what ports need to be open for vipre agent updates server 2012 r2

This release is for the following components of VIPRE Endpoint Security Server released on July 14, 2020:

Direction Console (VSS) version 12.0.2.one
Server Agent version 12.0.7873

Update to this version of VIPRE Endpoint Server

There are some things to continue in mind when updating the Endpoint Server Console and Agents.

Of import

- It is recommended to create a fill-in of the VIPRE database prior to updating. Refer to Related Articles for details on how to accomplish this.

- Database migration tin take some time depending on the size of the DB. Canceling the wizard can result in data loss.

- If updating the Endpoint Server console from any version lower than v10.0 , yous will need to program for a possible reboot. Updating the VIPRE Endpoint Security console to the newest version will require Microsoft .NET Framework 4.6 to be installed. If .NET Framework 4.6 is not already on your system, the installer may reboot the server to finalize the installation.

Footstep 1: Update VIPRE Console

Ensure the VIPRE Console is airtight prior to updating.

Download and run VIPRE Endpoint Security (Central starts with 443)
Proceed with the installation prompts to consummate the update
Proceed to Step 2: Update the VIPRE Agents

Step 2: Update VIPRE Agents

There are three ways to update agents:

Automated agent updates

Open the policy properties
Navigate to Updates > Software Updates
Check the box and prepare the time to how oftentimes VIPRE should bank check for updates

Manual amanuensis updates

Open the VIPRE Business panel and select Windows Policies
Click on the Protected Computers tab
Right-click the Amanuensis(s) and select Agent Updates > Check for Amanuensis Software Updates

Scheduled agent updates

Open the VIPRE Business console and select Windows Policies
Click on the Protected Computers tab
Correct-click the agent(s) and select Agent Updates > Schedule Agent Upgrade
Select the time and date you wish to schedule updates for and click OK

What'south New

Over the by few years, we've made many meaning improvements to our core file- and process-based detection engines in the Windows amanuensis to the point where nosotros are at present consistently scoring exceptionally well in independent antivirus (AV) testing (see AV-Comparatives, AV-Exam, Virus Bulletin).

The one major subsystem that hasn't gotten equally much attention is the network protection stack—firewall, intrusion detection systems (IDS), and web protection—which provides essential security against network-based attacks. The components built into VIPRE Endpoint Security Server v11 practise provide reliable protection only are hard to maintain, difficult to extend, and have a few gaps, peculiarly in monitoring encrypted communications.

This has all changed with VIPRE Endpoint Security Server v12, in which nosotros're introducing a major Update to the network protection stack.

DNS Protection

The most exciting new feature we've added is our brand-new DNS Protection. Built right into the VIPRE amanuensis, this new feature helps prevent your users from always visiting a known malicious website. This new layer of protection is something many of our customers take historically purchased from third-party DNS providers or as a separate product or addition, but which we are now including as part of our base offering. Any time your users try to expect up an internet domain name, VIPRE will perform a comprehensive series of checks leveraging our threat intelligence cloud service to ensure that that remote host is not a known malicious domain. If information technology is at all suspicious, nosotros'll immediately redirect the user to a block page and tell them that there's an event: the user's browser will never have a chance to download any content from a potentially malicious webpage.

Firewall Improvements

The firewall is now faster and more efficient, providing a solid foundation for the other components. The firewall is designed to protect typical endpoints out of the box with just a few clicks to enable blocking but is easily configurable to allow special services if needed in your environment.

Upgraded IDS

An entirely new Intrusion Detection System (IDS) now provides vastly expanded signature-based detection of common network attacks plus increased performance. Now hosting over 8000 (over 15 times more than v11!) individual detection rules, we've greatly expanded our ability to guard against the latest threats.

IDS Automated Monitoring

The new IDS is too more intelligent and can automatically observe dozens of network protocols to provide deep introspection - no more manually specifying which ports to monitor. It won't thing if a service, or even malware, attempts to hibernate your users' activities by using custom ports. The new IDS decodes all network traffic, automatically identifies the appropriate protocols and services, and applies the appropriate IDS rules to that traffic.

Malicious URL Blocking

In many cases, blocking an entire site (like GitHub) might cause too much disruption, only there is some page or some other resource on that site that delivers undesirable content. To solve this trouble, VIPRE as well scans unabridged URLs seen in HTTP traffic to ensure that your users don't hit pages that could get them in trouble. This service leverages our global threat intelligence network for up-to-the-minute information about bad URLs and informs your users if they attempt to click on a bad URL link.

