Release Notes for Server Console - April 2, 2019

Written By Cindy Johnson (Super Administrator)

Updated at May 31st, 2020

Product release information for VIPRE Endpoint Security - Server Edition, version 11.0.2 - released on April 2, 2019.

This release combines VIPRE Endpoint Security - Server Edition Console and Agent.

Server Console version 11.0.2.24
Server Agent version 11.0.7624
Cloud Agent version 11.0.7627

What's New in This Release

VIPRE Server Agent

Advanced Active Protection: A completely new Advanced Active Protection engine is included, improving VIPRE’s ability to catch advanced zero-day threats based on malicious process behavior
Device Control: Updated and improved Device Control engine, including broader device support
Secure Service: The VIPRE service now loads as part of the Secure Boot process under Windows 10 (as a Windows ELAM and AM-PPL driver), ensuring that VIPRE itself cannot be corrupted or compromised
Native HTTPS support for Agent updates: Agents now automatically communicate over TLSv1.2 connections to VIPRE Site Service without any additional setup required
Case-sensitive Filesystem Support: VIPRE now supports case-sensitive Windows file systems
Windows 10, version 1809 compatibility: Fully tested and certified with the latest Windows 10 October 2018 Update

VIPRE Server Console

Proxy cache: Improved and updated the proxy cache to host definitions and other regular content updates, this new version now supports TLS 1.2

Update and Upgrade

Note: For the context of this article, the following terms apply

An UPDATE refers to moving from an older software version to a newer software version. For example, an update from VIPRE 7.5 -> VIPRE 11.0
An UPGRADE refers to moving from one edition of VIPRE to a more enhanced edition. For example, an upgrade from VIPRE Antivirus Business -> VIPRE Endpoint Security

System Requirements

Management Console (VSS)	OPERATING SYSTEMS Windows Server 2019 (excluding Server Core) Windows Server 2016 (excluding Server Core) Windows Server 2012 (excluding Server Core) Windows Server 2008 SP2 or R2 (excluding Server Core) Windows Small Business Server 2008 Windows 10 (32- & 64-bit, all versions) Windows 8.1 (32- & 64-bit) Notes: Embedded operating systems are not supported HARDWARE Dual core processor or higher 1 GB free disk space(up to 20 GB could be required for Endpoint Security versions for caching of patches) 2 GB RAM 1024 x 768 monitor resolution MISCELLANEOUS MDAC 2.6 SP2 or later Internet Explorer 8 or later Microsoft .NET Framework 4.6 (if not already installed, .NET will automatically install during installation)
VIPRE Agent for Windows	OPERATING SYSTEMS Windows Server 2019 (64-bit, excluding Server Core) †† Windows Server 2016 (excluding Server Core) †† Windows Server 2012 R2 (excluding Server Core) †† Windows Server 2008 R2 SP1 (excluding Server Core) †† Windows Small Business Server 2011 †† Windows Small Business Server 2008 † Windows 10 (32- & 64-bit, all versions) Windows 8.1 (64-bit) Windows 7 SP1 (32- & 64-bit) Windows Vista SP2 (32 & 64-bit) † Windows XP (32-bit) † † Supported for legacy agent only, not available for Cloud †† VIPRE Advanced Active Protection is not supported on these Operating Systems HARDWARE Dual core processor recommended 1 GB free disk space 2 GB RAM or better recommended MISCELLANEOUS Internet Explorer 8 or later SUPPORTED EMAIL APPLICATIONS Microsoft Outlook 2003+ SMTP/POP3 (Thunderbird, IncrediMail, Eudora, etc.) SSL supported in Outlook only
VIPRE Agent for Mac	OPERATING SYSTEMS macOS Sierra (10.12) OS X El Capitan (10.11) OS X Yosemite (10.10) OS X Mavericks (10.9) OS X Mountain Lion (10.8)
VIPRE Business Mobile Security (Agent)	OPERATING SYSTEMS Android 2.2 (Froyo) or later iOS 5.1.1 or later

Update Notes

IMPORTANT: Change to VIPRE Updates settings

This release of VIPRE may require you to review your current Updates settings (Site Properties > Updates).

