Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Critical
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-27552
11.1 Update 4
Issue: In an MDR pair, the Secondary active Central Manager fails to display new attacks on the Attack log page while the Primary Central Manager is down.
NSPMGR-27474
11.1 Update 4
Issue: An error Initializing Default Policies is displayed in the Manager while creating a new policy from Policy, <Admin Domain Name>, Intrusion Prevention, Policy Types, Inspection Options.
Issue: Starting with 10.1.7.50, IPS Manager only supports TLS 1.2 ciphers for Manager and Sensor communication.
If you upgrade your Manager to version 10.1.7.50 or later, but your Sensor software doesn't support TLS 1.2, communication between the Manager and Sensor is interrupted.
To avoid this issue, you must first upgrade the Sensor to a software version that supports TLS 1.2 and then upgrade your Manager to 10.1.7.50.
For details about how to avoid this issue, see the related article for a list of TLS 1.2 supported Sensor software, and upgrade your Sensor before rolling out your Manager upgrade.
Non-critical
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-27519
11.1 Update 4
Issue: Auto-assignment fails to assign the license to a newly added Sensor in an existing cluster, despite free licenses being available in the pool.
Workaround: For an existing cluster, manually assign the license(s) to the newly added Sensors from Devices, <Admin Domain Name>, Global, Device Manager, vIPS Clusters.
NSPMGR-27511
11.1 Update 4
Issue: The Attack Severity Summary hyperlink in the <Child Domain> of the Dashboard fails to redirect to the specific severity of an Attack Log.
NSPMGR-27495
11.1 Update 4
Issue: The System Fault panel on the Dashboard fails to redirect the links to the respective devices while accessing the Sensor status links from <Child Domain>.
NSPMGR-27403
11.1 Update 4
Issue: The Member Sensors hyperlink in the vIPS Clusters tab fails to redirect the Sensors to the specific cluster when accessed from <Child Domain>.
NSPMGR-27293
11.1 Update 3
Issue: Upgrading to software version 11.1.7.56 fails on a Linux-based Manager with a 400GB+ database and configuration backup.
NSPMGR-27229
11.1 Update 3
Issue: Cloud discovery fails in OCI deployments when user is subscribed to any region(s) other than us-ashburn-1 while using Key Pair method.
Workaround: While using Key Pair method, subscribe to us-ashburn-1 region for the cloud discovery to work.
NSPMGR-27199
11.1.x
Issue: The Throughput tab of the Devices, <Admin Domain Name>, Devices, Device Name, Troubleshooting, Performance Charts page does not show any data for the stacked Sensors.
NOTE: This issue has been seen in multiple Trellix IPS 11.1.x releases. It might also occur in Manager software 10.1.x releases.
NSPMGR-22692
11.1 Update 2
Issue: After you upgrade the Sensor, the Device Manager page still displays the previous Sensor version. Workaround: View the required Sensor version in Devices, <Admin Domain Name>, Global, Device Manager. Select the Sensors tab and view the Device Details - Software column.
NSPMGR-22648
Issue: If the alert channel is down or the Sensor disconnects from the Manager, the incremental updates fail to reach one of the Sensor nodes in the stack setup.
Click File Hashes, then according to your requirement, choose the Allow List or Block List tab.
Add, delete or modify more than 4000 entries in the Manager to trigger the bulk update to all member Sensors of the stack at the next fifth-minute interval.
The disconnected member Sensors are now online and will have all the updated hash entries.
NSPMGR-22642
Issue: Bulk update is not performed when the previous update fails, due to exceeding the heterogenous Sensor limit.
Click File Hashes, then according to your requirement, choose the Allow List or Block List tab.
Remove all the file hashes from the Manager and import the file hashes via CSV import.
If the hashes are within the limit of heterogenous Sensors, they are synched with heterogenous Sensors.
NSPMGR-22639
Issue: After you reboot the Manager, bulk update fails to resume automatically and hash file information fails to reach the Sensor.
Click File Hashes, then according to your requirement, choose the Allow List or Block List tab.
Export the entries through CSV.
Trigger the bulk update:
Deleting all entries and then import more than 4000 entries.
NSPMGR-22468
11.1
Issue: You see the following errors in the Faults page while attaching NTBA version 9.1 to the Manager:
NTBA Discovery Failure
NTBA Signature Set Mismatch Error
NTBA Deployment Error
Workaround:
Click Devices, <Admin Domain Name>, Global, Device Manager and select the required NTBA device on the Sensors tab.
In the bottom-left menu, click Sync.
Enable the Configuration and Signature Set option, and click Sync.
NSPMGR-22064
10.1 Update 10
Issue: The Sensor health node keeps loading and doesn't display health information for other devices, when any one of the Sensors connected to the Manager is rebooting.
NSPMGR-20340
Issue: After upgrading the stack Sensor software version from the Device Manager page, the Sensor fails to reboot automatically.
Issue: Capturing packets when the port is in span mode under high load causes the Sensor to stop responding and passing network traffic (Sensor crashes).
