<> TXOne Networks, Inc. April 08, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TXOne StellarProtect 1.2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: This readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: https://docs.trendmicro.com/ TXOne Networks always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any TXOne Networks documents, please contact us via Trend Micro at the e-mail docs@trendmicro.com. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docs.trendmicro.com/en-us/survey.aspx ================================================================ Contents ================================================================ 1. About TXOne StellarProtect 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 6. Known Issues 7. Release History 8. Contact Information 9. About TXOne Networks 10. License Agreement ================================================================ 1. About TXOne StellarProtect ================================================================ StellarProtect is an agent-based protection product that resides on endpoints, and it is normally set up with a server program called StellarOne that allows for central management of agents. TXOne StellarProtect provides an ICS-compatible, high performance, and zero touch endpoint protection solution. The TXOne StellarProtect agent includes the following new features and benefits: - Industrial-Grade Next-Generation Antivirus: Secures OT assets with no interruption to operations with ICS root of trust and advanced threat scan - Operations Behavior Anomaly Detection: Detects abnormal operations and enforces least privilege-based control to prevent malware-free attacks - ICS Application Safeguard: Intelligently locates and secures the integrity of the ICS process from ICS targeted attacks by device - USB Vector Control: Prevents insider threats by only allowing usage of USB ports on a case-by-case administrator-reviewed basis By using fewer resources and without the need for regular software or system updates, StellarProtect can reliably secure modernized computers in industrial and commercial environments with little performance impact or downtime. The TXOne StellarOne console provides centralized monitoring and management of TXOne StellarProtect's agent deployment, status, and events. For example, administrators can manage devices with global or group policies, configure StellarOne configurations and manage events and logs. In addition, StellarOne can be used to schedule StellarProtect's scanning operations. The administrator can view the blocked information from the StellarProtect agent and determine actions to be taken on these blocked files. This reduces the time and effort required to verify the threat, and facilitates a quick response to the incident. ================================================================ 2. What's New ================================================================ - Safeguard enhance user interface for better experience: required both server and agent with 1.2 version. - Prescan enhancement: Difference scan speed mode for difference user scenario. - Allow user to install StellarProtect agent which can be management from StellarOne to install with extended license. - StellarProtect 1.2 officially support Windows 11. - OBAD will be management and over-write by StellarOne policy setting. ================================================================ 3. Documentation Set ================================================================ To download or view electronic versions of the documentation for this product, please visit https://docs.trendmicro.com. - Installation and Administrator's Guide (IG/AG): The Installation chapter contains information on requirements and procedures for installing and deploying TXOne StellarProtect. The Administrator's Guide provides post-installation instructions on how to configure settings to help you get StellarProtect up and running. It also includes instructions on performing other administrative tasks to maintain StellarProtect. - Support Portal: The Trend Micro Support Portal provides support for TXOne Networks products, and will contain information on troubleshooting and resolving known issues. To access the Support Portal, go to https://success.trendmicro.com/ ================================================================ 4. System Requirements ================================================================ 4.1 Hardware Requirements ================================================================ TXOne StellarProtect does not have specific hardware requirements beyond those specified by the operating system, with the following exceptions: - Available free disk space: 200MB minimum,300MB recommended - Monitor and resolution: VGA (640x480), 16 colors NOTE: TXOne StellarProtect supports only CPUs with Intel 64 and IA-32 Architectures. ================================================================ 4.2 Software Requirements ================================================================ TXOne StellarProtect is developed based on the following version of the .Net framework: - .Net framework Ver 3.5 SP1 or 4.0 available NOTE: By default, StellarProtect uses port 14336, which is sometimes blocked by firewalls. Please make sure this port is kept open for StellarProtect's use. ================================================================ 4.3 Supported Operating Systems ================================================================ TXOne StellarProtect can be installed on the following Microsoft Windows platforms: Windows Clients: - Windows 7 (No SP/SP1) [Professional / Enterprise / Ultimate] (32/64bit) - Windows 8 (No SP) [Pro/Enterprise] (32/64bit) - Windows 10 (RS1/RS2/RS3/RS4/RS5/20H1/20H2/21H1) [Pro/Enterprise/IoT Enterprise] (32/64bit) - Windows Embedded 8 Standard (No SP) (32/64bit) - Windows Embedded 8.1 [Pro/Industry Pro](No SP) (32/64bit) - Windows Embedded POSReady 7 (32/64bit) - Windows 11 Windows Server: - Windows Server 2008 SP1/SP2 (32-bit and 64-bit) - Windows Server 2008 R2 (SP1) [Standard / Enterprise / Storage] (64bit) - Windows Server 2012 (No SP) [Essentials/Standard] (64bit) - Windows Server 2012 R2 (No SP) [Essentials/Standard] (64bit) - Windows Storage Server 2012 Standard (64bit) - Windows Server 2016 (No SP) [Standard] (64bit) - Windows Server 2019 Standard (64bit) ================================================================ 5. Installation ================================================================ Please see the Installation chapter of the StellarProtect IG/AG (Installation Guide & Administrator's Guide) document. ================================================================ 5.1 Prescan ================================================================ The prescan function can scan the whole device to add all present ICS applications to the Approved List before StellarProtect is activated. - Before the prescan, please empty the recycle bin. - The prescan process may take 30 minutes to 5 hours, depending on how many apps are installed on the device. - It is strongly recommended NOT to skip the prescan, which may cause later delays in the operation of ICS applications. ================================================================ 6. Known Issues ================================================================ Known issues in this release are listed below, in 6.1 - 6.8: ================================================================ 6.1 Installation and Uninstallation ================================================================ a. StellarProtect cannot be installed on endpoints when other TXOne or Trend Micro products are already installed. b. StellarProtect does not support changing language versions during StellarProtect upgrades. c. If StellarProtect is installed silently and the endpoint must be restarted, it must be restarted manually. d. The Windows Event Log may contain garbled characters after uninstallation of StellarProtect. e. After uninstallation, the following files are not removed by Setup, but can be removed manually: Temp files - C:\Windows\Temp\StellarProtect*.log Log files - Installation folder If StellarProtect service was stopped before uninstallation, you must manually remove the StellarProtect installation folder. f. On Windows Server 2008 R2, the ICS application inventory is not supported at install. The user must upgrade the .NET Framework to version 3.5 SP1, and then it will work. g. StellarProtect Description modify from StellarOne will be over-write by agent after sync. ================================================================ 6.2 Upgrade ================================================================ a. Some limitation of Safeguard feature after upgrade from 1.0 or 1.1: - User-defined rule will not migrate and user have to define them again from StellarOne. - Standalone agent might cannot enable safeguard using agent console. It's required to use CLI in this case. b. StellarProtect Agent in customized policy mode will become inherit mode for group policy after upgrade to 1.2. c. 1.1 protect agent in customized policy mode setting after upgrade to 1.2 environment, will become inherit policy setting at first. And after sync time will become customized policy mode, but in this situation policy cannot edit, will get error return. - Workaround: Need switch agent policy to "Inherit" from group policy, after save the setting, switch back to customized mode. ================================================================ 6.3 General ================================================================ a. The Universal Windows Platform is not supported. b. StellarProtect does not support virtualized applications or applications encrypted at the file-system level. c. All StellarProtect features require Windows Administrator privileges. d. StellarProtect displays incorrectly at DPI settings other than the Windows default. e. StellarProtect only supports configuration files using UTF-8 encoding. f. If the system tray icon is enabled, local and remote users cannot open the StellarProtect console at the same time. g. The StellarProtect console and command line interface cannot be used at the same time by the logged-on user or by simultaneously logged on Windows accounts. h. When the computer is restarted, the Service Stopped event (Event ID 0x1001) is not logged. i. Default value of Windows Event Log size is 1,024 KB for new installations. Upgrading the StellarProtect agent does not change any user-defined WEL_SIZE values set in the previous installation. j. Files that are restored and added to the approved list on StellarProtect 1.0 will be removed and might be detected again after StellarProtect 1.1's scan components are updated. ================================================================ 6.4 Industrial-Grade Next-Generation Antivirus(NGAV) ================================================================ a. StellarProtect integrates ICS application system recognition technology, which can greatly reduce the occurrence of false alarms. b. After a component update is complete, you cannot roll back the component to a previous version. ================================================================ 6.5 Operations Behavior Anomaly Detection ================================================================ a. This function mainly allows StellarProtect to monitor specific high-risk applications to stop legitimate programs from being misused. Users can add other monitoring processes on the StellarOne website. High-risk applications are listed as below: - wscript.exe - cscript.exe - mshta.exe - powershell.exe - psexec.exe ================================================================ 6.6 USB Vector Control ================================================================ a. This function mainly provides identification of and protection from external USB storage devices. It uses the USB device's Vendor ID (VID), Product ID (PID) and Serial Number (SN) to determine whether the device is a trusted USB storage device. b. When an unauthorized device is plugged in for the first time, the user will be prompted to enter the administrator password. This is set up as a single authorization to increase user convenience. c. USB Vector Control has a one-time allow function to approve USB storage access after administrator authentication. ================================================================ 6.7 DLL Injection Protection ================================================================ a. DLL injection protection can ONLY be enabled in 32-bit Windows OSes. ================================================================ 6.8 Diagnostic Toolkit ================================================================ a. By default, no troubleshooting logs are collected. To collect diagnostic information, enable debug logging in the Diagnostic Toolkit. b. Troubleshooting logs cannot be stored using mapped drive paths or UNC paths. c. Extracting the log archive located in the installation folder requires a password. To access the archive's contents, copy the ZIP file to another folder, extract it, and leave the password field blank. ================================================================ 7. Release History ================================================================ For more information about updates to this product, go to: https://www.trendmicro.com/download TXOne StellarProtect 1.2.0.1089 - April 20, 2022 ================================================================ 8. Contact Information ================================================================ A license to TXOne Networks software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase. After the first year, you must renew the license on an annual basis at TXOne's then-current maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of TXOne products. https://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. ================================================================ 9. About TXOne Networks ================================================================ TXOne Networks Inc. is a joint venture between Trend Micro and Moxa Inc. TXOne Networks Inc. offers cybersecurity solutions to protect industrial control systems (ICS), ensuring reliability and safety from cyberattacks. ================================================================ 10. License Agreement ================================================================ View information about your license agreement with TXOne Networks at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Installation and Administrator's Guide