Views:
The TMWS on-premises gateway includes the following new features and enhancements.
Important
Important
  • Trend Micro supports and maintains only the latest two main versions, which are 3.9.3 and 3.9.1. Always upgrade your on-premises gateway to the latest version to continue using the up-to-date and full functionality.
  • Rocky Linux 9.0 supports AMD and Intel 64-bit architectures at the minimum required version of x86-64-v2 (See Rocky Lnux documentation). For TMWS on-premises gateway 3.9.1 and later which uses Rocky Linux 9.0, make sure the AMD or Intel 64-bit CPU on your machine supports a minimum of x86-64-v2.

Release Notes for Version 3.9.5.5850 (Available on October 10, 2024)

New Features/Enhancements

Feature/Enhancement
Description
Add compatibility to some HTTP headers
This version enhances Trend Micro Web Security's processing logic for HTTP header containing "\r\n" in the value.

Resolved Known Issues

Hotfix
Description
Fix OpenSSH vulnerability issue
 This version upgrades the OpenSSH version to solve the CVE-2023-48795 vulnerability.

Release Notes on Version 3.9.5.5845 (Available on July 25, 2024)

New Features/Enhancements

Feature/Enhancement
Description
Log enhancement
Adds info log to record more information for trouble shooting.
Certificate query process enhancement
Enhances the certificate query process to optimize the DB query performance.

Resolved Known Issues

Hotfix
Description
Fix invalid certificate warning issue
This version resolves the issue that the invalid certificate warning issue caused by abnormal client hello message.
Fix the app name of x.com
This version upgrade ixEngine pattern to support changing twitter.com to x.com.
Fix HTTP/2 to HTTP/1.1 negotiation handling
This version resolves the issue where TMWS closed the connection after an HTTP/2 to HTTP/1.1 negotiation error. The error message will now be forwarded to the client to continue with a new negotiation.

Release Notes on Version 3.9.5.5840 (Available on July 5, 2024)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fixes OpenSSH vulnerability issue
This patch upgrades the OpenSSH version to solve the vulnerability CVE-2024-6387.

Release Notes on Version 3.9.3.5836 (Available on April 30, 2024)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fixes certificate issue
This version resolves the issue that the browser occasionally displays an invalid certificate warning when users request content that requires HTTPS decryption.

Release Notes on Version 3.9.3.5835 (Available on April 9, 2024)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fixes core dump issues
This version resolves the core dump issues caused by engine API read errors.

Release Notes on Version 3.9.3.5834 (Available on March 20, 2024)

New Features/Enhancements

Feature/Enhancement
Description
Case Diagnostic Tool enhancement
Adds inode information to the Case Diagnostic Tool (CDT) to facilitate troubleshooting.
Log rotation enhancement
Checks inode usage when performing log rotation.
Local time adjustment based on TMWS cloud
Syncs time from TMWS cloud when the NTP configuration of the TMWS on-premises gateway does not take effect, which causes inaccurate local time.

Resolved Known Issues

Hotfix
Description
Fixes core dump issues
This version resolves the core dump issues caused by engine API read errors and long URLs in the approved/blocked URL lists.
Fixes certificate warning page display error
This version resolves the issue that the certificate warning page displays unexpectedly when users access a URL that has a final period.
Fixes high CPU usage
This version resolves the issue that CPU usage becomes high because files are not removed from the temporary file folder.
Fixes cookie cache failure
This version resolves the issue that cookie information cannot be written to the cache because the cookie is too large.
Fixes scanner dead loop
This version resolves the issue that the scanner enters a dead loop because of abnormal URLs in approved or blocked URL list.
Fixes logging failure
This version resolves a issue in the log rotation module that causes failure to write logs.

