Archived Workload Security release notes

You can find Workload Security release notes from previous years below. For current release notes, see What's new in Workload Security?.

2019 release notes

In 2019, Workload Security was referred to as Deep Security as a Service.


Date Type Release notes
Dec. 19 Enhancement Added the "sproc" field to Syslog events, which displays the name of the event's source process.
Dec. 17 Enhancement Added a Scheduled maintenance page that allows us to better communicate upcoming scheduled maintenance. Subscribe to the RSS feed above to ensure that you are not caught off guard by any upcoming maintenance by our team.
Dec. 17 Enhancement Any new attempt to add the same AWS integration (also known as "AWS connectors") to more than one Deep Security as a Service account using the same Cross-Account role will now be blocked. If you would like to add the same AWS integration to more than one Deep Security as a Service account you must use different Cross-Account roles or IAM keys in each case.
Dec. 17 Resolved issue The Save to File and Copy to Clipboard buttons were missing from Support > Deployment Scripts when Safari was used as the browser.
Dec. 17 Resolved issue If you added an AWS account to Deep Security Manager through Computers > Add Account, the computers sometimes failed to synchronize.
Dec. 10 Resolved issue In the Malware Scan Configurations window, the content of the Advanced tab was displayed in the General tab.
Dec. 10 Resolved issue Deep Security Manager had issues loading the computers trees on some pages when there were a lot of computers and folders.

November 2019

Date Type Release notes
Nov. 26 Enhancement Added the Validate the signature on the agent installer checkbox on Support > Deployment Scripts. For more information, see Check digital signatures on software packages.
Nov. 21 Enhancement Renamed the Service Token setting to Data Source GUID on Administration > System Settings > Managed Detection and Response.

Nov. 21 Enhancement Reduced the maximum number of computers displayed on the Computers page from 2000 to 500 to improve performance.
Nov. 21 Resolved issue When sorting the Alert Configuration window (Alerts > Configure Alerts) by the "ON" column, the number of alerts was sometimes incorrect.
Nov. 19 Resolved issue When a custom anti-evasion posture was selected in a parent policy (in the policy editor, go to Settings > Advanced > Network Engine Settings > Anti-Evasion Posture then select Custom), that setting did not appear in the child policies.
Nov. 14 New feature Deep Security as a Service now supports AWS PrivateLink. For details, see Deep Security support for AWS PrivateLink.
Nov. 14 New feature Deep Security Manager now has the option (Administration > System Settings > Agents > Automatically upgrade Linux/Windows agents on activation) to automatically upgrade the Deep Security Agent on Linux and Windows computers to the version specified in Administration > System Settings > Updates > Software > Agent Version Control when the agent is activated or reactivated.
Nov. 14 Enhancement If you add an AWS account to Deep Security Manager through Computers > Add Account, and then in AWS you launch a new AWS WorkSpace instance with an agent that has agent-initiated activation (AIA) enabled, the AWS Workspace is now added to the manager under the AWS account on activation. Previously, the Workspace was added under the root 'Computers' tree.
Nov. 14 Resolved issue Active Directory synchronization sometimes would not finish.
Nov. 12 Enhancement

Aggregated identical agent events in a single heartbeat under a single event.

This feature is being gradually rolled out.
Nov. 12 Enhancement Improved the "License Changed" event description by specifying if the plan ID is for Azure Marketplace billing.
Nov. 12 Resolved issue When Deep Security Manager was deployed in an environment with a large number of hosts and protection rules, the manager would sometimes load data for all hosts, even if the user only requested data from some of the hosts.
Nov. 7 Enhancement You can subscribe to the RSS feed for this page to get notifications when Deep Security as a Service is updated.
Nov. 5 Enhancement Improved the agent package import experience by making the warning message clearer.
Nov. 5 Enhancement Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager.
Nov. 5 Resolved issue If you added an amperstand symbol as the Folder Display Name for Smart Folders, the preview window crashed.