Agent port changes:
- Version 11 Agent now uses HTTPS port 8125
- Previous Agent versions will continue using HTTP port 8123. Reference the table below for details
The ports used are configurable within Site Properties
Going forward, HTTPS-based definition updates will be the preferred default method and where possible HTTP updates should be disabled.
- On clean/fresh console installs - Only HTTPS updates will be enabled and new deployed agents will use this mechanism. If you are adding older agents to the environment, or if you have to deploy older agents to support legacy platforms, you may need to enable HTTP updates to support those older agents/platforms
- When updating to a newer version - HTTP updates are left enabled by default. Once you have updated all the agents within your environment to version 11 at a minimum, we recommend you disable HTTP updates for enhanced security.

To disable updates over HTTP:

1. Navigate to Site settings > Updates
2. Under Update server, disable HTTP
3. Click OK or Apply

Port Settings for Agent Updates

Agent Version	Product Tier	Agent OS	Protocol	Port
9.6	VIPRE Antivirus Business VIPRE Business Premium	Windows XP (32- & 64-bit) Windows Server 2003 (32- & 64-bit)	HTTP	8123
10.1	VIPRE Antivirus Business VIPRE Business Premium	Windows 10 (32- & 64-bit) Windows 8 (32- & 64-bit) Windows 7 (32- & 64-bit) Windows Vista (32- & 64-bit) Windows Server 2016 (Excluding Core) Windows Server 2012 (Excluding Core) Windows Server 2008 (Excluding Core) Windows Small Business Server 2008	HTTP	8123
10.1	VIPRE Endpoint Security	Windows 7 (32- & 64-bit) Windows Vista (32- & 64-bit) Windows Server 2008 R2 (Excluding Core) Windows Server 2008 (Excluding Core) Windows Small Business Server 2008	HTTP	8123
11.0	VIPRE Endpoint Security	Windows 10 (32- & 64-bit) Windows 8 (32- & 64-bit) Windows 7 SP1 (32- & 64-bit) * Windows Server 2019 (Excluding Core) Windows Server 2016 (Excluding Core) Windows Server 2012 R2 (Excluding Core) Windows Server 2008 R2 SP1 (Excluding Core) * Windows Small Business Server 2011 Windows Small Business Server 2008 — * These platforms require Windows Hotfix KB3033929. See this Microsoft article for more information.	HTTPS	8125

Proxy Cache Change

The improved proxy cache now hosts definitions and other regular content updates with HTTPS. You can now specify the port and interface.

If you set up a custom proxy at the agent policy level, it now applies to Patch Management as well as Definitions.

Known Issues and Workarounds

This section lists issues that are known at the time of release. In some cases, these are bugs in which we are working to resolve with a subsequent release. Other items may be due to causes outside of our control, such as bugs with other vendors' software. In all cases, we have tried to provide a workaround for you to consider, in case you should experience the issue.

Agent-created simple firewall port exceptions do not block as expected [VPBAGENT-4209]

When simple firewall port exceptions are created, VIPRE does not block as expected.

Workaround: Create an advanced firewall exception

Navigate to the Advanced Exceptions screen in the VIPRE Agent, then select Help for detailed instructions.

Open the VIPRE Agent
Navigate to the Advanced Exceptions screen:

Click Firewall > View Settings
Under the Firewall section, click Exceptions...
Click the Ports tab > Add Advanced....

You can add Advanced Exceptions from this screen. For detailed steps on adding Advanced Exceptions, click the Help button on this screen.

Agents running Windows Server 2019 do not reboot when clicking "Reboot Now" on a VIPRE Reboot Required condition [VPBAGENT-3920]

This is a condition that occurs due to changes in Windows Server 2019 security settings.

Endpoint devices running Windows Server 2019 will not reboot when the "Reboot Now" button is selected unless the user account is added to a specific Windows Local Security Policy. The default "Administrators" group cannot restart the Agent using this method.

Workaround 1: Add the user to the "Shut down the system" policy

To add a user account to the "Shut down the system" policy

On the Agent machine, open the Windows Local Security Policy
Add the required user account to the "Local Policies" > "User Rights Assignment" > "Shut down the system" policy
Sign Out and Sign In to the machine (or reboot) for the policy change to apply

The next time VIPRE requires a reboot, the modified user will be able to reboot the machine using the "Reboot Now" button.

