Views:

Select the component to show its known issues:

  • Deep Security Agent does not support scanning a mounted network folder (SMB) on the following Windows platforms:
    • Windows 2012 Server R2 (64-bit)
    • Windows 2012 Server (64-bit)
    • Windows 8.1 (32/64-bit)
    • Windows 8 (32/64-bit)
  • When using agentless protection in NSX environment, Deep Security Notifier will not work if only WRS feature is enabled. Agentless anti-malware must also be enabled for Deep Security Notifier to work.
  • When Wireshark is monitoring packets, they are incorrectly presenting outgoing packets through NdisFilterRecv packet which is supposedly for incoming packets. All the Deep Security Agents are affected if installed in Windows Vista, 7, 2008, and 2008 R2.
    To fix this, use Microsoft Network Monitor instead when capturing packet.
  • Deep Security Agent may not successfully install on the first release of Ubuntu 12.04 without any updates and patches.
  • The TLS version 1.1 and 1.2 are not supported in SSL Inspection of Intrusion Prevention feature.
  • The Relay feature uses TCP port 4122. When enabling the Relay feature, make sure TCP port 4122 is allowed in any firewall being used.
  • Fanotify hook is not supported in this release.
  • Relay feature is not supported on Windows XP.
  • The Deep Security Agent anti-malware files and folder might be unremoved on 9.0 agents upgraded to 9.5 when uninstallation is performed. This only happens when anti-malware feature is enabled and then disabled in 9.0 before upgrading to 9.5. Then, the anti-malware feature is never enabled in 9.5 before uninstallation. To fix this issue, follow the procedure in this article: Manually uninstalling Deep Security Agent, Relay, and Notifier from Windows.
  • Process Image File exclusion is only supported in Deep Security Agent protection for Windows.
  • Some Anti-Malware events are not generated when using Windows built-in decompress tool on Windows Vista and later versions. This issue will not happen when using a third party decompress tool.
  • The Deep Security Manager will display the platform of CentOS machines as RedHat. This is because the agent package used in CentOS and RedHat are the same and labeled as RedHat agent package.
  • The Windows Add/Remove Programs or the Programs and Features does not show the exact version of the Deep Security Agent. Deep Security Agent version consists of major.minor.sp-build but the Windows only show them as major.minor.build.
  • Disable Deep Security Agent's anti-malware realtime scan when installing on SAP server with Virus Scan Adapter to prevent race condition.
  • CPU usage control in Scan for Integrity may not work after a reboot. Rebuilding the Integrity Baseline or reactivating it will fix this.
  • In Linux platforms, some malwares may not be detected if the DNS slowly responds to queries.
  • During anti-malware Real-time scan, Deep Security Agent may produce multiple Delete Failed events even when the deletion is successful. This rarely occurs but it happens when the file is being temporarily locked by other processes.
  • When upgrading to Deep Security Agent 9.5 on Windows 2012, an error message saying "Service ‘Trend Micro Deep Security Agent’(ds_agent) could not be installed. Verify that you have sufficient privileges to install system services." may appear. Run a Windows Update troubleshooter to resolve the issue.
  • Deep Security Notifier will show the status of Intrusion Prevention as Not Configured if the IPS has no rules assigned even if it is On.
  • On a freshly installed Deep Security Agent on Linux platform, the status "Security Update in Progress" appears after assigning a policy. As a workaround, restart the agent.
  • After applying IPS rule 1005560, Deep Security Agent on Linux Web Server might interfere with TCP flow when working with F5 Load Balancer.
  • Some security components of Deep Security Agent with Relay feature enabled may get removed unexpectedly after an update. As a workaround, retry the security update.

