Product release information for VIPRE Endpoint Server Agent 11.0.7632, released on September 18, 2019. This article contains information on what's new in this release. There are also special instructions for removing the workaround that may have been applied while waiting for this hotfix. Previously known issues are listed here along with suggestions on how to work-around the issue, if applicable.
What's New
The following bug has been resolved with this release.
- VPBAGENT-4608 - Outlook freezes opening some PDF attachments
Special Instructions
After installing this agent hot fix, review your policies to ensure the Active Protection - High Risk Extensions setting has the pdf extension selected. Some customers may have temporarily removed the PDF extension as a workaround to this issue.
Known Issues and Workarounds
This section lists issues that are known at the time of release. In some cases, these are bugs that we are working to resolve with a subsequent release. Other items may be due to causes outside of our control, such as bugs with other vendors' software. In all cases, we have tried to provide a workaround for you to consider, should you experience an issue.
If you have questions about a specific issue, please provide the issue ID (if applicable) when contacting our Technical Support team.
At this time, there are no new known issues with this release.
Previous known issues
Agent-created simple firewall port exceptions do not block as expected [VPBAGENT-4209]
When simple firewall port exceptions are created, VIPRE does not block as expected.
Workaround: Create an advanced firewall exception
Navigate to the Advanced Exceptions screen in the VIPRE Agent, then select Help for detailed instructions.
- Open the VIPRE Agent
- Navigate to the Advanced Exceptions screen:
- Click Firewall > View Settings
- Under the Firewall section, click Exceptions...
- Click the Ports tab > Add Advanced....
You can add Advanced Exceptions from this screen. For detailed steps on adding Advanced Exceptions, click the Help button on this screen.
Agents running Windows Server 2019 do not reboot when clicking "Reboot Now" on a VIPRE Reboot Required condition [VPBAGENT-3920]
This is a condition that occurs due to changes in Windows Server 2019 security settings.
Endpoint devices running Windows Server 2019 will not reboot when the "Reboot Now" button is selected unless the user account is added to a specific Windows Local Security Policy. The default "Administrators" group cannot restart the Agent using this method.
Workaround 1: Add the user to the "Shut down the system" policy
To add a user account to the "Shut down the system" policy
- On the Agent machine, open the Windows Local Security Policy
- Add the required user account to the "Local Policies" > "User Rights Assignment" > "Shut down the system" policy
- Sign Out and Sign In to the machine (or reboot) for the policy change to apply
The next time VIPRE requires a reboot, the modified user will be able to reboot the computer using the "Reboot Now" button.
Workaround 2: Restart the Agent manually
Instead of using the Reboot Now button, users can manually restart the Agent through the Windows Start menu.
Device Control lists some devices as having an incorrect or unknown device type [VPBAGENT-4004]
Although Windows Device Manager shows the correct device type, Device Control lists some devices as incorrect or unknown device types. Therefore, incorrect and unknown devices will not apply any Device Control access permissions as expected.
Workaround for Printers: Due to how Windows defines device classes when you restrict access to model IDs in the "USB Printers" category, Device Control also denies access to network printers. Using this method, you may add exclusions for specific network printers.
To exclude a network printer using the USB printer category
1. Navigate to Policy > Device Control tab
2. Locate the network printer that is showing as an "Unknown device"
3. Note the Model ID from the Model ID column
4. Add an exclusion for this Model ID under the USB Printers category
Firewall trusted zones defined with IPv6 address ranges do not work [VPBAGENT-3187]
The VIPRE Agent does not recognize IPv6 trusted zone ranges and treats any IPv6 traffic as non-trusted. Therefore, any firewall rules for non-trusted traffic will still apply.
There is no known workaround at this time.
Logging into a Citrix device with Active Protection enabled fails [VPBAGENT-275]
This is a known conflict between VIPRE Active Protection and Citrix User Profile Management (UPM). Attempting to login to a Citrix device with both services enabled causes the login to hang and eventually fail.
Workaround: Temporarily disable Active Protection for Agents that need to access Citrix devices.
Outdated Citrix drivers may cause BSOD on Windows 7 agents
Updating a Windows 7 agent to VIPRE Endpoint Security 9.6 or earlier can cause a blue screen state on systems with older versions of Citrix drivers on them.
Workaround: Updating the Citrix driver should resolve the issue.
Microsoft Windows Defender continues to run even if the policy has Disable selected
For policies applying to machines running Windows Server 2016 or higher, selecting "Disable Windows Defender" does not actually disable Windows Defender.
Workaround: You may manually disable Windows Defender on these machines. Refer to these articles for more information:
- Disabling Windows Defender Antivirus on Windows Server 2016
- Microsoft TechNet article: Windows Defender Overview for Windows Server
VIPRE Business or VIPRE Business Premium agents on version 9.3 or earlier that are scheduled to upgrade to VIPRE Endpoint Security will not fully upgrade on the initial install
VIPRE has added multiple driver updates that are included with this release. Depending on the version of the drivers on your system and which features are enabled in your policies (e.g., Device Control), installation may require two or more reboots to complete the agent upgrade.
Workaround: Make sure any required reboots are completed. For the corresponding agent, check the Console > Agent Details > Agent Environment tab and verify the "Needs Reboot" column is not marked with an "X".
When changing Active Protection settings within a VM environment, the changes take up to 15 minutes to apply
This is normal, as communication between the Console > VM takes some time to propagate.
When VIPRE scans an email archive, files are not quarantined properly
Workaround: Through your email client, perform a manual cleanup of the email archive containing the infected email. Once the infected email has been removed, re-scan the endpoint to confirm the removal.
When managing over 500 agents, a full SQL database should be implemented [Best Practice]
It is recommended that when managing over 500 agents, a full SQL database (versus SQLite) will provide the best performance.
See the following support article: Recommended SQL Server settings for a VIPRE Business Database
VIPRE Endpoint Security agents cannot run on Windows XP or Windows Server 2003
The software limitations of these older platforms do not provide the resources necessary for some more robust agent features. VIPRE Endpoint Security requires a minimum OS version of Windows Vista or Windows Server 2008.
Attempting to launch more than one instance of the administration Console (via terminal services) causes agent > Console communication to fail
This is a product design safeguard that prevents one administrator from overwriting a different administrator's settings without notification. Only one instance of the admin Console should be running at a time.
Push agent installations do not work if Simple File Sharing is enabled
Simple File Sharing prevents installation through the push option. You must manually create the MSI installer package and deploy the installer to the workstation.
See the following support article: Minimum Requirements for Agent Push Deployment
Without proper firewall configuration, agents are unable to contact the Console
An incorrectly configured firewall can prevent communication between the agent and the Console.
See the following support article: Minimum Requirements for Agent Push Deployment
Device Control policy changes may require an agent restart before they take effect
On Consoles upgraded to 9.6 or earlier, policy changes will not be applied until the agent is restarted.
Workaround: Manually restart the agent to apply policy changes.
To manually restart an agent
- Right-click on the agent in the grid
- Select Issue Remote Restart Command
Anti-Phishing does not work if Outlook is open during the agent install.
If Outlook is running when enabling Anti-Phishing in the VIPRE Console before pushing an agent installation, it will not function properly until Outlook is restarted.
Workaround 1: Shut down Outlook during agent installation when enabling Anti-Phishing
Workaround 2: Restart Outlook after agent install when enabling Anti-Phishing