Deep Security 9.5 Service Pack (SP) 1 Patch 3 is now available in Trend Micro Download Center. Customers are encouraged upgrade to the most recent version to take full advantage of new features and performance enhancements.
This release includes the following:
- Deep Security Network Engine has been enhanced to choose Anti-Evasion Settings for the Intrusion Prevention System.
- The Deep Security Filter Driver is enhanced to avoid the ESXi purple error code screen problem.
- This release introduces a new setting to configure the timeout value for Deep Security Virtual Appliance Recommendation Scanning.
- This also resolves the issues from previous releases, including the Deep Security Agent unexpected restart issue.
To upgrade to the latest version:
- Upgrade the database schema using the following article: Manually updating the Deep Security Manager (DSM) database schema.
- Once the database schema change/migration is completed, run the installer to upgrade the Deep Security Manager to Patch 3.
Below are the links to the file locations:
For reference, here are the previous patches for Deep Security 9.5 SP1:
Deep Security 9.5 SP1 Patch 2 includes the following enhancements:
- By default, the DSM console uses TLSv1, TLSv1.1, TLSv1.2 protocols to communicate with port 4119. It is now permitted to use any of these for communication.
- This release introduces the new DSM upgrade process.
- This resolves some critical issues previously found in Deep Security Virtual Appliance (DSVA) and Deep Security Agent (Linux).
Make sure to upgrade first the database schema before running the installer for DSM 9.5 SP1 Patch 2.
Prior to DSVA upgrade, ensure that Deep Security Filter Driver 9.5 SP1 Patch 2 (9.5.3.4507) is upgraded.
Deep Security 9.5 SP1 Patch 1 includes the following enhancements:
- The Deep Security Network Engine has been enhanced to handle Maximum TCP/UDP connections. This drastically reduced the Out of Connection issues found in heavy load environments.
- Self-protection is enhanced to provide more protection of the Deep Security Agent service.
- Resolves the issue in importing software packages. Refer to this article for more information: Unable to import the latest Kernel support package in the Deep Security Manager (DSM) console.
- The Deep Security Manager's debug level logging is now enabled without restarting the DSM service.
- This patch includes the fix for CWE-331 Insufficient Entropy issue.
During the installation of DSM 9.5 SP1 Patch 1, depending on its size, the upgrade process for Microsoft SQL Server-based installations can take an extremely long time. Please do NOT stop or restart DSM service until the upgrade is completely finished. It is strongly recommended that administrators make a backup of their entire Deep Security Manager database before attempting an upgrade, as well as highly encouraged to first consult with technical support for further assistance as well.
Before upgrading Deep Security Virtual Appliance and Notifier 9.5 SP1 Patch 1, make sure that the Deep Security Filter Driver 9.5 SP1 Patch 1 (9.5.3.4000) is upgraded.
For more information about this release, refer to the DSM 9.5 SP1 Patch 1 Readme file.