Workaround 2: Restart the Agent manually

Instead of using the Reboot Now button, users can manually restart the Agent through the Windows Start menu.

Device Control lists some devices as having an incorrect or unknown device type [VPBAGENT-4004]

Although Windows Device Manager shows the correct device type, Device Control lists some devices as incorrect or unknown device types. Therefore, incorrect and unknown devices will not apply any Device Control access permissions as expected.

Workaround for Printers: Due to how Windows defines device classes, when you restrict access to model IDs in the "USB Printers" category, Device Control also denies access to network printers. Using this method, you may add exclusions for specific network printers.

To exclude a network printer using the USB printer category

1. Navigate to Policy > Device Control tab
2. Locate the network printer that is showing as an "Unknown device"
3. Note the Model ID from Model ID column
4. Add an exclusion for this Model ID under the USB Printers category

Firewall trusted zones defined with IPv6 address ranges do not work [VPBAGENT-3187]

The VIPRE Agent does not recognize IPv6 trusted zone ranges, and treats any IPv6 traffic as non-trusted. Therefore, any firewall rules for non-trusted traffic will still apply.

There is no known workaround at this time.

Logging into a Citrix device with Active Protection enabled fails [VPBAGENT-275]

This is a known conflict between VIPRE Active Protection and Citrix User Profile Management (UPM). Attempting to login to a Citrix device with both services enabled causes the login to hang and eventually fail.

Workaround: Temporarily disable Active Protection for Agents that need to access Citrix devices.

Previous Known Issues

Microsoft Windows Defender continues to run even if policy specifies Disable

For policies applying to machines running Windows Server 2016 or higher, selecting "Disable Windows Defender" does not actually disable Windows Defender.

Workaround: You may manually disable Windows Defender on these machines. Refer to these articles for more information:

Disabling Windows Defender Antivirus on Windows Server 2016
Microsoft TechNet article: Windows Defender Overview for Windows Server

VIPRE Business or VIPRE Business Premium agents on version 9.3 or earlier that are scheduled to upgrade to VIPRE Endpoint Security will not fully upgrade on the initial install

VIPRE has added multiple driver updates that are included with this release. Depending on the version of the drivers on your system and which features are enabled in your policies (e.g. Device Control), installation may require two or more reboots to complete the agent upgrade.

Workaround: Make sure any required reboots are completed. For the corresponding agent, check the Console > Agent Details > Agent Environment tab and verify the "Needs Reboot" column is not marked with an "X".

Color coding of agent version in console does not appear to be consistent for all out of date agents.

In the Protected Computers tab of the console, the agent version field is shaded orange for those agents that need to be updated to the latest agent software version. However, some agents that appear to be out-of-date are not shaded. Those agents include VIPRE Business or VIPRE Business Premium agents that do not have the highest build available. Agents that are not actively communicating are also not shaded but may be out of date.

Workaround: The agents will update with the correct status upon the next communication.

You may note VIPRE Business or VIPRE Business Premium agents reporting incorrectly. We recommend these agents be upgraded to VIPRE Endpoint Security to match your VIPRE Endpoint Security 11 console. This will give you our best protection for these devices and correct the reporting issue.

If you are not currently licensed for VIPRE Endpoint Security, please contact your sales representative (+1 855-885-5566 or Contact Sales) for more information on how you can upgrade.

When changing Active Protection settings within a VM environment, the changes take up to 15 minutes to apply

This is normal, as communication between the Console > VM takes some time to propagate.

When VIPRE scans an email archive, files are not quarantined properly

Workaround: Through your email client, perform a manual cleanup of the email archive containing the infected email. Once the infected email has been removed, re-scan the endpoint to confirm removal.

When managing over 500 agents, a full SQL database should be implemented

It is recommended that when managing over 500 agents, a full SQL database (versus SQLite) will provide the best performance.

See the following support article: Recommended SQL Server settings for a VIPRE Business Database

VIPRE Endpoint Security agents cannot run on Windows XP or Windows Server 2003

The software limitations of these older platforms do not provide the resources necessary for some more robust agent features. VIPRE Endpoint Security requires a minimum OS version of Windows Vista or Windows Server 2008.

