Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro products affected by the Leap Second

    • Updated:
    • 29 Dec 2016
    • Product/Version:
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

The IERS (International Earth Rotation and Reference System Service) has communicated via an official bulletin that a positive leap second will be introduced at the end of December 2016. The leap second needs to be added in 2016 to keep the atomic clock time in sync with the Earth's actual rotational time.

Leap Seconds are a periodic one-second adjustment of Coordinated Universal Time (UTC) in order to keep a system's time of day close to the mean solar time. However, the Earth's rotation speed varies in response to climatic and geological events; and due to this UTC leap, seconds are irregularly spaced and unpredictable.

The last leap second was inserted on June 30, 2015, and the next leap second insertion is scheduled on December 31, 2016, at 23:59:60 UTC.

The sequence of dates of the UTC second markers will be:    

2016 December 31, 23h 59m 59s
2016 December 31, 23h 59m 60s
2017 January 1, 0h 0m 0s

Details
Public

What Trend Micro products are affected?

Trend Micro’s Product Vulnerability Response and Service Engineering teams have conducted a thorough analysis of our products and services to identify if any technologies may be affected. They have confirmed that only Linux based products may be affected by the leap second and Windows based products are not affected.

The following Linux-based products have been found to be potentially affected by the upcoming leap second.  Fortunately, the workaround for most of these products is to temporarily disable NTP before December 31, 2016, to prevent any potential issues. For the remaining products, a hotfix or patch with an updated kernel may be required.

ProductVersionSolution
Deep Discovery Email Inspector2.0 GM, SP1 and SP2

As a workaround solution, disable ntp during the leap second:

  1. Log in to the DDEI web console.
  2. Go to Administration > System Settings.
  3. Click Time and enable the Set time manually option
Network VirusWall Enforcer3.0, 3.1, 3.2, 3.5

Workaround 1:

  1. Log in to the NVWE web console.
  2. Go to Administration Time Settings page.
  3. Select Use TMCM to update the time.
  4. Click Save.

Workaround 2:

  1. Log in to the NVWE web console.
  2. Goto Administration Time Settings page.
  3. Select  Use an NTP Server to update the time.
  4. Fill in an invalid NTP Server under the NTP setting.
  5. Click Save.

What Trend Micro products are NOT affected?

ProductVersionSolution
Control Manager6.0Windows will not handle leap second packet coming from NTP server. As a result, time on the Windows will be one second advanced than the actual time when the leap second is inserted. The time on the Windows will be adjusted gradually.
Deep Discovery Analyzer5.1, 5.5-
Deep Discovery Email Inspector2.5-
Data Loss Prevention5.5, 5.6-
Deep Security8.0, 9.0, 9.5, 9.6-
Deep Security as a Service9.0, 9.5, 9.6-
InterScan Messaging Security Virtual Appliance9.0-
InterScan Web Security Virtual Appliance (IWSVA)5.6, 6.5, 6.5 SP2

IWSVA is not impacted by leap second. OS may get xx:xx:60 (special time) if ntpdate command is invoked during the leap second, but second is not restricted between 00-59 in IWSVA. Therefore, the product will not be affected.

Here are the assessments for each known issue of RH6 kernel: Resolve Leap Second Issues in Red Hat Enterprise Linux. The issue is resolved in RHEL 6.3 kernel version 2.6.32-279. Since IWSVA uses higher kernel versions, it will not be affected.

OfficeScan (OSCE)11.0, XGOSCE programs only run on Windows so it will not be affected by leap second.
ScanMail for Exchange (SMEX)11.0SMEX will not be impacted. The date and time are retrieved from the system clock through an API, so it will update the one second difference when the Windows host gets it time update from the NTP server.
ServerProtect for Linux3.0ServerProtect for Linux is mainly for RedHat, CentOS and SUSE.
  • If NTP service is used for time sync, it's not affected by leap second.
  • If you are neither using NTP nor the right time zone with latest tzdata including the upcoming second information, it's also not affected.
  • If you are not using NTP, but using the right time zone with latest tzdata including the upcoming second information, it's affected.
Usually, Linux OS uses NTP service to synchronize time, thus ServerProtect may not be affected by leap second. However, for the 3rd scenario mentioned above, install ServerProtect for Linux (32-bit) Patch 6 before leap second to avoid the impact.
ServerProtect for Microsoft Windows/Novell Netware5.8There is no impact of leap second on SPNT 5.8.
Trend Micro SafeSync for Enterprise--
Smart Protection ServerAll-
Trend Micro Mobile SecurityAll-
Trend Micro Security for Mac (TMSM)2.0

Based on an article about Mac and leap second on 2008, the computers connected to Apple's time server will account for the leap second. Therefore, Mac machines will not be affected.

In addition, we didn't get any issue report for TMSM during the last leap second on June 30, 2015.

More information on why the Windows OS platform is not affected can be found here.

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and its impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact Technical Support or their authorized Trend Micro technical support representative for further assistance.

Additional References

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1111187
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.