<<<>>> Trend Micro, Inc. March 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Virtual Analyzer Image Preparation Tool Version 5.0 | Build 5.0.1416 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file is current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://docs.trendmicro.com/ Contents =================================================================== 1. About Trend Micro Virtual Analyzer Image Preparation Tool 2. What's New 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Trend Micro Virtual Analyzer Image Preparation Tool ======================================================================== The Image Preparation Tool allows you to create custom sandbox images to support your Deep Discovery and TippingPoint Advanced Threat Protection deployments. 2. What's New ======================================================================== 2.1 New Features and Enhancements ===================================================================== This build includes the following new features and enhancements: 2.1.1 Deep Discovery Director Support --------------------------------------------------------------------- The tool now supports compressing custom sandbox images for uploading to Deep Discovery Director. Only images compressed in TAR format by the tool can be uploaded to and deployed from Deep Discovery Director. 2.1.2 New image creation --------------------------------------------------------------------- Create new custom sandbox images for Trend Micro Deep Discovery(TM) and Trend Micro TippingPoint(TM) Advanced Threat Protection solutions, which includes: Deep Discovery Inspector(TM), Deep Discovery Email Inspector(TM), Deep Discovery Analyzer(TM), TippingPoint(TM) Advanced Threat Protection for Networks, TippingPoint(TM) Advanced Threat Protection for Email, TippingPoint(TM) Advanced Threat Protection Analyzer. 2.1.3 Import image --------------------------------------------------------------------- Validate and correct configuration from imported images 2.1.4 Support for Windows 7, Windows 8 and Windows 10 --------------------------------------------------------------------- Run this tool on any computer with Windows 7, Windows 8 or Windows 10 installed. 2.1.5 Japanese language support --------------------------------------------------------------------- This tool is now available in Japanese. 2.1.6 Enhanced hardware identifier configuration --------------------------------------------------------------------- Enhanced configuration of universally unique identifiers (UUIDs) eliminates the need to reactivate Microsoft Windows and Microsoft Office. 2.1.7 Enhanced debug log content --------------------------------------------------------------------- More detailed error descriptions enable faster troubleshooting. 2.1.8 Checking and starting of the Windows SMB service --------------------------------------------------------------------- The tool enables Windows SMB service (TCP port 445) which is used for communication within Virtual Analyzer. 2.1.9 Improved performance through .NET optimization --------------------------------------------------------------------- Fine-tuning of timeout settings in the .NET framework results in improved performance. 2.1.10 Virtual machine chipset detection --------------------------------------------------------------------- The tool detects if the correct chipset has been selected in the virtual machine settings. If the wrong chipset has been selected, an error message will instruct the user on how to address the issue. 2.1.11 Audio settings detection --------------------------------------------------------------------- The tool detects if audio related settings have been enabled in the virtual machine. Malware checks for known sandbox characteristics, such as disabled audio devices and settings, to evade detection and analysis. 2.1.12 Kingsoft WPS Office detection --------------------------------------------------------------------- The tool detects if Kingsoft WPS Office has been installed in the virtual machine. 2.1.13 Network settings detection --------------------------------------------------------------------- The tool detects if IPv4 settings have been configured to automatically obtain an IP address (DHCP). 2.1.14 Improved error classification for OVA exports --------------------------------------------------------------------- The classification of VirtualBox errors that appear during OVA exports has been improved. 2.1.15 Microsoft Office 2016 detection --------------------------------------------------------------------- The tool detects if Microsoft Office 2016 has been installed in the virtual machine. 2.2 Resolved Issues ===================================================================== This build ensures that: 2.2.1 Virtual machines are stopped before processing is canceled. 2.2.2 The "View detailed log" button is displayed even when an OVA file is incorrectly named. 2.2.3 Dialog box content is not editable. 2.2.4 Macros are enabled in all Microsoft Office applications. 2.2.5 The "Specify Virtual Machine" screen is automatically refreshed. 