Attempting to launch more than one instance of the administration Console (via terminal services) causes agent > Console communication to fail

This is a product design safeguard that prevents one administrator from overwriting a different administrator's settings without notification. Only one instance of the admin Console should be running at a time.

Push agent installations do not work if Simple File Sharing is enabled

Simple File Sharing prevents installation through the push option. You must manually create the MSI installer package and deploy the installer to the workstation.

See the following support article: Minimum Requirements for Agent Push Deployment

Without proper firewall configuration, agents are unable to contact the Console

An incorrectly configured firewall can prevent communication between the agent and the Console.

Device Control policy changes may require an agent restart before they take effect

On Consoles upgraded to 9.6 or earlier, policy changes will not be applied until the agent is restarted.

Workaround: Manually restart the agent to apply policy changes.

To manually restart an agent

Right-click on the agent in the grid
Select Issue Remote Restart Command

The Database Migration Utility may crash if the SQL Database has any spaces in the database name.

The Database Migration Utility for VIPRE 9.6 or earlier may crash during the migration process if your SQL Database has spaces in the name of the database.

Workaround: Resolution is under development. When created, database names should contain no spaces, no symbols, and no carriage returns.

Anti-Phishing does not work if Outlook is open during agent install.

If Outlook is running when enabling Anti-Phishing in the VIPRE Console before pushing an agent installation, it will not function properly until Outlook is restarted.

Workaround 1: Shut down Outlook during agent installation when enabling Anti-Phishing

Workaround 2: Restart Outlook after agent install when enabling Anti-Phishing

Outdated Citrix drivers may cause BSOD on Windows 7 agents

Updating a Windows 7 agent to VIPRE Endpoint Security 9.6 or earlier can cause a blue screen state on systems with older versions of Citrix drivers on them.

Workaround: Updating the Citrix driver should resolve the issue.

Bug Fixes

The following bugs have been resolved with this release.

VIPREBIS-6686 - Console timestamps for Android Scan Report do not match actual threat detection time
VIPREBIS-6662 - Legacy agents can no longer update after updating the VIPRE Console from version 7.5 to 11.0
VIPREBIS-6654 - Polipo cache users may encounter agents that do not properly update patches
VIPREBIS-6354 - VSS Polipo default configuration needs to be more secure
VIPREBIS-5680 - Password recovery does not generate a valid password
VPBAGENT-4146 - Uninstalling the 11.0 beta agent does not remove all files
VPBAGENT-3981 - 16-bit commands issued on the command prompt cause a Virtual Device Driver error
VPBAGENT-3777 - Outlook "flickers" several times when sending emails
VPBAGENT-3657 - Windows Defender Security Center reports "your device may be vulnerable" if the VIPRE Firewall is disabled
VPBAGENT-3656 - Outlook 2016 users with VIPRE Email Protection enabled may experience email messages with a blank email body
VPBAGENT-3652 - Microsoft OneDrive users could encounter a VIPRE service crash when attempting to access OneDrive documents
VPBAGENT-3646 - VIPRE definitions do not fully update after a few days
VPBAGENT-3612 - Accessing Windows VirtualDisk Service is slow when Device Control is enabled
VPBAGENT-2894 - When VIPRE scans for available software patches, it can cause the avcproxy service to crash
VPBAGENT-2767 - Incompatibility issues with TPM Bitlocker encryption chip causes VIPRE to crash
VPBAGENT-2609 - Advanced Active Protection shows excessive traffic
VPBAGENT-2469 - AVCProxy service causes agent to take longer than expected to start
VPBAGENT-1978 - Agent reports incorrect IP address of a virtual NIC to VSS
VPBAGENT-1097 - Some laptop devices are incorrectly reported to VSS as workstations
VPBAGENT-113 - If users mark a network as untrusted in the firewall, they are unable to change it back to trusted, or remove it
Windows 10 agents may BSOD after updating to agent version 6032
Using a Remote Admin Console running VIPRE Business 9.3 in conjunction with a VIPRE Business 9.6 Console can overwrite the VIPRE Business 9.6 Console settings
Advanced Active Protection cannot operate on machines with Device Guard enabled
.NET error when version 10 console connects to VSS version 9.6 (or prior) and accessing Site or Policy properties
Outlook 2016 may display forwarded or replied-to emails with image attachments as blank

VIPRE Security Knowledge