October 2019

Date Type Release notes
Oct. 31 Enhancement

Scheduled tasks have been enhanced:

  • On the last screen of the New Scheduled Task Wizard, 'Task enabled' has been renamed to 'Enable task'.
  • The 'Synchronize cloud account' task now indicates that it only supports vCloud and Azure accounts.
  • The Scheduled Tasks page now includes details for any 'Scan Computers for Malware' or 'Scan Computers for Integrity Changes' tasks that you have configured.
Oct. 31 Enhancement Deep Security Manager now includes a search bar under Administration > Updates > Software > Local.
Oct. 31 Enhancement You can now hide all empty AWS regions, VPCs, subnets, and directories on the Computers page to reduce clutter and increase page loading speed. To hide or display empty items on the Computers page, right-click an item in the tree structure and select the option you want to apply.
Oct. 31 Enhancement The Computers page now includes an Agent GUID column so you can search computers by Agent GUID.
Oct. 31 Enhancement In rare cases, the AWS Marketplace appliance fails to upgrade due to an error in an upgrade task responsible for removing any existing duplicate AWS connector groups. The upgrade task has been enhanced to make it more robust and decrease the possibility of failure.
Oct. 31 Resolved issue When certain Smart Folder search criteria were used, it threw the error: IllegalStateException.
Oct. 24 Enhancement Added the "Kernel Unsupported" system event to indicate if your computer has been upgraded to an unsupported kernel.
Oct. 24 Enhancement Added a reason ID for the "Manual Malware Scan Cancellation complete" system event. The reason ID is displayed in REST API calls, SNS information and SIEM information.
Oct. 24 Enhancement Renamed the scheduled task "AWS Billing Usage Task" to "Metered Billing Usage Task" because the task now applies to both AWS and Azure billing.
Oct. 8 New feature

Agent version control gives you and your security operations team control over the specific versions of the Deep Security Agent that can be used by features like deployment scripts and upgrade on activation. This provides increased control over the Deep Security Agent used in your environment. For more information, see Configure agent version control.

September 2019

Date Type Release notes
Sep. 26 Enhancement Added more information to the Malware Scan Cancellation system events about why the cancellation occurred. For more information, see System events.
Sep. 26 Resolved issue An incorrect log source identifier was sometimes sent for syslog events. 
Sep. 26 Resolved issue The events exported via AWS SNS did not contain the HostOwnerID, which corresponds to the AWS Account ID.  
Sep. 26 Resolved issue The system event "7024: Application Control Software Changes Detected" sometimes occurred when Application Control was not enabled. 
Sep. 24 Enhancement Added a new column to the system events table for storing the reason ID for scan failures. The reason ID will be displayed in REST API calls, SNS information and SIEM information.
Sep. 24 Enhancement Included the reason why an Anti-Malware scan exception failed in the system event.
Sep. 24 Enhancement Enhanced Deep Security Manager so it prevents you from importing duplicate Trusted Certificates.
Sep. 24 Resolved issue In the computer or policy editor in Deep Security Manager, under Anti-Malware > General > Real-Time Scan > Schedule > Edit, the Assigned To tab was sometimes empty, even when the schedule was assigned correctly to computers and policies.
Sep. 19 Enhancement Added a "Host GUID" column to the Computers page so you can search computers by the Host GUID.
Sep. 19 Resolved issue When an event-based task was created, two system events were generated.
Sep. 17 Enhancement Added AWS tags information to the "Computer Created" and "Computer Updated" system events.
Sep. 10 Enhancement When configuring auto-tagging for Application Control, the type of file hash in consideration (SHA-256) is now specified.
Sep. 10 Resolved issue Forwarding events "via Deep Security Manager" with SIEM event forwarding would not work if the Deep Security Manager hostname was not obtained through DNS resolution.
Sep. 3 Resolved issue Deep Security Manager did not prevent the creation of incompatible Intrusion Prevention configurations.