Browser Extensions

2 new amanuensis-managed browser extensions—for Firefox and Chrome browsers—provide visibility into encrypted HTTPS spider web traffic and leverages the aforementioned URL blocking service mentioned higher up. The VIPRE amanuensis pushes these into installed browsers automatically if enabled in your policy, and ensures your browsers stay protected.

Malicious Content Blocking

New Spider web Exploit Protection replaces our retired Edge Protection characteristic to find and block malicious embedded content inside web pages. Malicious JavaScript lawmaking and other risky content is now scanned for automatically and, if institute, results in the page being blocked. Effective against malvertising, watering hole attacks, and spoofed websites, Web Exploit Protection protects your users even if they are visiting a brand-new malicious web page.

System Requirements

Management Console (VSS)	OPERATING SYSTEMS Windows Server 2022 (excluding Server Core) Windows Server 2022 (excluding Server Core) Windows Server 2012 (excluding Server Core) Windows Server 2008 SP2 or R2 (excluding Server Core) Windows x (32- & 64-bit, all versions) Windows 8.1 (32- & 64-bit) Notes: Embedded operating systems are not supported HARDWARE Dual-core processor or higher 2GB complimentary disk space(upward to 20 GB could exist required for Endpoint Security versions for caching of patches) 2GB RAM 1024 ten 768 monitor resolution MISCELLANEOUS MDAC ii.vi SP2 or after Microsoft .Net Framework 4.6 (if not already installed, .Cyberspace will automatically install during installation)
VIPRE Amanuensis for Windows	OPERATING SYSTEMS Windows Server 2022 (64-bit, excluding Server Core) †† Windows Server 2022 (excluding Server Cadre) †† Windows Server 2012 R2 (excluding Server Core) †† Windows Server 2008 R2 SP1 (excluding Server Core) †† Windows Modest Business Server 2011 †† Windows Pocket-sized Business Server 2008 † Windows x (32- & 64-bit, all versions) Windows 8.one (64-bit) Windows 7 SP1 (32- & 64-bit) Windows Vista SP2 (32 & 64-flake) † Windows XP (32-bit) † † Supported for legacy agent only, not available for Cloud †† VIPRE Advanced Active Protection is non supported on these Operating Systems HARDWARE Dual-core processor recommended 2GB free deejay space 2GB RAM or better recommended SUPPORTED Web BROWSERS FOR HTTPS URL PROTECTION Firefox v68 or afterward Chrome v72 or later SUPPORTED E-mail APPLICATIONS Microsoft Outlook 2003+ SMTP/POP3 (Thunderbird, IncrediMail, Eudora, etc.) SSL supported in Outlook simply
VIPRE Agent for Mac	OPERATING SYSTEMS macOS Sierra (ten.12) Bone Ten El Capitan (10.eleven) Bone X Yosemite (ten.10) OS X Mavericks (x.9) Os 10 Mountain Panthera leo (10.8)
VIPRE Business Mobile Security (Agent)	OPERATING SYSTEMS Android two.2 (Froyo) or later iOS 5.1.one or afterwards

Changes to Annotation

Important: Alter to VIPRE settings

The settings for Malicious URL Blocking have changed with this release.

Default enabled- The feature is now enabled, past default.
- VIPRE will block admission to malicious web sites and pages in unencrypted (HTTP) and encrypted (HTTPS) traffic. To protect encrypted traffic, VIPRE requires a browser extension in order to see the decrypted content; as of this release, the Mozilla Firefox and Google Chrome browsers are supported.
2 settings to disable- To disable, uncheck both Verify HTTPS web browser traffic and Verify HTTP traffic.
- You tin can also disable HTTPS blocking for a specific browser only, which will uninstall the browser extension from that browser.
Legacy agents, ports to filter- specifying ports to filter is now simply required for legacy agents (prior to version 12.0.xx). The newer amanuensis volition machine-notice which ports behave HTTP traffic.

Port Scans - No longer available in v12. It is still available in Agent v11 and lower, however.
Web exploit protection restored -We have restored the ability to identify and cake malicious web folio content based on our new network stack.
New IDS configuration and ruleset - Two different IDS rulesets are now provided, ane for legacy pre-12 agents and new ruleset configuration for v12 agents. The new v12 ruleset now includes more than 5000 IDS rules.

Known Issues and Workarounds

This section lists issues that are known at the time of release. In some cases, these are bugs that nosotros are working to resolve with a subsequent release. Other items may exist due to causes outside of our command, such equally bugs with other vendors' software. In all cases, we accept tried to provide a workaround for you to consider, should y'all feel an issue.