Non-critical
Reference Number
Related Article
Found in Version
Issue Description
NSPSNSR-15094
11.1 Update 3
Issue: With HTTP2 inspection and Investigation Analysis integration enabled, the IPS Sensor runs out of memory.
NSPSNSR-13308
11.1 Update 3
Issue: For a HTTP POST malicious file attack, Layer 7 details are not displayed in ascending order, on the alert Details panel of the Managers' Attack Log page.
NSPSNSR-14894
11.1 Update 2
Issue: [NS9100 and NS9200] With OBSSL and Investigation Analysis Integration configured, the IPS Sensor runs out of memory and enters a bad state.
NSPSNSR-14404
11.1 Update 2
Issue: You deploy the IPS-VM5000 image to your ESXi Server and see continuous alternating log messages:
INIT: ID “0” respawning too fast: disabled for 5 minutes
INIT: ID “1” respawning too fast: disabled for 5 minutes
NSPSNSR-13302
11.1 Update 1
Issue: The following HTTP error codes are displayed during MD5 query or file submission requests to DAAS:
HTTP 429: When the number of submissions/queries are more than 10 files per second.
HTTP 403: If an invalid API key is used while sending requests.
NSPSNSR-12819
10.1 Update 10
Issue: Some counters don't match the expected values in the show malwareserverstats, show malwareenginestats and show mvx statscommands,
when files are submitted to the MVX engine in bulk.
NSPSNSR-11939
Issue: A supported file type for malware inspection is uploaded to a server via a POST or PUT request, and the server responds with a file that's downloaded as a Response.
The Sensor can inspect only the file uploaded and doesn't scan the file downloaded for the POST request.
This limitation applies only when both the HTTP download and HTTP upload options are enabled.
NSPSNSR-9483
9.1
Issue: The Scheduler intermittently fails to pick files submitted to the cloud to get the report; the files continue to show as pending.
NSPSNSR-9187
10.1
Issue: For GTI-URL-reputation alerts, there's a mismatch in the Matched URL and HTTP URI fields when the outbound SSL decryption is enabled.
NSPSNSR-8235
Issue: An invalid string is seen in the Layer 7 data alerts generated for the Office engine.
NSPSNSR-7935
Issue: In rare scenarios, some files aren't processed for malware scanning.
NSPSNSR-7932
Issue: The packet (pkt) direction isn't set correctly when flow information is sent from the front-end processor to the datapath processor (direction is unknown).
NSPSNSR-7542
Issue: APK files with the extension vnd.android.package-deltaaren't processed for malware detection.
NSPSNSR-6916
Issue: If there are host sweep alerts, there's a mismatch in Network Protocol ID when the Manager forwards alert messages to the syslog server.
NSPSNSR-6837
Issue: Redirection to the Guest Access portal fails for inter-VLAN routing.
NSPSNSR-4344
9.2
Issue: Sensor Snort IDs are sent in the failed rules file instead of Global Snort IDs.
NSPSNSR-4339
9.2
Issue: The Sensor prioritizes HTTP traffic over SSL traffic when outbound SSL decryption is enabled.
NSPSNSR-4326
9.2
Issue: Outbound SSL implementation shows outbound flows as configurable through the Manager.
NSPSNSR-4314
9.2
Issue: Rules with the IPv4 address range can't be created.
NSPSNSR-4278
9.2
Issue: [SNORT] Snort attack packet detected by Suricata can't be exported from the attack log.
NSPSNSR-3990
Issue: Layer 7 data collection remains enabled although it's disabled from the Policy page, which leads to low performance of the device.
NSPSNSR-3069
Issue: The connection limiting host count is as low as 128k, but must be more than 256k for NS-series Sensors.
Issue: Virtual Sensors on KVM fail to display the Port Throughput Rate (Mbps) in the Throughput tab of: Devices, <Admin Domain Name>, Devices, <Device Name>, Troubleshooting, Performance Charts.
NSPSNSR-13302
11.1 Update 1
Issue: The following HTTP error codes are displayed during MD5 query or file submission requests to DAAS:
HTTP 429: When the number of submissions/queries are more than 10 files per second.
HTTP 403: If an invalid API key is used while sending requests.
NSPSNSR-11685
10.1
Issue: Jumbo features such as Jumbo Malware and Jumbo Frames don't work on the Virtual IPS Sensor deployed on ESX 7.0.
NSPSNSR-10740
10.1
Issue: When youexecute the layer2 mode assert command, the Virtual IPS Sensor doesn't go into to Layer 2 mode.
NSPSNSR-10555
10.1
Issue: Under certain conditions for a Windows VM, fewer alerts are seen when consecutive, identical attacks appear.
Critical
Reference Number
Related
Article
Found in
Version
Issue Description
NSPNAD-1721
10.1
Issue: During split file download, XDP files aren't extracted.
NSPNAD-1690
10.1
Issue: The Manager doesn't trigger alerts for custom rules that use thessl_version field.
Non-critical: There are currently no non-critical issues.