August 2019

Date Type Release notes
Aug. 29 Issue When an invalid or unresolvable SNMP server name was configured in Administration > System Settings > Event Forwarding > SNMP, it caused SIEM & SNS to also fail.
Aug. 27 New feature Extended support to Google Cloud Platform (GCP). We now provide the option to add a GCP account and managed GCP instances. Note that this feature is being released gradually and may not be available in your environment yet.
Aug. 27 Enhancement Added the Azure Metered Billing Report for Azure Marketplace Pay as you Go billing. You can generate the report in Events & Reports > Generate Reports > Single Reports.
Aug. 27 Resolved issue Inline synchronization for Amazon WorkSpaces sometimes did not work because Deep Security Manager used the availability zone as the region name.
Aug. 27 Resolved issue System events were not working properly for Azure Billing tenant account changes.
Aug. 27 Resolved issue

Using a local key secret containing the "$" symbol stopped the upgrade or fresh install of Deep Security Manager.

Aug. 27 Resolved issue Resetting Integrity Monitoring overrides showed the overrides as reset in Deep Security Manager but retained the overridden configuration in the policy.
Aug. 22 Resolved issue Security events were not able to be sent to Managed Detection and Response.
Aug. 20 Enhancement Deep Security as a Service accounts using Azure Metered Billing are now moved to Freemium when canceling their subscriptions.
Aug. 20 Enhancement When a computer is rebooted because of a reboot required alert, the Deep Security Manager system event and alert will have a corresponding "Alert Ended" event instead of "Error Dismissed" events.
Aug. 20 Resolved issue Reconnaissance alerts could not be disabled because the option was not available.
Aug. 20 Resolved issue Deep Security Manager showed many “Internal Software Error” system events when "Events Retrieved" and "Agent/Appliance Error" were not recorded in Administration > System Settings > System Events
Aug. 15 Enhancement Added a link to Your Account > Account Details > Upgrade to Paid for free trial users that redirects to the Deep Security as a Service offer on Azure Marketplace for Pay as You Go billing.
Aug. 15 Enhancement Added Bahrain as a new region in AWS.
Aug. 15 Resolved issue In Deep Security Manager, under Policies > Intrusion Prevention Rules > Application Types > (select DNS client) > Properties > General, the Port setting would change to "Any" after any updates to the port list.
Aug. 15 Resolved issue In Malware Scan Configurations, when the scan type was Manual/Scheduled, the "Spyware/Grayware Scan Enabled" column always displayed "N/A".
Aug. 15 Resolved issue When scheduling a monthly scheduled task, the "Next Run" time was a day later than expected.
Aug. 15 Resolved issue Scheduled task scans could be initiated by a user for computer groups that they do not have access to in their roles, which caused an error to occur.
Aug. 15 Resolved issue Deep Security Agent sometimes went offline when duplicate virtual UUIDs were stored in the database.
Aug. 08 New feature Added Managed Detection and Response to Deep Security as a Service. You can configure this feature on Administration > System Settings > Managed Detection and Response.
Aug. 08 Resolved issue Selecting "Security updates only" as the update content for a relay group on Administration > Updates > Relay Management > Relay Group Properties did not work as expected.
Aug. 06 Enhancement Updated AWS account addition error messages to be more specific and include Help Center link.
Aug. 06 Resolved issue The latest kernel update for some Linux operating systems, including Red Hat Enterprise Linux 7 and Amazon Linux, made a change that caused failures during agent-initiated communication heartbeats
Aug. 01 Resolved issue The "Recommended for Unassignment" filter on the Intrusion Prevention Rules page sometimes did not correctly filter rules.
Aug. 01 Resolved issue

Deep Security as a Service stopped displaying the alert "Agent/Appliance Upgrade Recommended (New Version Available)", even though the agent had not been upgraded.

