Trellix Operating System Release 11.0.1 for the following products will be made available for download today from our Dynamic Threat Intelligence (DTI) Cloud:
- Email Security - Server (EX)
- Network Security (NX)
- Network Detection and Response (NDR Sensor)
- Intelligent Virtual Execution (IVX) - Server
- Malware Analysis (AX)
- File Protect (FX)
- Central Management (CM)
The 11.0.1 releases include various fixes in addition to the new features and enhancements described below; please refer to the appropriate Release Notes for the complete list.
Following new features and enhancements common to multiple products are included in this 11.0.1 release:
- Appliance base components have been upgraded to fully support TLS 1.3 for management protocols. This upgrade introduces stricter enforcement for access rules. When Web Client Certificate Authentication is enabled, client certificates are now mandatory for all WSAPI calls, and there is no longer a fallback to alternative authentication methods for WebUI access
- Support for DHCPv6 Hostname registration. IPv6 support for Configuration jumpstart wizard, HelixConnect, and TACACS+
- LDAP client update
- Synchronization with TAXII
- Support local time streaming for events
- Enhanced data streaming configuration guidance for TLS Syslog, and enhanced CA list configuration
- IVX Cluster upgrade from version 11.0.0 to 11.0.1 is supported via the CMS
New features and enhancements in Email Security - Server 11.0.1:
- New EX virtual appliance (model EXintgV) designed for integrated mode deployments configurable with 8 - 64 GB of RAM, 1 - 4 TB of disk space, and 4 network interfaces
- UI enhancements to Email Quarantine, View and Download Clean and Riskware Emails, View processed emails, FLOSS artifacts updates on eAlerts page
- CLI support to Delete all added regex entries at once in whitelist, Defang URLs as part of sender based tracking protection, Configure DUA object size
- Enhanced mutual TLS (mTLS) support for next-hop mail.
- Enhanced sender tracking protection
- WebUI support to release Quarantined Emails by MD5 or URL
New features and enhancements in Network Security (NX) and Network Detection and Response (NDR Sensor) 11.0.1:
- Network Detection and Response (NDR) capabilities have been enhanced to support deployment across a wider range of physical and virtual appliances
- Physical appliances: NX2600, NX3600, NX4600, NX5600, NX6600 (NX8600 since 11.0.0)
- All supported virtual models on ESXi, KVM, Hyper-V deployments
- Enhanced IPv6 Support for Network Segmentation, L7 metadata export, CommBroker, Beaconing module, IOC Feeds, and TapSender
- MITRE ID enhancements for SmartVision Alerts, NX-IPS Events, and IoC Alerts
- Enhanced QR Code Detection Alerts
- Enhanced L7 metadata event filter options for both HTTP protocol and flow events
New features and enhancements in File Protect 11.0.1 and Malware Analysis 11.0.1 include several common features and bug fixes.
New features and enhancements in IVX - Server 11.0.1:
- Trellix IVX Private Cloud solution is currently offered strictly for Technical Preview purposes in this Release. The solution is deployed within your own AWS cloud infrastructure to align with your specific operational and security requirements. It facilitates seamless connectivity with your current systems by offering multiple dedicated integration interfaces, including APIs, Amazon S3, and ICAP. These integrations are designed to automate data exchange and streamline security operations allowing you to:
- Automate threat analysis
- Enhance detection and response workflows
- Gain actionable insights to strengthen your overall security posture
- Virtual IP support for IVX cluster
- Syslog integration for IVX notifications
- Interactive malware analysis with VNC
- ICAP enhancements
New features and enhancements in Central Management 11.0.1:
- Configurable Organization Unit (OU) field in certificates and CSRs on upgraded systems to align with CA/B forum standards
- Organization Unit field CLI enhancements
- Ability to download emails categorized as Clean from the 'Processed Emails' UI page in CMS
- View Email option on the 'Processed Emails' UI page in EX and CMS, enabling users to open and review clean (non-quarantined) emails directly from the console
- Enhanced SAML support for HA environments
- CMSHA support for IPv6
- Web UI support to release Quarantined emails by MD5 or URL
Managed Defense compatibility:
If you are a Managed Defense customer interested in upgrading, coordinate with your Managed Defense Consultant.
Notes:
The 11.0.1 releases require a reboot to take effect.
Trellix OS Releases 10.0 and 11.0 will not be supported on x400 appliances, NX 10550, and VX 12500 platforms.
You can upgrade your IVX appliance to version 11.0.1 from versions 9.1.x or later. However, you cannot upgrade clusters directly from versions 9.1.x or 10.0.x to 11.0.1. To upgrade, you must first dismantle the cluster and then upgrade each IVX standalone node individually to version 11.0.1.
If your IVX cluster is running version 11.0.0, you can upgrade the cluster to 11.0.1 directly via the CMS.
You can upgrade your Email Security - Server, Network Security (NX), NDR Sensor, File Protect, Malware Analysis, and Central Management appliances to Trellix OS release 11.0.1 from version 9.1.0 or later. If your Email Security - Server, Network Security (NX), NDR Sensor, File Protect, Malware Analysis, or IVX appliances are managed by a Central Management appliance, the Central Management appliance must be running Trellix OS 11.0.1 before upgrading the managed appliance(s).
After the upgrade to version 11.0.1, certain processes will be in a pending state until new security content is downloaded and installed. The security content is downloaded and installed automatically for online customers. Offline customers must manually download and install the new security content after upgrading appliances to version 11.0.1.
When upgrading an appliance running in FIPS/CC compliance mode to version 11.0.1, you must reapply the compliance mode immediately after the upgrade. Use the CLI command "compliance apply standard <standard name>" and save the configuration using the CLI "write memory".
Before upgrading your appliances to Trellix OS 11.0.1, modify any custom YARA rules to YARA 4.5.0.
Trellix strongly recommends automatic downloading of Guest Images in order to maintain the most recent version. Automatic downloading is enabled by default. The update to GI Bundle 24.0702 will therefore occur automatically on version 11.0.1 systems unless automatic GI updates are disabled. If automatic downloading is not enabled, enable it with the command fenet guest-images auto enable. Running an outdated version of Guest Images results in a loss of performance and detection capability.
For further details on the features and fixes included in this release, as well as for information on how to upgrade, please log in to the Trellix Customer Support Portal using your Trellix support credentials and refer to the documents Email Security - Server 11.0.1 Release Notes, Network Security 11.0.1 Release Notes, Virtual Execution 11.0.1 Release Notes, Malware Analysis 11.0.1 Release Notes, File Protect 11.0.1 Release Notes, Central Management 11.0.1 Release Notes.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.