TO DISPLAY OR HIDE COMMENTS FOR WRITERS INLINE ON THE PAGE, EDIT THE p.writer-instructions <STYLE> ELEMENT AS FOLLOWS:

p.writer-instructions {

    display: none;         <- HIDE THE COMMENTS

}

p.writer-instructions {

    display: block;         <- DISPLAY THE COMMENTS

}

Trend Micro Incorporated
September 2024

For example, December 21, 2017

Trend Micro™ Deep Discovery Analyzer 7.6

NOTICE: This Readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at http://docs.trendmicro.com.

TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at https://clp.trendmicro.com/FullRegistration?T=TM.

1. About Deep Discovery Analyzer

Trend Micro™ Deep Discovery Analyzer™ is an open, scalable sandboxing analysis platform that provides on-premises, on-demand analysis of file and URL samples.

Deep Discovery Analyzer supports out-of-the-box integration with Trend Micro products such as InterScan Messaging Security, InterScan Web Security, ScanMail for Microsoft Exchange, ScanMail for IBM Domino, Deep Discovery Inspector, and Deep Discovery Email Inspector. Deep Discovery Analyzer also processes samples manually submitted by threat researchers and incident response professionals.

An open Web Services Interface enables any product or process to submit samples and obtain detailed results in a timely manner. Custom sandboxing supports environments that precisely match target desktop software configurations resulting in more accurate detections and fewer false positives.

If available, use the 50-word description provided by Marketing.

CAUTION: These descriptions sometimes contain errors, such as word usage or grammar mistakes. If needed, edit the text before you paste it into your file. Verify that the information is current by checking with Marketing.

Back to top

2. What's New

See Chapter 1 of the Administrator's Guide or visit the following page for a list of new features and enhancements in this release:

https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-analyzer-76-whats-new

For a list of key features, see Chapter 1 of the Administrator's Guide or visit the following page:

https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-analyzer-76-features-and-benefit

 

This section describes the new functions/features. Content can be lifted directly from the Admin Guide.

Back to top

3. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

Delete the documentation that does not apply for this product.

In addition to this Readme file, the documentation set for this product includes the following:

• Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Analyzer. To access the Online Help, go to http://docs.trendmicro.com.

• Installation and Deployment Guide (IDG): A PDF document that contains information about requirements and procedures for planning deployment, installing Deep Discovery Analyzer, and using the Preconfiguration Console to set initial configurations and perform system tasks.

• Administrator's Guide (AG): A PDF document that contains detailed instructions on how to configure and manage Deep Discovery Analyzer, and explanations on Deep Discovery Analyzer concepts and features.

• Syslog Content Mapping Guide (SG): A PDF document that provides information about log management standards and syntaxes for implementing syslog events in Deep Discovery Analyzer.

• Quick Start Card (QSC): User-friendly instructions on connecting Deep Discovery Analyzer to your network and on performing initial configurations.

• Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://success.trendmicro.com.

Back to top

4. System Requirements

Include only appropriate requirements for your product.

For Enterprise agent-server products, list the size of the package that will be deployed to each agent, both 32-bit and 64-bit. This way, customers know the bandwidth requirements for remote machines.

Trend Micro provides the Deep Discovery Analyzer appliance hardware. No other hardware is supported.

See the Installation and Deployment Guide for a list of system requirements.

Include only appropriate requirements for your product. For Enterprise agent-server products, list the size of the package that will be deployed to each agent, both 32-bit and 64-bit. This way, customers know the bandwidth requirements for remote machines.

Example:

Size of Deployment Package

32-bit OS (i.e. Windows XP, Windows 2003...) = 100MB

64-bit OS (i.e. Windows XP, Windows 2008) = 90MB

Size of the new install package (32/64-bit) via Agent Packager Tool

MSI Package (Conventional Scan) = 100 MB

MSI Package (Smart Scan) = 90 MB

Setup Package (Conventional Scan) = 80 MB

Setup Package (Smart Scan) = 80 MB

Estimated size (in terms of bandwidth) per agent

32-bit agent total = 757 KB

64-bit agent total = 1004 KB

TIP: For Small Business agent-server products, only include estimated size (in terms of bandwidth) to reduce the complexity for customers.