Release Notes on Version 3.9.3.5832 (Available on November 20, 2023)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fixes Internet access failure
This version resolves the issue that when the number of concurrent queries to the TMWS cloud exceeds the maximum, end users' Internet access fails.
Fixes auto-tunneling issue
This version resolves the issue that after auto-tunnel is turned off, the on-premises gateway still adds a site to the auto-tunnel list upon failure of TLS version negotiation between the client and server.

Release Notes on Version 3.9.3.5830 (Available on August 15, 2023)

New Features/Enhancements

Feature/Enhancement
Description
Enhancement of some URL category names in Japanese
Improves the accuracy of some URL category names shown on the Japanese notification pages for URL access.

Resolved Known Issues

Hotfix
Description
None
N/A

Release Notes on Version 3.9.1 5820 (Available on August 1, 2023)

New Features/Enhancements

Feature/Enhancement
Description
Root CA certificate verification enhancement
Enhances the mechanism for verifying the TMWS root CA certificate to prevent the incorrect warning for expired certificate when users access legitimate websites.
Performance enhancement for HTTP2
Provides faster and better performance for accessing websites through HTTP2.

Resolved Known Issues

Hotfix
Description
Fixes scan module crash
This version resolves the issue that a scan module in the on-premises gateway crashes unexpectedly.
Fixes product log download error
This version resolves the issue that some product log packages downloaded do not contain any files.

Release Notes on Version 3.9.1 5810 (Available on June 28, 2023)

New Features/Enhancements

Feature/Enhancement
Description
Operating system upgrade
Upgrades the operating system running the on-premises gateway from CentOS 7 to Rocky Linux 9.
Web Reputation Services query enhancement
Enhances the mechanism for querying the Web Reputation Services to prevent occasional connection timeout.
Kerberos authentication compatibility
Supports the encryption type RC4-HMAC-NT for Kerberos authentication when you upgrade from a previous on-premises gateway version to the current version. RC4-HMAC-NT is disabled by default on the operating system Rocky Linux 9.
If you install this on-premises gateway version directly, RC4-HMAC-NT is not supported.
Trend Micro engine upgrade
Upgrades the related detection engines to the latest versions.

Resolved Known Issues

Fix
Description
Fixes incorrect upgrade status
This version resolves the issue that occasionally the on-premises gateway upgrade status is reported to the TMWS cloud as successful while the upgrade actually fails.
Fixes CRL-related issues
This version resolves the following issues related to the certificate revocation list (CRL):
  • A large CRL causes the proxy service to take a long time to reboot.
  • Frequent CRL updates causes unnecessary system resource usage.
  • Unused CRL entries occupy too much storage resources.

Release Notes on Version 3.7.5 5665 (Available on April 26, 2023)

New Features/Enhancements

Feature/Enhancement
Description
OpenSSL upgrade
Upgrades OpenSSL to fix the vulnerabilities CVE-2023-0466, CVE-2023-0465, CVE-2023-0286, CVE-2022-4304, and CVE-2023-0215.
More granular error codes for upgrade
Adds more error codes to indicate errors that occur during the TMWS on-premises gateway upgrade to facilitate troubleshooting.

Resolved Known Issues

Hotfix
Description
Fixes failure to upload TMWS event data to Trend Vision One
This hotfix resolves the problem that the TMWS on-premises gateway failed to upload event data to show in the Trend Vision One console.
Fixes a data cleanup issue
This hotfix resolves the problem that the TMWS on-premises gateway did not automatically clean up some log data even when the disk usage threshold was reached.

Release Notes on Version 3.7.5 5660 (Available on February 13, 2023)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Improves metrics log generation mechanism
This hotfix enhances the mechanism for generating metrics logs to resolve the performance issue of the TMWS on-premises gateway.
Upgrades the Sudo version
This hotfix upgrades the Sudo version to resolve the vulnerability CVE-2023-22809.

Release Notes on Version 3.7.5.5657 (Available on January 10, 2023)

New Features/Enhancements

Feature/Enhancement
Description
Third-party library upgrade
Upgrades third-party libraries to resolve vulnerability issues.
Nginx upgrade
Upgrades Nginx from 1.16.1 to 1.20.1 to resolve a remote code execution vulnerability.

