Summary
Trend Micro Deep Security Rule Update (DSRU) 20.031, released on July 7, 2020 (00:41 UTC), contained an updated rule (1002779 - Microsoft Windows - System File Modified) that could dramatically increase the Integrity Monitoring data that is collected from a Windows agent.
DSRU 20.032, released on July 8, 2020 (19:03 UTC), includes a fix that addresses the issue.
DSRU 20.032, released on July 8, 2020 (19:03 UTC), includes a fix that addresses the issue.
Details
Deep Security Customers
This affects a Deep Security deployment which:- has imported (automatically or manually) DSRU 20.031 into the Deep Security Manager (DSM); and
- has Deep Security Agents running on Microsoft Windows with Integrity Monitoring enabled; and
- has rule 1002779 applied to the Deep Security Agent (manually applied or via recommendation scan).
Security functions on the Deep Security Agent are unaffected.
If a customer has imported DSRU 20.031, they should immediately import and apply DSRU 20.032.
Cloud One Workload Security Customers
This affected Cloud One Workload Security customers when DSRU 20.031 was applied. DSRU 20.032 was applied immediately upon release.Customers affected may have experienced symptoms related to agent status (Agent Offline, Agent Policy Send Failed) or agent activation failures.