TO DISPLAY OR HIDE COMMENTS FOR WRITERS INLINE ON THE PAGE, EDIT THE p.writer-instructions <STYLE> ELEMENT AS FOLLOWS:
p.writer-instructions {
display: none; <- HIDE THE COMMENTS
}
p.writer-instructions {
display: block; <- DISPLAY THE COMMENTS
}
Trend Micro Incorporated December 2023
For example, December 21, 2017
NOTICE: This Readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at http://docs.trendmicro.com.
TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at https://clp.trendmicro.com/FullRegistration?T=TM.
1. About Deep Discovery Email Inspector
2. What's New
6. Post-Installation Configuration
7. Known Issues
Trend Micro™ Deep Discovery Email Inspector™ stops sophisticated targeted attacks and cyber threats by scanning, simulating, and analyzing suspicious links and attachments in email messages before they can threaten your network. Designed to integrate into your existing email network topology, Deep Discovery Email Inspector can act as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance silently monitoring your network for cyber threats and unwanted spam messages.
If available, use the 50-word description provided by Marketing.
CAUTION: These descriptions sometimes contain errors, such as word usage or grammar mistakes. If needed, edit the text before you paste it into your file. Verify that the information is current by checking with Marketing.
This release includes the following additional features and enhancements:
The interface for the Dashboard has been improved to enhance user experience.
The Virtual Analyzer has been enhanced to support new file types (.shtml and .one) for sandbox analysis.
This release of Deep Discovery Email Inspector includes the Virtual Analyzer Sensors (Linux) component for malware detection.
For a list of new features and enhancements in the base release, see Chapter 1 of the Administrator's Guide or visit the following page:
For a list of key features, see Chapter 1 of the Administrator's Guide or visit the following page:
This section describes the new functions/features. Content can be lifted directly from the Admin Guide.
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
Delete the documentation that does not apply for this product.
In addition to this Readme file, the documentation set for this product includes the following:
Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Discovery Email Inspector. To access the Online Help, go to http://docs.trendmicro.com.
Installation and Deployment Guide (IDG): A PDF document that contains information about requirements and procedures for planning deployment, installing Deep Discovery Email Inspector, and using the Preconfiguration Console to set initial configurations and perform system tasks.
Administrator's Guide (AG): A PDF document that contains detailed instructions on how to configure and manage Deep Discovery Email Inspector, and explanations on Deep Discovery Email Inspector concepts and features.
Syslog Content Mapping Guide (SG): A PDF document that provides information about log management standards and syntaxes for implementing syslog events in Deep Discovery Email Inspector.
Quick Start Card (QSC): User-friendly instructions on connecting Deep Discovery Email Inspector to your network and on performing initial configurations.
Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://success.trendmicro.com.
Include only appropriate requirements for your product.
For Enterprise agent-server products, list the size of the package that will be deployed to each agent, both 32-bit and 64-bit. This way, customers know the bandwidth requirements for remote machines.
See the Installation and Deployment Guide for a list of system requirements.
Include only appropriate requirements for your product. For Enterprise agent-server products, list the size of the package that will be deployed to each agent, both 32-bit and 64-bit. This way, customers know the bandwidth requirements for remote machines.
Example:
Size of Deployment Package
32-bit OS (i.e. Windows XP, Windows 2003...) = 100MB
64-bit OS (i.e. Windows XP, Windows 2008) = 90MB
Size of the new install package (32/64-bit) via Agent Packager Tool
MSI Package (Conventional Scan) = 100 MB
MSI Package (Smart Scan) = 90 MB
Setup Package (Conventional Scan) = 80 MB
Setup Package (Smart Scan) = 80 MB
Estimated size (in terms of bandwidth) per agent
32-bit agent total = 757 KB
64-bit agent total = 1004 KB
TIP: For Small Business agent-server products, only include estimated size (in terms of bandwidth) to reduce the complexity for customers.
If you do need to list system requirements:
List the minimum/recommended requirements for running the product. Content can be lifted directly from the Installation Guide.
Avoid writing "and above" or "later" or other text to imply that the product works with future software versions. It's impossible to validate that a product works correctly with future versions. If the system requirements that you receive from QA include "and above" or similar text, challenge them.
Only provide step-by-step instructions if not documented or if different from the information in the Installation Guide or Getting Started Guide.
See the Quick Start Card and the Installation and Deployment Guide for fresh installation and deployment instructions.
Note: Before you install this upgrade, disable OS to iDRAC Pass-through using the iDRAC web interface (iDRAC Settings > OS to iDRAC Pass-through) on the Deep Discovery Email Inspector appliance.
You can upgrade to Deep Discovery Email Inspector version 5.1 Build 3149 if you are currently running the following version:
You can upgrade to Deep Discovery Email Inspector version 5.1 if you are currently running the following versions:
Note: The upgrade process may take an hour or more to complete.