Resolved Known Issues

Hotfix
Description
Upgrades the ixEngine and pattern files
This hotfix upgrades the ixEngine and pattern files to the latest.
Fixes the dump file rotation issue
This hotfix solves the issue that the TMWS on-premises gateway cannot rotate dump files.
Changes the threshold for sending data to the client
This hotfix reduces the threshold for the TMWS on-premises gateway to start sending data to the client from 512,000 bytes to 10,000 bytes.
Fixes the slow loading of Google Maps image tiles
This hotfix solves the issue that the client loads Google Maps image tiles very slowly after receiving data from the TMWS on-premises gateway.
Fixes the issue of sending empty certificates for some websites
This hotfix solves the problem that the TMWS on-premises gateway returns empty certificates to the client when the client attempts to visit some websites.
Updates the ActiveUpdate module
This hotfix updates ActiveUpdate to resolve the problem that its server certificate is about to expire.

Release Notes on Version 3.7.5.5652 (Available on August 10, 2022)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Upgrades the Python-Crypto module
This hotfix upgrades the Python-Crypto module for enhanced security.
Shows a UTC timestamp for the rt field in CEF access logs
This hotfix solves the problem that the rt field does not show as a UTC timestamp in the CEF access logs generated using mapping type 2.
Enhances DNS server switchover mechanism
This hotfix reduces the time for switching from a faulty DNS server to a normal one.

Release Notes on Version 3.7.5.5641 (Available on May 17, 2022)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Use FQDN to access the CRS server
This hotfix solves the problem that the TMWS on-premises gateway uses a dynamic IP address instead of an FQDN when accessing the Cloud service Reputation Service (CRS) server through a system proxy.
Display the "Dynamic DNS" URL filtering category correctly
This hotfix solves the problem that the URL filtering category "Dynamic DNS" is displayed as "N/A" in logs and user notifications.

Release Notes on Version 3.7.5.5638 (Available on April 11, 2022)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Upgrade CentOS Linux
This hotfix upgrades CentOS Linux to fix a variety of vulnerabilities.
Upgrade Nginx
This hotfix upgrades Nginx to the latest stable version.
Upgrade OpenSSL
This hotfix upgrades OpenSSL.
Change the raw log storage path
This hotfix changes the path for storing raw logs to provide larger storage space.
Fix a Polkit vulnerability
This hotfix solves the Polkit privilege escalation vulnerability (CVE-2021-4034).
Fix an auto-tunneling error
This hotfix solves the problem that the TMWS on-premises gateway still adds domains to the Tunneled Domain List while auto tunneling is disabled.
Fix a debug logging error
This hotfix solves the problem that the TMWS on-premise gateway records HTTPS access failure in debug logs while the HTTPS access is successful.
Add the block reason to specific logs
This hotfix solves the problem that when an item matches a cloud access rule that applies to all categories and has the action set to Block, the recorded log does not include the block reason.
Optimize the DNS switchover mechanism
This hotfix optimizes the condition for switching between primary and secondary DNS servers to improve DNS switchover performance.
Disable unused TCP/UDP ports
This hotfix disables unused TCP/UDP ports of the TMWS on-premises gateway to enhance security.

Release Notes on Version 3.7.3.5605 (Available on December 2, 2021)

New Features/Enhancements

Feature/Enhancement
Description
TCP supported as a protocol for syslog forwarding
Allows you to select TCP, in addition to UDP, as the protocol for forwarding syslog messages from on-premises gateways to the syslog server.

Resolved Known Issues

Hotfix
Description
None
N/A

Release Notes on Version 3.7.1.5600 (Available on October 29, 2021)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix the failure of HTTP2 link file download
This hotfix solves the problem that HTTP2 link file download fails sometimes.
Allow inserting the authentication portal domain into any field of the content-security-policy header
This hotfix allows inserting the authentication portal domain into any field of the content-security-policy header to prevent CSP from blocking user access.