July 2019

Date Type Release notes
Jul. 30 Enhancement Enhanced the "Malware Scan Failure" event description to indicate the possible reason for failure.
Jul. 30 Enhancement Added support for migration from the legacy Azure Marketplace offer to the new Azure Marketplace Consumption offer.
Jul. 30 Resolved issue In the Computer report, changed wording from "Latest Scan" to "Latest Port Scan".
Jul. 25 Enhancement Deep Security as a Service displays a warning banner when a relay is older than version 12.0.
Jul. 25 Resolved issue The Actions page would fail to load for some browsers in certain timezones.
Jul. 23 Resolved issue Deleting quarantined files from Deep Security as a Service resulted in a failure event.
Jul. 16 New feature Added Azure Marketplace Metered Billing to Deep Security as a Service.
Jul. 16 Resolved issue Deep Security Manager was slow showing the details of a system event.
Jul. 16 Resolved issue A NullPointerException resulted in an agent communication failure.
Jul. 11 Resolved issue Application Control events did not include a "Size" column
Jul. 11 Resolved issue The Alert Status widget sometimes showed the wrong total numbers.
Jul. 11 Resolved issue When the Computers page was grouped by status, it sometimes didn't display the correct total number of computers for each group.
Jul. 09 Enhancement Refined the malware scan cancellation event description to indicate that it may be caused by the computer rebooting or shutting down.
Jul. 09 Enhancement Updated Deep Security Manager so it allows a security update to proceed when the Deep Security Agent software upgrade has been scheduled for a later time. This ensures Deep Security Agents always have the latest security rules and patterns.
Jul. 09 Resolved issue New groups added to an AWS connector were not inheriting the existing permissions assigned to that connector.
Jul. 09 Resolved issue Two tagging-related counters under the Additional Information section on Administration > System Information were not being incremented.
Jul. 09 Resolved issue Viewing a run once scheduled task where the next run time was N/A would result in an Internal Server Error.

June 2019

Date Type Release notes
Jun. 25 Enhancement Event Based Tasks property description now updates immediately in properties the window.
Jun. 25 Resolved issue On the Deep Security Manager dashboard, the Software Updates widget always displayed results for all computers, even when the dashboard was filtered to display a subset of computers.
Jun. 25 Resolved issue The scheduled scan "Scan Computers for Integrity Changes" failed when the target host was set to "Group".
Jun. 25 Resolved issue When the Deep Security Manager refreshed, the information provided by "Last IP Used" and "Last communication time" on the Computers details page disappeared.
Jun. 25 Resolved issue Non-activated computers under an Azure account had the incorrect platform name.
Jun. 20 Resolved issue When a policy was assigned to a large number of computers, it sometimes took a long time to load the "Intrusion Prevention" tab in the policy editor.
Jun. 13 Enhancement Improved the description of the Malware scan failure event by adding more details.
Jun. 13 Enhancement Added three new statuses in the Azure registration status list.
Jun. 13 Resolved issue Deep Security Manager referred to Amazon Simple Notification Service instead of AWS Simple Notification Service.
Jun. 13 Resolved issue On the day that Daylight Saving Time occurs, a weekly scheduled task was possibly triggered twice in Deep Security Manager.
Jun. 06 Enhancement Updated Deep Security Manager to clean up homeless EC2 hosts if they fail at rehoming and are not able to talk to Deep Security Manager for three days.
Jun. 06 Resolved issue Failures were caused by the AWS connector synchronizations running longer than one hour and using cross account role authentication.
Jun. 06 Resolved issue SUSE Enterprise Server 15 was displayed as SUSE Enterprise Server when computers were added by AWS connector.
Jun. 06 Resolved issue Users with select computer permissions could not create certain scheduled tasks.
Jun. 06 Resolved issue The Solaris Deep Security Agent deployment script did not support Solaris 10 Update 4 and Solaris 11.4.