If you do need to list system requirements:

List the minimum/recommended requirements for running the product. Content can be lifted directly from the Installation Guide.

Avoid writing "and above" or "later" or other text to imply that the product works with future software versions. It's impossible to validate that a product works correctly with future versions. If the system requirements that you receive from QA include "and above" or similar text, challenge them.

Back to top

5. Installation or Upgrade

Only provide step-by-step instructions if not documented or if different from the information in the Installation Guide or Getting Started Guide.

1. Mount the appliance in a standard 19-inch 4-post rack, or on a free-standing object, such as a sturdy desktop.
   Note: When mounting the appliance, leave at least two inches of clearance on all sides for proper ventilation and cooling.
   
   
2. Connect the appliance to a power source.
   
   
3. Connect the monitor to the VGA port at the back of the appliance.
   
   
4. Connect the keyboard and mouse to the USB ports at the back of the appliance.
   
   
5. Connect the Ethernet cables to the management and custom ports.
   • Management port: A hardware port that connects Deep Discovery Analyzer to the management network
   • Custom port: A hardware port that connects Deep Discovery Analyzer to an isolated network dedicated to sandbox analysis
     
     
6. Power on the appliance.
   

For detailed installation procedures, see the Installation and Deployment Guide.

Back to top

6. Post-Installation Configuration

Only provide step-by-step instructions if not documented or if different from the information in the Installation Guide or Getting Started Guide.

Explain what the customer should do after the installation. This could include additional steps, for example:

Restart the HTTP and FTP scanner services using the Control Panel.

If no further action required, write the following:

1. On the preconfiguration console logon screen, type the following default logon credentials:
   • User name: admin
   • Password: Admin1234!
     
     
   Note: The typed password characters do not appear on the screen.
   
   
2. Select Configure appliance IP address and press Enter.
   
   
3. Specify the following network settings.
   • IPv4 address: Must not conflict with the Virtual Analyzer addresses and custom sandbox network address
   • Subnet mask
   • IPv4 Gateway: Must be in the same subnet as the IPv4 address
   • IPv4 DNS 1: Same requirements as IPv4 address
   • IPv4 DNS 2 (Optional): Same requirements as IPv4 address
     
     
4. Press Tab to navigate to Save, and then press ENTER. The Main Menu screen appears after the settings are successfully saved.

For additional configuration procedures, see the Getting Started chapter in the Administrator's Guide or visit the following page:

https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-analyzer-76-getting-started

Include advice to register the product and update. Use the following boilerplate text if appropriate for your product.

Back to top

7. Known Issues

Describe things that are still not working or are causing a problem. Do not describe what caused the problem; only include the symptom the customer would have seen, and say it's been fixed.

Do not describe every known issue; describe only the major issues.

Describe how to resolve the problem or at least how to work around it if possible.

If the readme is for a beta release, review the list of issues before sending out the final readme - some of the issues may have been fixed and should no longer appear in the list.

Known issues in this release:

Example:

7.1 Scan issue(s)

a. The Manual Scan progress screen may display directories not specified as scan target.

b. Scan exclusion settings for spyware/grayware are disregarded after installation.

7.2 Citrix integration issue

When the "Client Console Access Restriction" is disabled on a Citrix server, notification messages display simultaneously in each logon session.

1. When a secondary appliance is configured as the new primary appliance of a cluster and it does not use the IP address of the previous primary appliance, the following occurs:
   • If the previous primary appliance was registered on a Trend Micro Control Manager server, the new primary appliance is not registered.
   • Any products integrated with the previous primary appliance are not integrated with the new primary appliance. The products cannot submit samples and they are not able to get the suspicious objects list.
   • The secondary appliances of the cluster are not registered in the new primary appliance.
     
