems ================================================================ TXOne StellarProtect can be installed on the following Microsoft Windows platforms: Windows Clients: - Windows 7 (No SP/SP1) [Professional / Enterprise / Ultimate] (32/64bit) - Windows 8 (No SP) [Pro/Enterprise] (32/64bit) - Windows 10 (RS1/RS2/RS3/RS4/RS5/20H1/20H2/21H1) [Pro/Enterprise/IoT Enterprise] (32/64bit) - Windows Embedded 8 Standard (No SP) (32/64bit) - Windows Embedded 8.1 [Pro/Industry Pro](No SP) (32/64bit) - Windows Embedded POSReady 7 (32/64bit) - Windows 11 Windows Server: - Windows Server 2008 SP1/SP2 (32-bit and 64-bit) - Windows Server 2008 R2 (SP1) [Standard / Enterprise / Storage] (64bit) - Windows Server 2012 (No SP) [Essentials/Standard] (64bit) - Windows Server 2012 R2 (No SP) [Essentials/Standard] (64bit) - Windows Storage Server 2012 Standard (64bit) - Windows Server 2016 (No SP) [Standard] (64bit) - Windows Server 2019 Standard (64bit) ================================================================ 5. Installation ================================================================ 5.1 For user who first installs TXOne StellarProtect, please see the Installation chapter of the StellarProtect IG/AG (Installation Guide & Administrator's Guide) document. ================================================================ 5.2 For user who upgrades existing TXOne StellarProtect, follow below installation steps: ================================================================ To install: 1. Copy the Hotfix executable file to a local folder on the computer where you have installed TXOne StellarProtect. 2. Run the Hotfix executable file. 3. In the setup screen, click "Install" and follow the on-screen instructions to complete the installation. The "Installation successful" message will appear after the system completes the installation. To uninstall: No special uninstallation instructions are provided. ================================================================ 5.3 Prescan ================================================================ The prescan function can scan the whole device to add all present ICS applications to the Approved List before StellarProtect is activated. - Before the prescan, please empty the recycle bin. - The prescan process may take 30 minutes to 5 hours, depending on how many apps are installed on the device. - It is strongly recommended NOT to skip the prescan, which may cause later delays in the operation of ICS applications. ================================================================ 6. Known Issues ================================================================ Known issues in this release are listed below, in 6.1 - 6.9: ================================================================ 6.1 Installation and Uninstallation ================================================================ a. StellarProtect cannot be installed on endpoints when other TXOne or Trend Micro products are already installed. b. StellarProtect does not support changing language versions during StellarProtect upgrades. c. If StellarProtect is installed silently and the endpoint must be restarted, it must be restarted manually. d. The Windows Event Log may contain garbled characters after uninstallation of StellarProtect. e. After uninstallation, the following files will not be automatically removed. User can remove the following files (if necessary) manually: - Temp files - C:\Windows\Temp\StellarProtect*.log - Log files - Installation folder If StellarProtect service was stopped before uninstallation, you must manually remove the StellarProtect installation folder. f. On Windows Server 2008 R2, user must upgrade the .NET Framework to version 3.5 SP1; otherwise the ICS application inventory will not be supported. ================================================================ 6.2 Upgrade ================================================================ a. Some limitation of Safeguard feature after upgrading from 1.0 or 1.1: - User-defined rule will not migrate and user has to define them again from StellarOne. - Under certain situations, safeguard function might not be enabled on standalone agents from agent console. It's required to use CLI in this case. b. For StellarProtect Agent that is originally in customized policy mode, the agent will become inherit mode from group policy after being upgraded to 1.2. ================================================================ 6.3 General ================================================================ a. The Universal Windows Platform is not supported. b. StellarProtect does not support virtualized applications or applications encrypted at the file-system level. c. All StellarProtect features require Windows Administrator privileges. d. StellarProtect displays incorrectly if Windows default DPI settings are changed. e. StellarProtect only supports configuration files using UTF-8 encoding. f. If the system tray icon is enabled, local and remote users cannot open the StellarProtect console at the same time. g. The StellarProtect console and command line interface cannot be used at the same time by the logged-on user or by simultaneously logged on Windows accounts. h. When the computer is restarted, the Service Stopped event (Event ID 0x1001) is not logged. i. Default value of Windows Event Log size is 1,024 KB for new installations. Upgrading the StellarProtect agent does not change any user-defined WEL_SIZE values set in the previous installation. j. Files that are restored and added to the approved list on StellarProtect 1.0 will be removed and might be detected again after StellarProtect 1.1's scan components are updated. k. When daylight saving time mode is enabled, if user uses CLI for schedule scan setting on StellarProtect agent, the system time will be automatically added 1 hour. To solve this issue, it is recommended to set schedule scan via StellarOne console. l. The agent service time will remain unchanged even if the agent system time is changed by user or due to daylight saving time adjustment. It is recommended to adopt either way listed below for solving this issue: - Restart the agent - use ClI to stop and then start the agent service: opcmd.exe -p service stop opcmd.exe -p service start ================================================================ 6.4 Industrial-Grade Next-Generation Antivirus(NGAV) ================================================================ a. StellarProtect integrates ICS application system recognition technology, which can greatly reduce the occurrence of false alarms. b. After a component update is complete, you cannot roll back the component to a previous version. ================================================================ 6.5 Operations Behavior Anomaly Detection ================================================================ a. This function mainly allows StellarProtect to monitor specific high-risk applications to stop legitimate programs from being misused. Users can add other monitoring processes on the StellarOne website. High-risk applications are listed as below: - wscript.exe - cscript.exe - mshta.exe - powershell.exe - psexec.exe ================================================================ 6.6 Device Control ================================================================ a. This function mainly provides identification of and protection from external USB storage devices. It uses the USB device's Vendor ID (VID), Product ID (PID) and Serial Number (SN) to determine whether the device is a trusted USB storage device. b. When an unauthorized device is plugged in for the first time, the user will be prompted to enter the administrator password. This is set up as a single authorization to increase user convenience. c. Device Control has a one-time allow function to approve USB storage access after administrator authentication. ================================================================ 6.7 DLL Injection Protection ================================================================ a. DLL injection protection can ONLY be enabled in 32-bit Windows OSes. ================================================================ 6.8 Diagnostic Toolkit ================================================================ a. By default, no troubleshooting logs are collected. To collect diagnostic information, enable debug logging in the Diagnostic Toolkit. b. Troubleshooting logs cannot be stored using mapped drive paths or UNC paths. c. Extracting the log archive located in the installation folder requires a password. To access the archive's contents, copy the ZIP file to another folder, extract it, and leave the password field blank. ================================================================ 6.9 Group Mapping ================================================================ a. If the StellarProtect agent is inactive due to insufficient license seat count, after group mapping, the StellarOne console will show "All" as the Group name instead of showing the selected group name. However, the selected group name for registration and the successfully registered status will still be shown at the agent side. ================================================================ 7. Release History ================================================================ For more information about updates to this product, go to: https://www.trendmicro.com/download TXOne StellarProtect 1.2.2011 - June 30, 2022 ================================================================ 8. Contact Information ================================================================ A license to TXOne Networks software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase. After the first year, you must renew the license on an annual basis at TXOne's then-current maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of TXOne products. https://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. ================================================================ 9. About TXOne Networks ================================================================ TXOne Networks Inc. is a joint venture between Trend Micro and Moxa Inc. TXOne Networks Inc. offers cybersecurity solutions to protect industrial control systems (ICS), ensuring reliability and safety from cyberattacks. ================================================================ 10. License Agreement ================================================================ View information about your license agreement with TXOne Networks at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Installation and Administrator's Guide