May 2019

Date Type Release notes
May 30 Enhancement Failures occurred during AWS connector synchronizations that ran longer than 15 minutes and used cross-account role authentication.
May 30 Resolved issue Several issues occurred for the Auto-Tag Rules page of any protection module on Events & Reports > Events, depending on how the columns were sorted.
May 30 Resolved issue System events took too long to appear on Deep Security Manager.
May 30 Resolved issue Unnecessary scheduled task information was sent to agents.
May 16 Enhancement Added the FileSize attribute to the Application Control event description sent to SNS.
May 16 Enhancement Improved Amazon WorkSpaces state mapping.
May 16 Resolved issue Viewing certain alerts resulted in an "Internal Server Error" page.
May 16 Resolved issue The Deep Security Manager contains links for more information about the Trend Micro Smart Protection Network. Those links pointed to an outdated URL.
May 09 Enhancement Added the Azure and AWS Cloud IDs for each host to the Security Module Usage Report.
May 09 Enhancement Enabled the "Product Usage Data Collection" setting by default. This can be disabled on Administration > System Settings > Advanced of the Deep Security Manager
May 09 Enhancement Renamed "Recurring Reports" (located under Events & Reports > Generate Reports) to "Scheduled Reports" to make its purpose clearer.
May 09 Resolved issue Intrusion Prevention events with no rule ID incorrectly showed the default severity as an empty string instead of "N/A".
May 09 Resolved issue When generating multiple reports simultaneously, the report data was sometimes incorrect.
May 09 Resolved issue When a Deep Security tenant name contained double-byte characters, the TrendMicroDSTenant syslog field would contain the tenant ID instead of the tenant name
May 09 Resolved issue The error message for an incorrect application password in Azure connector was imprecise.
May 09 Resolved issue Some Azure Virtual Machine types were categorized incorrectly which caused the billing of Azure Virtual Machines through Deep Security as a Service to be inaccurate.

April 2019

Date Type Release notes
Apr. 18 Enhancement When creating a smart folder, you can now select "Version" as the filter criteria to filter computers based on their Agent version.
Apr. 18 Enhancement Scheduled Tasks to "Check for Security Updates" now have an optional timeout field, which is used to select the window of time after the scheduled start time in which security updates may be started.
Apr. 11 Enhancement Enhanced the AWS connector to improve robustness and availability when used with highly dynamic, large scale environments.
Apr. 11 Resolved issue False alerts regarding the license expiration were occasionally raised.
Apr. 11 Resolved issue The total number displayed on the Recurring Reports page was incorrect.
Apr. 11 Resolved issue The event-based task that assigned a policy to AWS Workspaces did not function when "Cloud Account Name" was used as a condition.
Apr. 04 Enhancement When creating a smart folder, you can now select "Task(s)" as the filter criteria, which filters for values displayed in the "Task(s)" column on the Computers page. For example, you could create a smart folder that lists all computers that contain "Scheduled Malware Scan Pending (Offline)" as the task. Additionally, if you are using the Deep Security API to search for computers, you can now search on the value of the tasks/agentTasks and tasks/applianceTasks fields.
Apr. 04 Enhancement Removed the wizard that allowed a precheck for computers that required a reboot and generated a list of results in CSV format.