Release Notes on Version 3.7.1.5594 (Available on October 29, 2021)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix the InfoSec issues
This hotfix solves the InfoSec issues related to the on-premises gateway web console.
Allow authentication method changes to take effect immediately
This hotfix solves the problem that authentication method changes cannot take effect immediately.
Ensure the true file type can be identified for executable files
This hotfix solves the problem that the true file type cannot be identified for small executable files when the file name extension is capitalized.
Purge temporary files generated in log processing
This hotfix solves the problem that the disk space of the on-premises gateway server is fully occupied by temporary files generated in log processing, causing the on-premises gateway not to work properly.
Allow self-signed single-tier server certificates to take effect after being added as trusted CA certificates
This hotfix solves the problem that self-signed single-tier server certificates can be added as trusted CA certificates on the management console but cannot take effect.

Release Notes on Version 3.5.2.5590 (Available on October 29, 2021)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Increase the download speed of the on-premises gateway installation package
This hotfix enables the customer to download the installation package at a faster speed of 10 MB/s from the previous 125 KB/s.

Release Notes on Version 3.5.1.5581 (Available on July 13, 2021)

New Features/Enhancements

Feature/Enhancement
Description
Non support for insecure encryption algorithms
Supports only the Ciphers AES-128 CTR, AES-192 CTR, and AES-256 CTR encryption algorithms when using the web console on a TLS-enabled client, to avoid an information disclosure vulnerability due to the use of insecure encryption algorithms.

Resolved Known Issues

Hotfix
Description
Support port forwarding for HTTPS traffic
This hotfix solves the problem that port forwarding does not support HTTPS traffic on the on-premises gateway.
Fix the unavailability of bandwidth control rules
This hotfix solves the problem that bandwidth control rules for the on-premises gateway do not take effect after configured.
Fix improper status display of the diagnostics web page
This hotfix solves the problem that the diagnostics web page does not show the correct connection status after the user refreshes the page.
Support for host name in upstream proxy configuration
This hotfix solves the problem that the customer cannot specify the host name when configuring an upstream proxy server for the on-premises gateway.

Release Notes on Version 3.5.1.5578 (Available on May 31, 2021)

New Features/Enhancements

Feature/Enhancement
Description
Support to replace the CA certificate for decryption with the customer's own certificate
Allows the customer to use their own CA certificate, instead of the default TMWS root CA certificate, in HTTPS decryption rules to decrypt HTTPS traffic on the on-premises gateway. Customers can perform the replacement from the command line.
For more information, see step 4 in Configuring A Decryption Rule.

Resolved Known Issues

Hotfix
Description
Increase the download speed of the on-premises gateway installation package
This hotfix enables the customer to download the installation package at a faster speed of 10 MB/s from the previous 125 KB/s.
Enhance safe search engine integration
This hotfix refines the support for search safety on YouTube, and adds two new URLs for safe image and video search on Yahoo! Japan.

Release Notes on Version 3.5.1.5570 (Available on March 31, 2021)

New Features/Enhancements

Feature/Enhancement
Description
On-premises gateway to support ICAP mode
Supports working in either the forward proxy mode (the existing mode) or ICAP mode. You can deploy your on-premises gateway in ICAP mode if you already have an ICAP client on your network and want it to pass web traffic to TMWS for scanning.
Non support for TLS v1.1, AES-128 CBC, and 3DES CBC encryption
Disables TLS v1.1, AES-128 CBC, and 3DES CBC encryption. You need to use a web browser or SSH client that follows TLS v1.2 or later to log on to the on-premises gateway web console.

