Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Known issues in Deep Security 11.2

    • Updated:
    • 3 Oct 2018
    • Product/Version:
    • Deep Security 11.2
    • Platform:
    • N/A N/A
Summary

This article enumerates the possible issues that you may encounter when using the initial release build of Deep Security 11.2.

Details
Public

Below are the known issues in Deep Security Manager:

  • When using Deep Security Manager with containers that use an overlay network, Deep Security Manager may report a virtual network interface (e.g. vx-001000-93cfm or flannel.1) that should be invisible to Deep Security Manager.

    To address this issue, follow this article to set firewall rules: Necessary steps in Kubernetes environment for Deep Security.

  • In a Docker environment, when a host reboots, it gets a new NIC name and MAC address. When the said host is protected by a Deep Security Agent, the agent receives the new interface information and sends it to Deep Security Manager, which adds it as a new NIC name and MAC address pair, leading to extra unused interfaces listed in Deep Security Manager.
  • When the same container is loaded and unloaded quickly, it may reuse the conntrack that was established in the previous container's traffic. Deep Security could pass or block the traffic unexpectedly.
  • Beginning with JDK version 8u181, the JVM enforces endpoint identification for LDAPS connections by default. The JVM verifies the server address of an Active Directory connector against the server certificate Common Name (or subjectAltName, if it exists). As a result, if the existing Active Directory connector uses a server address that does not match the certificate CN (or subjectAltName), the connector won't be able to synchronize successfully.

    To avoid the issue, do one of the following:

    • When performing a fresh installation, always enable endpoint identification. You can manually enable the endpoint identification by changing the hidden setting "Disable endpoint identification for secure LDAP connection" to False.
    • When performing an upgrade, if any tenants have an existing Active Directory connector (for either a computer or a user) that connects using LDAPS, disable endpoint identification. If no Active Directory connector is found, endpoint identification is enabled by default.
  • When upgrading from Deep Security 11.0 or earlier to version 11.2 or later, Deep Security Manager does not apply auto-tagging to events that it receives approximately five (5) seconds before the service shuts down.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1121183
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.