2.2.6 AutoPlay is automatically enabled in Windows 8 and 8.1. 2.2.7 The .NET Framework version is detected in Windows 8 and 8.1. 2.2.8 The .NET Framework version is 3.5 or above. 2.2.9 The verification process is stopped if the virtual machine is not powered on. 2.2.10 The tool enables "File and Printer Sharing for Microsoft Networks" whenever disabled. 2.2.11 Detailed logs appear. 2.2.12 The Japanese version is completely localized. 2.2.13 The tool does not support VirtualBox 5.0.6 because a defect prevents the first serial port from functioning properly. 2.2.14 The startup folder that prevents the tool from functioning is removed from the virtual machine. 2.2.15 The "VBoxSVC.exe" process is stopped whenever unresponsive. 2.2.16 The "Boot to desktop mode" is enabled on Windows 8 and 8.1. 2.2.17 The "Register this connection's addresses in DNS" option is cleared in order to avoid false positives. 2.2.18 The CD/DVD drive is on "Secondary Master". 2.2.19 Virtual machines are not lost when the tool changes the virtual machines' universally unique identifiers (UUIDs). 2.2.20 The "Shutdown Event Tracker" is disabled on Windows Server operating systems. 2.2.21 Group Policy settings are reset. 2.2.22 The virtual machine is not a member of any domain. 2.2.23 Autoplay is disabled via Group Policy settings in Windows 8.1. 2.2.24 Windows verification always passes. 2.2.25 The tool does not show the "Original image file" checklist item on the "Sandbox Ready" screen. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: - User's Guide -- a PDF document that contains instructions about creating new VirtualBox images, migrating VMware images to VirtualBox images, and using the Image Preparation Tool. - Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Supported Products --------------------------- - Deep Discovery Inspector 3.8, 3.8 Service Pack 1, 3.8 Service Pack 2, 3.8 Service Pack 3, and Service Pack 5 - Deep Discovery Email Inspector 2.1, 2.5, 2.5 Service Pack 1, and 2.6 - Deep Discovery Analyzer 5.1, 5.5, 5.5 Service Pack 1, and 5.8 - TippingPoint Advanced Threat Protection for Networks 3.8 Service Pack 2, and 3.8 Service Pack 3 - TippingPoint Advanced Threat Protection for Email 2.5, and 2.5 Service Pack 1 - TippingPoint Advanced Threat Protection Analyzer 5.5, and 5.5 Service Pack 1 Host Operating System --------------------------- Build 3.8.1009 and later: - Windows 7 (32/64-bit) - Windows 8/8.1 (32/64-bit) - Windows 10 (32/64-bit) Build 3.8.1240 and later: - Windows Server 2003/2003 R2 - Windows Server 2008/2008 R2 Note: - Microsoft .NET Framework 3.5 or later must be installed on the host operating system. - Hardware virtualization in the motherboard BIOS of the host operating system must be enabled to support Windows 8 or any 64-bit guest platforms. - The tool can detect hardware virtualization only on Windows 8 or later hosts. Required Applications --------------------------- - Oracle VM VirtualBox 4.3 or later (except 5.0.6) 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== 1. Obtain a copy of the Image Preparation Tool package "SandboxWizard.zip" from your support provider. 2. Verify that the computer that hosts the tool and target image meets the minimum requirements. For more information, see "4. System Requirements". 3. Extract the package content to a temporary folder. 4. To run the tool, go to the temporary folder and then double-click "SandboxWizard.exe". 5.2 Uninstallation ===================================================================== No uninstallation steps are provided. 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. 7. Known Issues ======================================================================== The following are the known issues in this release. 7.1 There are instances when background processes run by the Image Preparation Tool require manual user intervention. For example, a User Account Control popup dialog box appears if the Windows user account that is used to run the tool does not have administrator privileges. You need to verify and/or provide actions for any tool-related prompts that may appear. 7.2 VirtualBox 5.0.22 and the Image Preparation Tool have some compatibility issues. The Image Preparation Tool may not be able to successfully prepare Virtual Machine images created using VirtualBox 5.0.22. Use the latest version of VirtualBox to ensure that the Image Preparation Tool can successfully prepare Virtual Machine images. 8. Release History ======================================================================== Build 3.8.1009 April 2015 Build 3.8.1061 May 2015 Build 3.8.1132 August 2015 Build 3.8.1196 October 2015 Build 3.8.1240 December 2015 Build 5.0.1068 February 2016 Build 5.0.1105 March 2016 Build 5.0.1268 August 2016 Build 5.0.1332 October 2016 Build 5.0.1416 March 2017 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 25 years experience, we deliver top-ranked security that fits our customers?needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, and Deep Discovery are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide