Product release information for Endpoint Server v12.2 June 15, 2021. Content updated on September 27, 2021.
Update
09/27/2021: This week we are releasing an updated version of our Web Exploit browser extensions for Google Chrome, Microsoft Edge, and Mozilla Firefox. The updated extensions address bugs VPBAGENT-7803 and VPBAGENT-8001 - Web Exploit detection is interfering with some websites.
Each extension has been submitted to Google, Microsoft, and Mozilla. Once each manufacturer has completed their review process and the extensions are published, we will update this article to confirm their availability. If you have any questions, please contact us.
What's New
Following on the heels of our last major agent update, which brought the advanced network protection engine and new browser plugins, we are now releasing v12.2. This new version significantly expands and improves existing functionality, including:
- Added browser support for Microsoft Edge based on Chromium (v79 and higher)
- Post-scan options including, but not limited to, the ability to shut down the computer once scanning has completed
- For full details on how to use this feature, refer to Related Articles
- Ability to independently enable/disable VIPRE firewall and the VIPRE intrusion detection system (IDS)
- New version of Advanced Active Protection (AAP) that supports Windows Server
- For full details on how to enable this, refer to Related Articles
- Modified Custom Scan Options dialog showing more detail
- Enhanced security to reduce potential attack entry points
- Overall improvement of system responsiveness by on-demand scans no longer affecting the Windows File Cache; this will also allow scans to complete faster
- HTTPS Payload Scanning allowing VIPRE to scan for malicious browser content in addition to URLs over HTTPS
- Refer to Related Articles for more details on Advanced Active Protection
- Agent user-interface improvements including improved status reports and Web Exploit Detection history
- Secure method for adding exclusions by adding via path exclusions rather than allowing threats
- Threat definition sizes reduced as the result of removing legacy components that are no longer used
- Important malicious process protection updates allowing for compatibility with Windows 10 21H2
Most importantly though, we fixed a security weakness relating to the Authenticate with unprotected computers using saved credentials option that could potentially allow an attacker, internal to your network, to leverage the auto-install service within these products to access other sensitive systems and data in your environment. As a result, to prevent a potential attack, Agent Installation and Agent Inquiry now have only manual options for Unprotected Computer Discovery and Installation.
Special Instructions
Update Endpoint Server Console & Agents
There are some things to keep in mind when updating the Endpoint Server Console a...
There are some things to keep in mind when updating the Endpoint Server Console and Agents.
Important
- It is recommended to create a backup of the VIPRE database prior to updating. Refer to Related Articles for details on how to accomplish this.
- Database migration can take some time depending on the size of the DB. Canceling the wizard can result in data loss.
- If updating the Endpoint Server console from any version lower than v10.0, you will need to plan for a possible reboot. Updating the VIPRE Endpoint Security console to the newest version will require Microsoft .NET Framework 4.6 to be installed. If .NET Framework 4.6 is not already on your system, the installer may reboot the server to finalize the installation.
Step 1: Update VIPRE Console
Ensure the VIPRE Console is closed prior to updating.
- Download and run VIPRE Endpoint Security (Key starts with 443)
- Proceed with the installation prompts to complete the update
- If necessary, read up on what is required to update and how to troubleshoot
- Proceed to Step 2: Update the VIPRE Agents
Step 2: Update VIPRE Agents
There are three ways to update agents:
Automatic agent updates
- Open the policy properties
- Navigate to Updates > Software Updates
- Check the box and set the time to how often VIPRE should check for updates
Manual agent updates
- Open the VIPRE Business console and select Windows Policies
- Click on the Protected Computers tab
- Right-click the Agent(s) and select Agent Updates > Check for Agent Software Updates
Scheduled agent updates
- Open the VIPRE Business console and select Windows Policies
- Click on the Protected Computers tab
- Right-click the agent(s) and select Agent Updates > Schedule Agent Upgrade
- Select the time and date you wish to schedule updates for and click OK
System Requirements
| Product or Component | Minimum Requirement |
|---|---|
| Management Console (VSS) |
OPERATING SYSTEMS
NOTE: Embedded operating systems are not supported HARDWARE
MISCELLANEOUS
|
| VIPRE Agent for Windows |
OPERATING SYSTEMS
† Supported for legacy agent only, not available for Cloud
HARDWARE
SUPPORTED WEB BROWSERS FOR HTTPS URL PROTECTION
SUPPORTED EMAIL APPLICATIONS
|
| VIPRE Agent for Mac |
OPERATING SYSTEMS
|
| VIPRE Business Mobile Security Agent |
OPERATING SYSTEMS
|
Fixed in this Release
- [VIPREBIS-6878] - User administration is not working
- [VIPREBIS-7464] - Invalid entries are saved when adding Allowed Websites
- [VIPREBIS-6245] - SQL database access account is being used to write log files
- [VIPREBIS-6421] - VIPRE Console can't currently support VDI virtual desktop environments
- [VIPREBIS-6484] - VDI virtual desktop gets assigned to the default policy
- [VIPREBIS-7238] - Health Summary Report: Severity of Threats Found reporting all agents regardless of filter
- [VIPREBIS-7457] - Device Control blocks access to secondary SSD HDD Crucial
- [VIPREBIS-7562] - Date Range Selector isn't displaying threats detected on the last date of the chosen range
- [VIPREBIS-7518] - ViprePPLSvc and VipreAAPSvc was not added to Firewall Exceptions in VSS after upgrading to Console version 12.2.0.79
- [VIPREBIS-7663] - Out of date production version
- [VIPREBIS-7563] - Enabling VIPRE Chrome extension removes extensions/applications managed by Google Workspace
- [VIPREBIS-7648] - Copyright information within VSS file binaries are outdated
- [VIPREBIS-7646] - Copyright date updated to the current date/year
- [VPBAGENT-6862] - Unable to generate a passphrase
- [VPBAGENT-6727] - Web exploit detection interfering with Avigilon Control Center v7.4.2.2 Build 105793
- [VPBAGENT-6361] - BSOD due to dnelwf64.sys
- [VPBAGENT-5596] - Agents stop downloading definitions after a period of time
- [VPBAGENT-4644] - Machines not booting after installation of VIPRE
- [VPBAGENT-4419] - Agents failing to upgrade - Error 1603
- [VPBAGENT-3710] - Wildcards are not accepting when creating advanced firewall rules
- [VPBAGENT-3654] - System variables do not work when creating application exceptions in Firewall protection
- [VPBAGENT-6976] - BSOD UNEXPECTED_KERNEL_MODE_TRAP(7f)
- [VPBAGENT-7215] - Web Exploit Detection slowing down backups
- [VPBAGENT-7348] - Web Exploit Detection interfering with Sierra Desktop App using java v1.8.0_45
- [VPBAGENT-7123] - IDS Settings box displayed in Agent when Firewall is not user-managed
- [VPBAGENT-7126] - Missing engine version when using CSE50
- [VPBAGENT-7441] - VIPRENIS causing high CPU usage
- [VPBAGENT-7565] - Web Exploit Detection interfering with SpectrumVoip
- [VPBAGENT-7463] - Copyrights not updated to the current year
- [VPBAGENT-6987] - VIPRE Removal Tool doesn't uninstall completely when Agent was deployed via GPO with per-user distribution
- [VIPREBIS-7629] - Error when attempting to copy Agent Installation Management Configuration policy page to another policy
- [VPBAGENT-7151] - When Agent is installed via GPO, Agent Upgrader doesn't uninstall completely
- [VIPREBIS-7645] - Threat name contains broken link
-
[VPBAGENT-7803, 8001] - Some websites may be inaccessible while using the browser extension with Web Exploit Detection enabled 8001 800
Known Issues and Workarounds
This section lists issues that are known at the time of release. In some cases, these are bugs that we are working to resolve with a subsequent release. Other items may be due to causes outside of our control, such as bugs with other vendors' software. In all cases, we have tried to provide a workaround for you to consider, should you experience an issue.
If you have questions about a specific issue, please provide the issue ID (if applicable) when contacting our Technical Support team.
| VPBAGENT-7351 | VIPRE's network inspection service (VIPRENIS) may become stuck in a STOP_PENDING state when network protections are disabled | Stop the VIPRE agent then restart it |
| VPBAGENT-7404 | VIPRE Outlook add-in crashing when attempting to print an email from within Outlook | There is no workaround at this time |
| VIPREBIS-7662 | New installs of VIPRE Business Mobile Android via Google Play are blocked | There is no workaround at this time |
| VIPREBIS-7649 | Research Center link directs to an out-of-date product version |
There is no workaround at this time |
| VIPRMDMIOS-16 | Missing and incorrect agent information in iOS | There is no workaround at this time |
Known Issues from Previous Versions
Agents running Windows Server 2019 do not reboot when clicking "Reboot Now" on a VIPRE Reboot Required condition [VPBAGENT-3920]
This is a condition that occurs due to changes in Windows Server 2019 security settings.
Endpoint devices running Windows Server 2019 will not reboot when the "Reboot Now" button is selected unless the user account is added to a specific Windows Local Security Policy. The default "Administrators" group cannot restart the Agent using this method.
Workaround 1: Add the user to the "Shut down the system" policy
To add a user account to the "Shut down the system" policy
- On the Agent machine, open the Windows Local Security Policy
- Add the required user account to the "Local Policies" > "User Rights Assignment" > "Shut down the system" policy
- Sign Out and Sign In to the machine (or reboot) for the policy change to apply
The next time VIPRE requires a reboot, the modified user will be able to reboot the machine using the "Reboot Now" button.
Workaround 2: Restart the Agent manually
Instead of using the Reboot Now button, users can manually restart the Agent through the Windows Start menu.
Firewall trusted zones defined with IPv6 address ranges do not work [VBAGENT-3187]
The VIPRE Agent does not recognize IPv6 trusted zone ranges and treats any IPv6 traffic as non-trusted. Therefore, any firewall rules for non-trusted traffic will still apply.