  • The NSX (network visualization components on vSphere hosts), VMware endpoint, and Trend Micro Deep Security service cannot install and deploy successfully when a new host is added to the same cluster. As a workaround, add the new host to the dvSwitch before adding it to the cluster.
  • After Deep Security Virtual Appliance deployment, creating Trend Micro Service in VMware vSphere may occasionally produce the error "Cannot complete the operation". This happens when Deep Security Virtual Appliance has just started and some services are not yet running. As a workaround, try the operation again at a later time.
  • VMWare NSX may not automatically apply the VMWare NSX Security Policy to new VMs, cloned VMs, or VMs that are moved to a protected port group. If you noticed that the Deep Security Virtual Appliance is not providing protection under the pre-mentioned conditions, go to VSphere Web Client and edit the Service Composer > Security Group > Trend VM Security Group, make no changes but click Finished. This will trigger NSX to reapply the VMWare NSX Security Policy to the proper VMs.
  • In NSX Environment, assigning IPv6 address to the Deep Security Virtual Appliance using IPv6 pool is not supported.
  • In NSX Environment, Layer 2 packets are not passed to the Deep Security Virtual Appliance, Therefore, these packets are bypassed (e.g. ARP).
  • The TLS version 1.1 and 1.2 are not supported in SSL Inspection of Intrusion Prevention feature.
  • In very rare situation in NSX environment, an agentless protected virtual machine will have a status of Anti-Malware Offline even when all requirements are met and reactivation has been performed.
  • In NSX environment, Deep Security Virtual Appliance should be uninstalled prior to moving the ESXi host to a different cluster.
  • It takes about 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is located at <DSM Install Directory>\temp will result in failure.
  • In NSX environment, when deploying the Deep Security Virtual Appliance, the error "Unable to access agent OVF package file at https:<DSM URL>/appliance/NSX/system.vmdk may appear indicating that the user cancelled the task. Retry the installation when this happens.
  • When using Firewall and IPS Rule Schedules, the rule will take effect on DSVA's timezone which is configured as UTC in version 9.5.
  • In NSX environment, when several agentless protected guest virtual machines are vMotioned simultaneously, some VMs will be reactivated after vMotion.
  • NSX manager shows failed status of Trend Micro Deep Security installation on existing cluster when the deployment URL has been changed. When this happens, do not click the Resolve button because it will try to upgrade the existing master appliance which will result to the appliance being redeployed. As a result, the VMs that are activated will no longer be activated. It is recommended to host the appliance dsva.ovf on an external web server, and do not change the URL of the appliance after it has been deployed.
  • When preparing ESXi 5.5 to deploy the filter driver, the error "Failed to download VIB" may appear. This happens when the Deep Security Manager has Deep Security Agent installed and Intrusion Prevention enabled. TLS version 1.2 is being used and is not supported in SSL Inspection of Intrusion Prevention feature. As a workaround, disable Intrusion Prevention on the Agent installed on the Deep Security Manager, or create a bypass rule between the Deep Security Manager and the ESXi host.

  • The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4.
  • Coordinated approach in NSX is not supported in this build. Appliance (agentless) protection appears active and online even when Deep Security Agent is installed and online.
  • Agentless protection is not supported in ESX 5.1 with NSX. ESX 5.5, VCenter 5.5, and NSX Manager 6.0.5 are the minimum requirements for agentless protection.
  • Excluding a folder in Anti-Malware agentless protection will also exclude folders that starts with the same folder name. For example, excluding c:\temp also excludes c:\temp1 and c:\temp2 from Anti-Malware scanning.
  • Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Security Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events.
  • When preparing ESXi 5.5 for Deep Security Virtual Appliance (DSVA) 9.5 deployment, you get the following error during Filter Driver installation: "The installation transaction failed". Follow the procedure in this article to resolve the issue: Unable to install Deep Security 9.0 Service Pack (SP) 1 Patch 2 Filter Driver on ESXi 5.5.
  • It takes about 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is located in <DSM Install Directory>\temp results in failure.
  • The Deep Security Manager will display the platform of CentOS machines as RedHat. This is because the agent package used in CentOS and RedHat are the same and labeled as RedHat agent package.
  • Location awareness will not work on pure IPv6 environment.
  • Infected file will still appear in Quarantined Files list even if the Anti-Malware Event shows "Quarantine Failed".
  • In the computer updates page, DSM will show Smart Scan Agent Pattern, Spyware Active Monitoring Pattern and Virus pattern in Deep Security Agent for Linux regardless of the scan mode.
  • The Out of Sync relays hyperlink displays the correct count but clicking the link displays both out of date computers and relays.
  • When preparing ESXi 5.5 to deploy the filter driver, the error "Failed to download VIB" may appear. This happens when the Deep Security Manager has Deep Security Agent installed and Intrusion Prevention is enabled. TLS version 1.2 is being used and is not supported in SSL Inspection of Intrusion Prevention feature. As a workaround, disable Intrusion Prevention on the Agent installed on the Deep Security Manager, or create a bypass rule between the Deep Security Manager and the ESXi host.
Keywords: issues in deep sec 9.5,ds 9.5 problems,common problems in deepsecurity