Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Rule Update (DSRU) 20.031 Potential for Significantly Increased Database Storage Growth for Integrity Monitoring Users

    • Updated:
    • 17 Jul 2020
    • Product/Version:
    • Cloud One - Workload Security All
    • Deep Security All
    • Deep Security As A Service
    • Platform:
Summary
Trend Micro Deep Security Rule Update (DSRU) 20.031, released on July 7, 2020 (00:41 UTC), contained an updated rule (1002779 - Microsoft Windows - System File Modified) that could dramatically increase the Integrity Monitoring data that is collected from a Windows agent.

DSRU 20.032, released on July 8, 2020 (19:03 UTC), includes a fix that addresses the issue.
Details
Public

Deep Security Customers

This affects a Deep Security deployment which:
  • has imported (automatically or manually) DSRU 20.031 into the Deep Security Manager (DSM); and
  • has Deep Security Agents running on Microsoft Windows with Integrity Monitoring enabled; and
  • has rule 1002779 applied to the Deep Security Agent (manually applied or via recommendation scan).
Customers affected by this issue will experience significantly increased rate of database storage consumption for the Deep Security Manager, potentially causing Deep Security instability if database storage is exhausted.

Security functions on the Deep Security Agent are unaffected.

If a customer has imported DSRU 20.031, they should immediately import and apply DSRU 20.032.

 

Cloud One Workload Security Customers

This affected Cloud One Workload Security customers when DSRU 20.031 was applied.  DSRU 20.032 was applied immediately upon release.  

Customers affected may have experienced symptoms related to agent status (Agent Offline, Agent Policy Send Failed) or agent activation failures.
Premium
Internal
Partner
Rating:
Category:
Update
Solution Id:
000258327
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.