     
2. The cloud sandbox setting is automatically disabled when the license expires and it is not automatically enabled when the license is renewed.
   
3. After the primary appliance of a cluster becomes inoperable and a secondary appliance from the cluster is configured to be the new primary appliance, the following occurs:
   • All samples that were being analyzed when the primary appliance becomes inoperable do not have an analysis result.
   • Any configuration changes made on the primary appliance within one day of it becoming inoperable may not synchronize with the secondary appliances in the cluster.
     
     
4. If the system time is modified during sample processing, the "Submissions" screen may display negative values for processing time and queued time.
   
   
5. Control Manager is unable to receive suspicious object information if Deep Discovery Analyzer is reinstalled and configured using the same IP address. Register the appliance again on the Control Manager console.
   
   
6. High availability does not function if the direct connection between active primary and passive primary appliances (via eth3) is interrupted.
   
   
7. If the passive primary appliance is detached from the active primary appliance and both remain powered on, the appliances send duplicate data to other servers (such as syslog and backup servers). Reinstall the Deep Discovery Analyzer software on the detached appliance to use it as a standalone appliance.
   
   
8. Deep Discovery Analyzer may send duplicate email notifications if the system time is set backward.
   
   
9. The following issues occur once after the system time is modified:
• If the system time is set backward:
  - Deep Discovery Analyzer may not automatically generate operational reports in one schedule period. Generate reports manually when necessary.
  - Event counts on submission page and widgets may be inconsistent.
• If the system time is set forward, Deep Discovery Analyzer generates duplicate operational reports.
  
  
10. If an offline passive primary appliance is removed from the cluster and then used as a standalone appliance, it will have the same UUID as another existing appliance. Reinstall the Deep Discovery Analyzer software to use the removed appliance as a standalone appliance.
    
    
11. The Dashboard screen has the following limitations:
    • Widgets may not appear in the correct order after the tab layout is changed.
    • Reposition the widgets manually if necessary.
    • Some widgets do not support the auto-fit function.
      
      
12. Deep Discovery Analyzer may delete an image if the appliance is restarted while Virtual Analyzer is configuring the instances of that image.
    
    
13. Virtual Analyzer reports (PDF) may contain incorrect page breaks.
    
    
14. SNMP settings cannot be configured on clustered (passive primary and secondary) Deep Discovery Analyzer appliances. These settings are automatically synced from the active primary appliance and
    will cause a SNMP server to receive identical device location information from all cluster nodes.
    
    
15. No SNMP trap messages are sent for alerts that have been disabled on the management console.
    
    
16. When performing sandbox analysis using a Windows 10 RS3 or later, Windows 10 20H1, Windows 10 20H2, Windows 10 21H1, Windows 10 21H2, Windows 10 22H2, Windows 11 21H2, Windows 11 23H2, Windows Server 2016, Windows Server 2019, or Windows Server 2022 image that requires higher system resources, the performance of Deep Discovery Analyzer may be affected. Trend Micro recommends you contact Technical Support to evaluate the system load capacity on Deep Discovery Analyzer before using a Windows 10 20H1, Windows 10 20H2, Windows 10 21H1, Windows 10 21H2, Windows 10 22H2, Windows 11 21H2, Windows 11 23H2, Windows Server 2016, Windows Server 2019, or Windows Server 2022 sandbox environment for analysis.
    
    
17. Using a proxy server configured with multiple accounts where each account uses a different authentication method may prevent some Deep Discovery Analyzer modules from connecting to that proxy server.
    
    
18. If an ICAP client submits a sample with HTTP compression and you select the "Enable MIME content-type validation" option on the "ICAP" screen, Deep Discovery Analyzer will still perform an ICAP pre-scan on the sample.
    
    
19. After importing the Certificate Revocation List (CRL) that revokes the certificate of the Smart Protection Server on Deep Discovery Analyzer, the system always indicates a successful status for the following connection tests, even when CRL checking is enabled:
    • Community File Reputation
    • Community Domain/IP Reputation Service
    • Web Reputation Services
      
    
    
20. If you restart Deep Discovery Analyzer when updating an image group name, the system might display "0" as the instance number on the Images screen. Change the image name again to view the actual instance number.
    
