Trend Micro has been made aware of a vulnerability in Deep Security 9.5 for Linux where the Real-time Anti-malware scan engine could potentially fail to detect malware if it is located in a directory location with certain specific characteristics.
To address this issue, Trend Micro has released Deep Security Manager (DSM) 9.5 Service Pack (SP) 1 Critical Patch Release 9.5.5602 and Deep Security Agent (DSA) 9.5 SP 1 Critical Patch Release 220.127.116.1165. All customers using Real-Time Anti-Malware scanning are recommended to apply these critical patches as soon as possible.
Download the critical patches for DSM and DSA from Trend Micro Download Center. Under Server and Storage, select the Deep Security product and then go to the Product Patch tab. Installation instructions and other important information can be found in the readme file that is available from the same location as the patches.
Trend Micro would like to credit Nathan Young of the eSecure Security Assurance team for the responsible disclosure of the issues addressed in this advisory.