There is no known workaround at this time.
Logging into a Citrix device with Active Protection enabled fails [VBAGENT-275]
This is a known conflict between VIPRE Active Protection and Citrix User Profile Management (UPM). Attempting to login to a Citrix device with both services enabled causes the login to hang and eventually fail.
Workaround: Temporarily disable Active Protection for Agents that need to access Citrix devices.
Microsoft Windows Defender continues to run even if policy has Disable selected
For policies applying to machines running Windows Server 2016 or higher, selecting "Disable Windows Defender" does not actually disable Windows Defender.
Workaround: You may manually disable Windows Defender on these machines. Refer to these articles for more information:
- Disabling Windows Defender Antivirus on Windows Server 2016
- Microsoft TechNet article: Windows Defender Overview for Windows Server
VIPRE Business or VIPRE Business Premium agents on version 9.3 or earlier that are scheduled to Upgrade to VIPRE Endpoint Security will not fully Upgrade on the initial install
VIPRE has added multiple driver updates that are included with this release. Depending on the version of the drivers on your system and which features are enabled in your policies (e.g. Device Control), installation may require two or more reboots to complete the agent Upgrade.
Workaround: Make sure any required reboots are completed. For the corresponding agent, check the Console > Agent Details > Agent Environment tab and verify the "Needs Reboot" column is not marked with an "X".
Color coding of agent version in console does not appear to be consistent for all out of date agents.
In the Protected Computers tab of the console, the agent version field is shaded orange for those agents that need to be updated to the latest agent software version. However, some agents that appear to be out-of-date are not shaded. Those agents include VIPRE Business or VIPRE Business Premium agents that do not have the highest build available. Agents that are not actively communicating are also not shaded but may be out of date.
Workaround: The agents will Update with the correct status upon the next communication.
You may note VIPRE Business or VIPRE Business Premium agents reporting incorrectly. We recommend these agents be upgraded to VIPRE Endpoint Security to match your VIPRE Endpoint Security 11 console. This will give you our best protection for these devices and correct the reporting issue.
If you are not currently licensed for VIPRE Endpoint Security, please contact your sales representative (+1 855-885-5566 or Contact Sales) for more information on how you can Upgrade.
When changing Active Protection settings within a VM environment, the changes take up to 15 minutes to apply
This is normal, as communication between the Console > VM takes some time to propagate.
When VIPRE scans an email archive, files are not quarantined properly
Workaround: Through your email client, perform a manual cleanup of the email archive containing the infected email. Once the infected email has been removed, re-scan the endpoint to confirm removal.
When managing over 500 agents, a full SQL database should be implemented
It is recommended that when managing over 500 agents, a full SQL database (versus SQLite) will provide the best performance.
See the following support article: Recommended SQL Server settings for a VIPRE Business Database
VIPRE Endpoint Security agents cannot run on Windows XP or Windows Server 2003
The software limitations of these older platforms do not provide the resources necessary for some more robust agent features. VIPRE Endpoint Security requires a minimum OS version of Windows Vista or Windows Server 2008.
Attempting to launch more than one instance of the administration Console (via terminal services) causes agent > Console communication to fail
This is a product design safeguard that prevents one administrator from overwriting a different administrator's settings without notification. Only one instance of the admin Console should be running at a time.
Push agent installations do not work if Simple File Sharing is enabled
Simple File Sharing prevents installation through the push option. You must manually create the MSI installer package and deploy the installer to the workstation.
See the following support article: Minimum Requirements for Agent Push Deployment
Without proper firewall configuration, agents are unable to contact the Console
An incorrectly configured firewall can prevent communication between the agent and the Console.
See the following support article: Minimum Requirements for Agent Push Deployment
Device Control policy changes may require an agent restart before they take effect
On Consoles upgraded to 9.6 or earlier, policy changes will not be applied until the agent is restarted.
Workaround: Manually restart the agent to apply policy changes.
To manually restart an agent
- Right-click on the agent in the grid
- Select Issue Remote Restart Command
The Database Migration Utility may crash if the SQL Database has any spaces in the database name
The Database Migration Utility for VIPRE 9.6 or earlier may crash during the migration process if your SQL Database has spaces in the name of the database.
Workaround: Resolution is under development. When created, database names should contain no spaces, no symbols, and no carriage returns.
Anti-Phishing does not work if Outlook is open during agent install
If Outlook is running when enabling Anti-Phishing in the VIPRE Console before pushing an agent installation, it will not function properly until Outlook is restarted.
Workaround 1: Shut down Outlook during agent installation when enabling Anti-Phishing
Workaround 2: Restart Outlook after agent install when enabling Anti-Phishing
Outdated Citrix drivers may cause BSOD on Windows 7 agents
Updating a Windows 7 agent to VIPRE Endpoint Security 9.6 or earlier can cause a blue screen state on systems with older versions of Citrix drivers on them.
Workaround: Updating the Citrix driver should resolve the issue.
On some systems, Windows Defender's Smart Screen blocks the agent installer
Select More Info from the Windows Defender popup and then select Run Anyway.