Product release information for VIPRE Endpoint Security Cloud Console v1.5.0, released April 14, 2020.
What's New
Over the past few years, we've made many significant improvements to our core file- and process-based detection engines in the Windows agent to the point where we are now consistently scoring exceptionally well in independent antivirus (AV) testing (see AV-Comparatives, AV-Test, Virus Bulletin).
The one major subsystem that hasn't gotten as much attention is the network protection stack—firewall, intrusion detection systems (IDS), and web protection—which provides essential security against network-based attacks. The components built into VIPRE Agent for Windows v11 continue to provide reliable protec tion but in v12 we are introducing a major update to the network protection stack!
NOTE: We have been notified that a very small number of server systems, typically underpowered Microsoft Windows Server hosts, may experience network delays when the new network features in the version 12 agent are enabled. See Known Issues, below, for a workaround.
Info
We have been notified that a very small number of server systems, typically underpowered Microsoft Windows Server hosts, may experience network delays when the new network features in the version 12 agent are enabled. See Known Issues, below, for a workaround.
DNS Protection
The most exciting new feature we've added is our brand-new DNS Protection. Built right into the VIPRE agent, this new feature helps prevent your users from ever visiting a known malicious website. This new layer of protection is something many of our customers have historically purchased from third-party DNS providers or as a separate product or add-on, but which we are now including as part of our base offering. Any time your users attempt to look up an internet domain name, VIPRE will perform a comprehensive series of checks leveraging our threat intelligence cloud service to ensure that that remote host is not a known malicious domain. If it is at all suspicious, we'll immediately redirect the user to a block page and tell them that there's an issue: the user's browser will never have a chance to download any content from a potentially malicious webpage.
Refer to Related Articles to learn more about DNS Protection.
Web Access Control
Piggy-backing on this DNS Protection feature, we are also introducing a new add-on called Web Access Control. Although not strictly intended to protect your organization against malware, Web Access Control allows you to define business policies around which types of websites your employees are or are not allowed to visit, choosing from among over 40 categories including Social Media, Violence, Sports, among many others. If you want to make sure that your employees aren't wasting time streaming videos, or have a duty-of-care to protect your employees from accidentally seeing offensive content, then you need Web Access Control.
Refer to Related Articles to learn more about Web Access Control.
Other Improvements
In addition to these major new features, we've made many improvements up and down our network protection stack:
Firewall Improvements
The firewall is now faster and more efficient, providing a solid foundation for the other components. The firewall is designed to protect typical endpoints out of the box with just a few clicks to enable blocking but is easily configurable to allow special services if needed in your environment.
Upgraded IDS
An entirely new Intrusion Detection System (IDS) now provides vastly expanded signature-based detection of common network attacks plus increased performance. Now hosting over 8000 (over 15 times more than v11!) individual detection rules, we've greatly expanded our ability to guard against the latest threats. And for those rare cases where a specific rule conflicts with some custom application in your environment, you can easily disable affected rules to keep your business humming along.
IDS Automatic Monitoring
The new IDS is also more intelligent and can automatically detect dozens of network protocols to provide deep introspection - no more manually specifying which ports to monitor. It won't matter if a service, or even malware, attempts to hide your users' activities by using custom ports. The new IDS decodes all network traffic, automatically identifies the appropriate protocols and services, and applies the appropriate IDS rules to that traffic.
Malicious URL Blocking
In many cases, blocking an entire site (like GitHub) might cause too much disruption, but there is some page or another resource on that site that delivers undesirable content. To solve this problem, VIPRE also scans entire URLs seen in HTTP traffic to ensure that your users don't hit pages that could get them in trouble. This service leverages our global threat intelligence network for up-to-the-minute information about bad URLs and informs your users if they attempt to click on a bad URL link.
Refer to Related Articles to learn more about Web Protection and Malicious URL Blocking.
Browser Extensions
Two new agent-managed browser extensions—for Firefox and Chrome browsers—provide visibility into encrypted HTTPS web traffic and leverages the same URL blocking service mentioned above. The VIPRE agent pushes these into installed browsers automatically if enabled in your policy, and ensures your browsers stay protected.
Refer to Related Articles to learn more about Web Protection.
Malicious Content Blocking
New Web Exploit Protection replaces our retired Edge Protection feature to find and block malicious embedded content within web pages. Malicious JavaScript code and other risky content is now scanned for automatically and, if found, results in the page being blocked. Effective against malvertising, watering hole attacks, and spoofed websites, Web Exploit Protection protects your users even if they are visiting a brand-new malicious web page.
Refer to Related Articles to learn more about Web Protection.
Info
Port Scans are no longer available in v12. It is still available in Agent v11 and lower, however.
Overall, the improved network protection stack gives you fast, efficient blocking of malicious IPs, URLs, and network exploits across many more network protocols, as well as plain text and encrypted web traffic. Plus, the new architecture expands our options for future extensions and improvements. We hope you enjoy the improvements!
System Requirements
This section contains all of the system requirements for VIPRE Endpoint Security Cloud.
Component |
Minimum Requirement |
|---|---|
Web-Based Console |
We support the latest release of the following browsers:
|
VIPRE Update Proxy |
VIPRE Update Proxy is a supplemental application tool that works with your existing deployment of VIPRE Endpoint Security - Cloud Edition. For more information, view the VIPRE Update Proxy Guide. |
| VIPRE Agent for Mac |
OPERATING SYSTEMS
HARDWARE
|
VIPRE Agent for Windows |
OPERATING SYSTEMS
† VIPRE Advanced Active Protection is not supported on these Operating Systems HARDWARE
MISCELLANEOUS
SUPPORTED EMAIL APPLICATIONS
|
Known Issues and Bugs
Here we'll walk you through bugs from previous versions that we fixed in this version, known issues and workarounds from previous versions, and known issues and workarounds for this version.