March 2019

Date Type Release notes
Mar. 21 Enhancement Added platform version information in the Software page to distinguish between SuSE 11 and SuSE 12.
Mar. 21 Resolved issue Alerts associated with hosts did not show the host information in the Target field of the Alerts page. Additionally, an Internal Server Error is displayed on the Alert detail page if the linked host was deleted.
Mar. 21 Resolved issue The Deep Security Manager showed "Internal server error" when browsing the hosts in the Computers page.
Mar. 21 Resolved issue When a policy was created based on a relay-enabled agent, the policy contained the relay state. All agents that were assigned with the policy automatically became relays.
Mar. 21 Resolved issue When scrolling through Events & Reports > Generate Reports > Single Report, the bottom section floated which obscured the controls behind it.
Mar. 21 Resolved issue Amazon SNS settings were not saved when reverting to the basic SNS configuration from the JSON SNS configuration.
Mar. 14 Enhancement Removed Azure 'Quick' mode. Previously, the Add Azure Account wizard in Deep Security as a Service included the ability to select a Quick mode and an Advanced mode. In this release, Quick mode has been removed because it required giving excessive permissions to Deep Security as a Service. If you used Quick mode in prior releases, there is no impact to your deployment.
Mar. 14 Enhancement Updated event based tasks so that patterns that match negative regular expressions yield more accurate matches.
Mar. 14 Resolved issue The generated Windows deployment script had a syntax error when a proxy server was selected to contact Deep Security Manager.
Mar. 14 Resolved issue The total number displayed on the Recurring Reports page was incorrect.
Mar. 14 Resolved issue On the Deep Security Manager Dashboard, the Software Updates widget always displayed all computers and could not be filtered.
Mar. 14 Resolved issue System events in the Computer details page did not load properly.
Mar. 14 Resolved issue Parent group permissions were not inherited in sub-groups for the Azure Connector.
Mar. 07 Enhancement Updated the Deep Security Manager so it can distinguish whether or not a reboot is required after a Deep Security Agent upgrade. When the agent software requires an upgrade, you can view the number of computers that must be rebooted to complete the upgrade, and the number that do not. You can choose to proceed immediately with the respective upgrades, or schedule the upgrades for a more appropriate time. A list of computers and their precheck results can be saved in CSV format.
Mar. 07 Resolved issue If you have a large number of computer groups and policies and clicked Events & Reports > Generate Reports and then quickly switched to the "Recurring Reports" tab before the initial page was fully loaded, Deep Security Manager would display a spinner but the "Recurring Reports" tab was not populated unless the customer returned to the "Single Report" tab and allowed enough time for it to fully load. In this release, the Deep Security Manager console has been improved. Instead of presenting "Single Report" and "Recurring Reports" as tabs on the "Generate Reports" page, they are now separate items under "Generate Reports" in the navigation pane, which allows you to access them independently. The solution also makes the initial response of the "Single Report" page visible to the user much earlier and loads the necessary content on demand, significantly reducing latency.
Mar. 07 Resolved issue Deployment of the Deep Security Agent on Amazon Linux 2 WorkSpaces sometimes failed.
Mar. 07 Resolved issue The "Deep Security Protection Module Failure" error was not automatically dismissed after a successful upgrade.

February 2019

Date Type Release notes
Feb. 14 Enhancement Changed the file format of the database export in the Deep Security Manager diagnostic package from XML to CSV. CSV files help to reduce memory and CPU demand when generating diagnostic packages and result in much smaller file sizes.
Feb. 14 Enhancement Added a system event for when a computer needs to be rebooted to complete the Deep Security Agent software upgrade.
Feb. 14 Enhancement Updated the "Task(s)" column on Computers to indicate if a computer requires a reboot to complete an agent upgrade.
Feb. 14 Resolved issue UNC paths could not be added to Anti-Malware > Advanced > Behavior Monitoring Protection Exceptions.
Feb. 07 Enhancement Added field trimming to some Log Inspection and Anti-Malware event fields.
Feb. 07 Enhancement Updated the system event for policy changes. Anti-Malware configurations in a system event will now show the correct state of each configuration.
Feb. 07 Resolved issue In Deep Security Manager, when you went to Events & Reports > Events > Anti-Malware Events > Identified Files and did an advanced search by Computer IP address, computers with the incorrect IP address were displayed.
Feb. 07 Resolved issue When an Integrity Monitoring event was forwarded to a syslog server, source user information was not included.
Feb. 07 Resolved issue When AWS connector synchronization occurred with a large amount of instances to be deleted, the deletion occasionally failed and resulted in some terminated instances remaining on Computers in the Deep Security Manager.

January 2019

Date Type Release notes
Jan. 31 Enhancement Added an error message to the "Generate an API Key for the Tenant" endpoint that displays if a tenant is not in an active state.
Jan. 31 Resolved issue System events reported an incorrect module status when changes to the inherited policies were made.
Jan. 24 Resolved issue Performing an advanced search on an empty string value would not return all results when using an Oracle database.
Jan. 24 Resolved issue AWS classic instances were being added to the root group instead of the connector.