Do the following:
You can install this upgrade using one of the following methods:
The upgrade cannot be uninstalled. Contact Trend Micro Support for assistance.
Only provide step-by-step instructions if not documented or if different from the information in the Installation Guide or Getting Started Guide.
Explain what the customer should do after the installation. This could include additional steps, for example:
Restart the HTTP and FTP scanner services using the Control Panel.
If no further action required, write the following:
Installing this upgrade maintains all configurations and data. However, if Deep Discovery Email Inspector is using an internal Virtual Analyzer that connects to the Internet through a proxy server, you must reconfigure the proxy settings for the internal Virtual Analyzer. For details about configuring Virtual Analyzer settings, see the Administrator's Guide.
Include advice to register the product and update. Use the following boilerplate text if appropriate for your product.
Describe things that are still not working or are causing a problem. Do not describe what caused the problem; only include the symptom the customer would have seen, and say it's been fixed.
Do not describe every known issue; describe only the major issues.
Describe how to resolve the problem or at least how to work around it if possible.
If the readme is for a beta release, review the list of issues before sending out the final readme - some of the issues may have been fixed and should no longer appear in the list.
Known issues in this release:
Example:
7.1 Scan issue(s)
a. The Manual Scan progress screen may display directories not specified as scan target.
b. Scan exclusion settings for spyware/grayware are disregarded after installation.
7.2 Citrix integration issue
When the "Client Console Access Restriction" is disabled on a Citrix server, notification messages display simultaneously in each logon session.
Problem: Deep Discovery Email Inspector cannot receive incoming emails messages from other IPv6 subnets if the "Hosts in the same address class" option is enabled on the Administration > Mail Settings > Limits and Exceptions screen.
Problem: After daylight savings time changes to standard time on Deep Discovery Email Inspector, a duplicate time value appears on widgets.
Problem: While operating in SPAN/TAP mode, Deep Discovery Email Inspector cannot capture VLAN traffic that is encapsulated by Cisco Inter-Switch Link (ISL) protocol.
Problem: Deep Discovery Email Inspector is unable to import Virtual Analyzer images from an FTP server in active mode. Deep Discovery Email Inspector security does not allow this type of connection.
Solution: Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method.
Problem: Deep Discovery Email Inspector cannot read the subject of email messages in non-standard formats.
Solution: Trend Micro recommends only routing standard-formatted email messages. Most mail user agents cannot read email messages in non-standard formats.
Problem: Time format in the following pages cannot be changed if "Date and time format" in System Settings > Time page is changed 1) "Last updated" time of each widget in "Dashboard > Add Widgets", 2) "Last update" time in widget preview screenshot, 3) Time in email screenshot in "Detection" details, 4) "Custom range" in Detections > Sender Filtering
Solution: 1. For "Last updated" time of each widget, it was a limitation of the widget framework used in Deep Discovery Email Inspector to show time in a corresponding format. 2. For "Last update" time in the widget preview screenshot, it is not possible to be changed due to the fact that the preview screenshot is a picture. 3. For the time shown in the email screenshot, it was created by the third-party email client. It depends on locale to show proper time format, not the user-defined time format. 4. For "Custom range" in Detections > Sender Filtering , the date and time field is for both information display and data query. It is recommended not to display the time in the corresponding format.
Problem: Some risky URLs in an email may not be rewritten to be a link redirected to blocking or warning page, even if the same URLs have been rewritten, if there are more than 60 URLs in an email.
Solution: Deep Discovery Email Inspector will at most extract 60 URLs from an email for scanning by default. If some of the URLs were scanned have a risk, they will be rewritten to a link that can redirect to a blocking or warning page. If the number of URLs in the email exceeds 60, some of URLs will not be rewritten due to the fact that they were not extracted by Deep Discovery Email Inspector.
Problem: Deep Discovery Email Inspector cannot scan password-protected Office PowerPoint 2003 files.
Solution: The encryption of Office PowerPoint 2003 files is different from later versions, and this format cannot be decrypted.
Problem: If the user enables "Connect to Smart Protection Server for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page, the internal Virtual Analyzer will not run the URL block reason query, Census query or the Certified Safe Software Service query. Additionally, it will not provide Smart Feedback.
Solution: This is the configuration of the internal Virtual Analyzer. The user can either disable "Connect to Smart Protection for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page or enable both "Connect to Smart Protection Server for Web Reputation Services" and "Connect to global services using Smart Protection Server" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page.
Problem: When integrated with Deep Discovery Analyzer, the final risk level of a malicious URL in Deep Discovery Email Inspector is different with the risk level in Deep Discovery Analyzer.
Solution: Deep Discovery Analyzer can support several different products with varying risk levels, so for Deep Discovery Email Inspector, the risk level for malicious URLs returned by Virtual Analyzer (no matter whether either internal Virtual Analyzer or Deep Discovery Analyzer) will be downgraded one level.
Problem: For the same email attachment which has a different file name, after being analyzed by Deep Discovery Analyzer, the analysis reports for the two attachments will have the same file name.