Current Issues and Workarounds
This section lists issues that are known at the time of release. In some cases, these are bugs that we are working to resolve with a subsequent release. Other items may be due to causes outside of our control, such as bugs with other vendors' software. In all cases, we have tried to provide a workaround for you to consider, should you experience an issue.
If you have questions about a specific issue, please provide the issue ID (if applicable) when contacting our Technical Support team.
Microsoft Windows Server 2016 system has trouble communicating over the network after v12 agent is deployed [VPBAGENT-6235]
Description: After deploying the version 12 agent to a Microsoft Windows Server system, the server occasionally won't respond to network requests.
Note: This issue has so far been observed primarily on a very small number of resource-constrained servers, for example:
- Servers with 2 or fewer CPU cores in operation
- Servers with 4GB RAM or less
- Servers that are under heavy network load, particularly extensive monitoring traffic (i.e. "ping" requests)
- Virtualized servers
As always, VIPRE recommends that customers test agents prior to deployment particularly for servers, and especially for under-powered servers. VIPRE Cloud policies can be configured to provide for manual agent testing prior to agent approval and auto-deployment.
Workaround: Disable the network protection functions of the agent in that server's policy. At the moment, this may require a special code, available from Support; contact us for details.
We will be rolling out a simpler workaround soon and a full fix thereafter.
Admin cannot change the scope of built-in VIPRE Server Exclusions from Policy to Site scope [VS-6212]
Description: Update scope of VIPRE Server Exclusions from Policy - Site: "Error updating exclusion list.” is displayed
Workaround: If "VIPRE Server Exclusions” has to be applied at site level, edit policy association and select all policies.
Update devices modal lists all devices including devices that have the same or higher version [VC-5909]
Description: A potentially confusing listing issue; even if devices with higher versions are selected for upgrade, they'll ignore deferred work.
Workaround: Manually unselect devices that have the same or higher version
? wildcard not supported in Cloud exclusion (Filename, Folder, and Filepath) [VC-5892]
Description: Wildcard can only be added at the drive letter level from Cloud UI. It cannot be added at the folder or filename level.
Workaround: None
Site scope exclusion does not have Remove option [VC-5470]
Description: On the Edit Global Exclusions page that shows the list of policies/sites associated with the exclusion group, individual policies can be removed directly from this page using a delete (trash) button. This button does not show for the Sites list.
Workaround: Select "Edit Site Associations" and uncheck the sites that should not be associated with the exclusion group.
Issues from Previous Versions
Description |
Workaround |
Issue ID |
|---|---|---|
| VIPRE Update Proxy Installer displays "Installer corrupted: Invalid opcode" message | Click OK to dismiss the message and finish the installation. No further action is necessary. | VC-4671 |
| Policies previously showing in a report view still display with a blank name in some reports (Threat Detection, Threat Summary, and Scan reports) after being deleted | If you would like to avoid this issue, rather than deleting unused policies simply append obsolete to the name as a reminder to not use the policy. Once this issue is resolved in a future VIPRE Endpoint Cloud update, the obsolete policy can be deleted. | VC-4593 |
| UI does not allow some valid email addresses containing quotes | When entering email addresses, do not use double quotation marks. | VC-4856 |
| Device timeline report does not display if the report contains more than 4,000 results | There is no workaround for this. | VC-4758 |
| After a threat is removed, the Quarantine list does not refresh | When a user selects to Unquarantine or Delete an item, it becomes scheduled to be acted upon in the system. Since this action delay could take some time (depending on how busy the agents are, how many agents are being asked to act, etc.), it is recommended to manually refresh the display if you need to see an immediate update to the quarantined or deleted items. Additionally, you can navigate to the device details page and see if the deferred work has been picked up by the agent. | VC-3443 |
| When a device status changes on the Devices screen, the device list does not refresh | Refresh the page. The filter count updates when the page loads the status of device updates when the row is expanded/closed. | VC-3439 |
| The license expiration date on the Dashboard is one day before the actual expiration date. This occurs when the timezone has not been set for the site. | Set the timezone (System > Settings > Select a Timezone) | VC-1810 |
| Bar chart items on a report are not always selectable in Microsoft Edge | Select a filter or refresh the page. | VC-3137 |
| The switch for Anti-Phishing can be toggled on in a policy without Email Protection being enabled | There is no workaround for this as it is cosmetic only. The user is not actually enabling Anti-Phishing because Email Protection is not turned on. | VC-2786 |
| Cloud Installer is blocked when executed within macOS Catalina 10.15 | To install the agent package, locate the package, right-click and select Open. When the warning message is shown, click Open (not Cancel). The installation process will then proceed. | VC-5375 |
Bugs Fixed in this Release
- Error when creating a site with company name longer than 189 characters [VC-4795]
-
Quarantine actions on the Threat Name screen don't always match the selected date range [VC-3506]
- You will no longer need to toggle the date filter to determine if an unquarantine/delete action is acceptable for all the listed devices.
- Threat digest is listed as Threats Detected on Notification List [VC-5975]
- Outdated Agents filter is not showing agents in a Shutdown status [VC-5759]