Resolved Known Issues

Hotfix
Description
Fix a vulnerability issue
This hotfix provides an improved solution to the vulnerability issue of weak password storage on the on-premises gateway.
Enhance safe search engine integration
This hotfix provides enhanced integration with supported safe search engines to adapt to third-party API updates.

Release Notes on Version 3.4.2.5550 (Available on May 31, 2021)

Note
Note
The on-premises gateway with a pre-3.4.1 version cannot be upgraded directly to version 3.4.1. To use version 3.4.1, download and apply the latest installation package.
If you want to reuse the existing authentication and policy settings after upgrade, configure Duplicate check when registering your on-premises gateway to the TMWS cloud.

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Increase the download speed of the on-premises gateway installation package
This hotfix enables the customer to download the installation package at a faster speed of 10 MB/s from the previous 125 KB/s.

Release Notes on Version 3.4.1.5542 (Available on January 11, 2021)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix several vulnerability issues
This hotfix solves several vulnerability issues on on-premises gateways, which includes command injection due to unauthenticated remote code execution and weak password storage.

Release Notes on Version 3.4.1.5522 (Available on January 06, 2021)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix a TMWS scanner issue
This hotfix solves a TMWS scanner issue which ensures that TMWS can work properly.

Release Notes on Version 3.4.1.5509 (Available on December 25, 2020)

New Features/Enhancements

Feature/Enhancement
Description
Improvement in on-premises gateway registration
Provides a registration option on the web console to let the administrator decide whether to replace an existing on-premises gateway with the new one for authentication setting and security policy reuse when they have the same display name.
Support for the UEFI boot firmware
Lets the customer choose to use the UEFI firmware to boot the device during installation.
New web console user interface
Redesigns the on-premises gateway web console with a new user interface layout.
Admin password change on the web console logon page
Provides an option on the logon page of the on-premises gateway web console to let the administrator change the logon password.

Resolved Known Issues

Hotfix
Description
Fix the issue that the log upload setting change does not apply to an offline on-premises gateway when the gateway goes online.
This hotfix ensures that when the log upload setting is changed on the TMWS management console, it can apply to an on-premises gateway in offline status after it is rebooted and connected to the TMWS cloud.
Note
Note
You can also go to the TMWS management console to reconfigure on-premises gateway log upload to make your setting work after an offline gateway reconnects to the TMWS cloud.

Release Notes on Version 3.3.1.2887 (Available on September 27, 2020)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix the issue that web pages with a long HTTP/HTTPS response header could not be displayed properly
This hotfix solves the problem that web pages having a very long HTTP/HTTPS response header show blank after the response goes through the on-premises gateway.

Release Notes on Version 3.3.1.2884 (Available on September 25, 2020)

New Features/Enhancements

Feature/Enhancement
Description
On-premises gateway log upload control
Adds an option under Log Analysis to control whether on-premises gateways send logs generated on them to the TMWS cloud.
Note
Note
If you have disabled this function on the TMWS cloud, after the upgrade, go to the TMWS management console to enable and then disable it again to make your setting work.
Four features provisioned for the Standard license
Makes four Advanced license features available for Standard license customers: Predictive Machine Learning, Role-based access control Operator role, Custom Defense, syslog forwarding for both the cloud and on-premises.

Resolved Known Issues

Hotfix
Description
None
N/A

Release Notes on Version 3.1.1.2794 (Available on June 16, 2020)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix the issue of the on-premises gateway sending useless query requests to the TMWS cloud
This hotfix solves the problem that the on-premises gateway sends many useless query requests to the TMWS cloud, which prevents both the cloud and the on-premises gateway from working improperly.

Release Notes on Version 3.1.1.2745 (Available on May 26, 2020)

New Features/Enhancements

Feature/Enhancement
Description
Custom Defense
Integrates your on-premises gateway with Trend Micro Deep Discovery™ Analyzer (DDAn) deployed within your organization to defend against custom-defense APT attacks from malicious programs through HTTP/HTTPS traffic.
Target domain traffic control
Creates target domain groups that contain one or multiple domains, and then adds them into cloud access rules to control the access to these domains on your corporate network. This enables TMWS to provide more fine-grained scan and control on users' web traffic.