Solution: As the current specification of Deep Discovery Analyzer, it will return the cached analysis result for the same files or URLs to Deep Discovery Email Inspector.
Problem: Under the current specifications of Deep Discovery Email Inspector, Single-Sign-On from Apex Central is not supported under the HTTP protocol.
Solution: Log into the Apex Central web console using HTTPS protocol.
Problem: If the default gateway is configured on a network interface other than eth0 using CLISH, the web console does not display the current default gateway and DNS settings.
Problem: If Web Reputation Service and Community File Reputation are unreachable using IPv4 addresses in a dual-stack network, the Administration > System Maintenance > Network Services Diagnostics screen still displays the final resolved IPv4 addresses for these services.
Problem: When performing sandbox analysis using a Windows 10 or Windows Server 2016 image that requires higher system resources, the performance of Deep Discovery Email Inspector may be affected.
Solution: Due to the system resource requirements of Windows 10 and Windows Server 2016 environments, Trend Micro recommends you contact Technical Support to evaluate the system load capacity on Deep Discovery Email Inspector before using a Windows 10 or Windows Server 2016 sandbox environment for analysis.
Problem: When a message contains more than one suspicious file attachment with the same SHA1 value, the Detections screen displays only one entry for the multiple file attachments.
Problem: When Deep Discovery Email Inspector connects to a proxy server that supports multiple HTTP authentication methods, some services (except ActiveUpdate and product license registration) may not function properly. On the Network Services Diagnostics screen, the service status becomes Unsuccessful.
Problem: When the "Use SMTP server for EUQ authentication" option is enabled on the Administration > End-User Quarantine > EUQ Settings page and the "Enable EUQ digest notifications" option is enabled on the Administration > End-User Quarantine > EUQ Digest page, Deep Discovery Email Inspector may send EUQ digest notifications to email groups instead of to individual recipients. Deep Discover Email Inspector is unable to determine if quarantined messages are intended for individual recipients or a group of recipients.
Solution: On the Administration > End-User Quarantine > EUQ Settings page, select the "Use SMTP server for EUQ authentication" option and add domains that contain only individual email addresses.
Problem: When there are more than 10,000 Time-of-Click Protection logs in Deep Discovery Email Inspector, the numbers of logs displayed in the log search result and on the Time-of-Click Protection widget are not the same.
Solution: Specify the time range when performing a Time-of-Click Protection log query.
Problem: Deep Discovery Email Inspector does not submit password-protected Microsoft Office files with macros to Virtual Analyzer for analysis based on the "Office with Macros" file category because the Advanced Threat Scanning Engine (ATSE) cannot determine whether password-protected Office files contain macros.
Problem: When you set the NICs for Deep Discovery Email Inspector virtual appliances based on the E1000/E1000e network adaptor in VMWare, data packet loss may occur due to limitation in network adaptor performance and throughput.
Solution: Select the VMXNET3 network adaptor for the virtual NICs in VMWare.
Problem: Due to the implementation of the Microsoft Hyper-V platform, SPAN/TAP mode is not supported in Deep Discovery Email Inspector virtual appliances installed in Microsoft Hyper-V.
Problem: When uploading the Deep Discovery Email Inspector upgrade package on Microsoft Edge, the management console may become unresponsive until the upload process is complete.
Problem: When you enable Email Encryption and configure policy settings to encrypt and decrypt all outgoing email messages, the performance level of Deep Discovery Email Inspector is significantly reduced.
Solution: Set up a dedicated Deep Discovery Email Inspector appliance to encrypt and decrypt outgoing email messages.
Problem: If the domains of a sender and recipient for an email message are in the internal domain list, Deep Discovery Email Inspector considers the message as an outbound message. Deep Discovery Email Inspector applies policies for outbound messages on this message.
Solution: Configure appropriate policies to apply on these type of messages.
Problem: When NIC teaming is enabled, Deep Discovery Email Inspector does not support the installation of a new NIC on the appliance.
Solution: Before installing a new NIC on the Deep Discovery Email Inspector appliance, disable NIC teaming first. After installing the new NIC, you can re-enable NIC teaming if required.
Problem: When Deep Discovery Email Inspector is in tapping mode, you cannot select data ports for NIC teaming.
Solution: Select other ports for NIC teaming or set Deep Discovery Email Inspector to operate in a different mode.
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.htmlNOTE: This information is subject to change without notice.
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2022, Trend Micro Incorporated. All rights reserved.
Substitute trademarks specific to your product for the %%%.
Trend Micro, the Trend Micro t-ball logo, Trend Micro Apex Central, Control Manager, Trend Micro Apex One, OfficeScan, and Deep Discovery are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
View information about your license agreement with Trend Micro at:
http://www.trendmicro.com/us/about-us/legal-policies/license-agreementsThird-party licensing agreements can be viewed in the Deep Discovery Inspector management console by going to the Help > About screen.