    
21. The network share scan feature in Deep Discovery Analyzer does not support non-UTF-8 encoded files or folder names on Server Message Block (SMB) file servers. To allow Deep Discovery Analyzer to effectively detect potentially malicious files on network shares, it is recommended you use UTF-8 encoded files and folder names on SMB file servers.
    
    
22. When data backup is enabled for analysis results in a cluster configuration and Deep Discovery Analyzer is unable to back up data in real-time due to a slow network connection or high volume of sample data, changing the storage location for analysis results on the "Storage Maintenance" screen may cause an unsuccessful backup for subsequent submissions.
    To prevent this issue, it is recommended you do the following:
    • On the "Storage Maintenance" screen, configure Deep Discovery Analyzer to back up only high risk samples to reduce data volume.
    • Before changing the storage location settings on the "Storage Maintenance" screen, wait until the "Last backup" time is close to the current time on the "Data Backup" screen.
    
    
23. When you configure the Storage Maintenance settings to store analysis results in both the primary and secondary nodes in a cluster and try to delete submission entries on the Completed or Unsuccessful tab, submission entries cannot be removed from a secondary node due to one of the following:

• The sample was analyzed in the secondary node but the connection to the node is not available.
• The sample was first analyzed in secondary node A and was re-analyzed in another node. The associated analysis results in secondary node A will not be deleted.
• The sample was analyzed in the secondary node and you change the settings to store analysis results only in the primary node.

When you set the secondary node as the primary node, you can manually delete the submission entries. In addition, Deep Discovery Analyzer performs automatic log purge based on the settings you configure on the System Maintenance > Storage Maintenance tab.

24. For file samples or paths containing MBCS (Multi-Byte Character Set) characters on Microsoft Azure Blob, Deep Discovery Analyzer may not perform the "Move files" or "Rename detected files" action on samples for network share scanning due to the URL encoding process that may increase the URL length beyond the maximum length allowable (2048 characters). When this issue occurs, the system displays the detected file samples on the "Network Shares > Unsuccessful Scans" screen with the "Unable to move and/or rename file" error type.

To prevent this issue, avoid using long file names or paths containing MBCS (Multi-Byte Character Set) characters.

25. Deep Discovery Analyzer supports only the AES encryption method for SNMPv3 configuration with authentication and privacy.
    
    
26. When Deep Discovery Analyzer is unregistered from Trend Vision One while analyzing samples from Trend Vision One, the analysis for the samples times out in Trend Vision One.
    
    
27. For Deep Discovery Analyzer installation on hardware model 1100, the system may not display properly on a monitor connected to the appliance using a VGA connector. When this issue occurs, connect to the appliance on the serial port or through iDRAC to perform the installation.
    
    
28. Deep Discovery Analyzer 7.6 does not support installation through the serial port on hardware model 1300.
    
    
29. When installing Deep Discovery Analyzer 7.6 through iDRAC using the Map CD/DVD of Virtual Media option, the installation may not be successful. In this case, you can perform the installation using the Remote File Share on Virtual Media setting.

Back to top

8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

http://www.trendmicro.com/us/about-us/contact/index.html

NOTE: This information is subject to change without notice.

Back to top

9. About Trend Micro

Smart, simple, security that fits

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2024, Trend Micro Incorporated. All rights reserved.

Substitute trademarks specific to your product for the %%%.

Trend Micro, the Trend Micro logo, Deep Discovery, Deep Discovery Analyzer, Apex One, Apex Central, Trend Micro Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.

Back to top

10. License Agreement

View information about your license agreement with Trend Micro at:

http://www.trendmicro.com/us/about-us/legal-policies/license-agreements

Third-party licensing agreements can be viewed in the Deep Discovery Analyzer management console by going to the Help > About screen.

Back to top