Resolved Known Issues

Hotfix
Description
Fix the YouTube resource identification issue
This hotfix ensures that HTTP requests towards YouTube resources can be recognized by TMWS.
Fix the issue of inaccessibility to domains in the HTTP Content-Security-Policy response header
This hotfix ensures that the domains specified in the HTTP Content-Security-Policy response header are accessible by the client browser.
Fix the issue of improper handling of "=" in syslog content variable values
This hotfix ensures that TMWS can escape the "=" symbol contained in the variable values of syslog content.

Release Notes on Version 3.1.0.2502 (Available on November 29, 2019)

New Features/Enhancements

Feature/Enhancement
Description
Product renaming to Trend Micro Web Security (TMWS)
Changes the product name from InterScan Web Security as a Service (IWSaaS) to Trend Micro Web Security (TMWS) for marketing purposes.
Syslog enhancement
Provides one more type of CEF syslog key-value pair mapping to allow TMWS to forward log messages to an external syslog server in a customizable structured format.
Cloud application access control
Creates cloud application access sets that contain one or multiple cloud applications, and then adds them into cloud access rules to control the access to these cloud applications on your corporate network.

Resolved Known Issues

Hotfix
Description
Fix the issue of product feature incompatibility for Microsoft Office 365 services
This hotfix ensures that the Azure AD authentication method and the Cloud Service Filter feature can co-work for Microsoft Office 365 services.
Fix the issue of insufficient disk space in the directory /var/iwss/ddaaas_tmp due to an infinite loop
This hotfix solves the problem that the DDAaaS client loop endlessly processes a same file, which avoids the disk space of the directory /var/iwss/ddaaas_tmp from running out.
Fix the issue of access log upload failure after log rotation
This hotfix prevents the file permission from being changed during log rotation, which ensures successful access log upload.
Fix the issue of the display of an incorrect version number after on-premises gateway upgrade
This hotfix ensures that the latest version number of an on-premises gateway can display properly on the TMWS management console after the gateway is upgraded.
Fix the issue of failure in certificate file uploads from on-premises gateway to cloud
This hotfix ensures the required settings and execute permissions of the SSL mgmt client deamon so that it can successfully upload the certificate files generated on the on-premises gateway to the TMWS cloud.

Release Notes on Version 3.1.0.1129 (Available on July 12, 2019)

New Features/Enhancements

Feature/Enhancement
Description
None
N/A

Resolved Known Issues

Hotfix
Description
Fix the issue of HTTPS connection creation failure
This hotfix ensures that the on-premises gateway can wait to start the HTTPS connection creation after it receives the complete “CONNECT” request, which avoids the connection creation failure in some special situations at the client end.
Fix the issue of no log query results
This hotfix adds protection to prevent the permission on the debug log file from being altered unexpectedly, which ensures that logs generated on the on-premises gateway can be successfully queried.
Fix the issue of on-premises gateway unavailability in a geographical change
This hotfix allows the on-premises gateway to always send a regional FQDN rather than a global FQDN when it is being registered to the TMWS cloud, which ensures its availability on the cloud in the case of a geographical change.
Fix the issue of excessively high memory usage by the SSLMgmt daemon
This hotfix lowers the memory usage of the SSLMgmt daemon, which avoids the daemon from being terminated by the system due to excessive memory consumption.
Fix the issue of CDT failure in collecting product configuration files
This hotfix ensures that the CDT can successfully collect product configuration files when there are too many files in the configuration folder.
Fix the issue of incorrect CEF syslog format encoding
This hotfix resolves the back-end encoding issue to ensure that the back-end system can follow the standard CEF syslog format upon the input by the administrator on the console.