If you have questions about a specific event, delight provide the issue ID (if applicable) when contacting our Technical Support team.

At this time, there are no new known issues with this release.

Previously Known Issues

Agents running Windows Server 2022 do non reboot when clicking "Reboot Now" on a VIPRE Reboot Required condition [VPBAGENT-3920]

This is a condition that occurs due to changes in Windows Server 2022 security settings.

Endpoint devices running Windows Server 2022 volition non reboot when the "Reboot At present" button is selected unless the user account is added to a specific Windows Local Security Policy. The default "Administrators" group cannot restart the Agent using this method.

Workaround 1: Add the user to the "Close downwards the arrangement" policy

To add together a user business relationship to the "Close down the system" policy

On the Agent car, open the Windows Local Security Policy
Add together the required user business relationship to the "Local Policies" > "User Rights Assignment" > "Shut downward the system" policy
Sign Out and Sign In to the auto (or reboot) for the policy modify to apply

The adjacent fourth dimension VIPRE requires a reboot, the modified user will exist able to reboot the machine using the "Reboot Now" button.

Workaround ii: Restart the Agent manually

Instead of using the Reboot Now push, users can manually restart the Amanuensis through the Windows Start menu.

Firewall trusted zones defined with IPv6 address ranges practise not work [VBAGENT-3187]

The VIPRE Agent does not recognize IPv6 trusted zone ranges and treats any IPv6 traffic as non-trusted. Therefore, any firewall rules for not-trusted traffic will still use.

There is no known workaround at this fourth dimension.

Logging into a Citrix device with Agile Protection enabled fails [VBAGENT-275]

This is a known conflict between VIPRE Active Protection and Citrix User Profile Management (UPM). Attempting to login to a Citrix device with both services enabled causes the login to hang and eventually fail.

Workaround: Temporarily disable Active Protection for Agents that need to access Citrix devices.

VIPRE Concern or VIPRE Business concern Premium agents on version 9.3 or earlier that are scheduled to Upgrade to VIPRE Endpoint Security volition not fully Upgrade on the initial install

VIPRE has added multiple driver updates that are included with this release. Depending on the version of the drivers on your system and which features are enabled in your policies (e.thousand. Device Control), installation may require 2 or more reboots to complete the amanuensis Upgrade.

Workaround: Brand sure any required reboots are completed. For the corresponding agent, cheque the Console > Agent Details > Amanuensis Surroundings tab and verify the "Needs Reboot" column is not marked with an "X".

Color coding of agent version in console does non announced to be consistent for all out of appointment agents.

In the Protected Computers tab of the console, the amanuensis version field is shaded orange for those agents that need to be updated to the latest agent software version. However, some agents that appear to be out-of-date are not shaded. Those agents include VIPRE Business or VIPRE Business organization Premium agents that do not take the highest build available. Agents that are not actively communicating are also not shaded just may be out of date.

Workaround: The agents volition Update with the right status upon the adjacent communication.

You lot may note VIPRE Business or VIPRE Business concern Premium agents reporting incorrectly. We recommend these agents be upgraded to VIPRE Endpoint Security to match your VIPRE Endpoint Security 11 panel. This will give you our best protection for these devices and correct the reporting result.

If you lot are non currently licensed for VIPRE Endpoint Security, please contact your sales representative (+ane 855-885-5566 or Contact Sales) for more information on how you can Upgrade.

When changing Active Protection settings within a VM environs, the changes have upwardly to fifteen minutes to apply

This is normal, as communication between the Console > VM takes some fourth dimension to propagate.

When VIPRE scans an electronic mail archive, files are not quarantined properly

Workaround: Through your email client, perform a manual cleanup of the e-mail archive containing the infected email. Once the infected email has been removed, re-scan the endpoint to confirm removal.

VIPRE Endpoint Security agents cannot run on Windows XP or Windows Server 2003

The software limitations of these older platforms do not provide the resources necessary for some more robust amanuensis features. VIPRE Endpoint Security requires a minimum Bone version of Windows Vista or Windows Server 2008.

Attempting to launch more than than one case of the administration Console (via last services) causes agent > Console communication to neglect

This is a product blueprint safeguard that prevents one administrator from overwriting a dissimilar administrator's settings without notification. Only one example of the admin Panel should exist running at a time.

Push amanuensis installations practice not work if Uncomplicated File Sharing is enabled

Unproblematic File Sharing prevents installation through the push choice. Yous must manually create the MSI installer package and deploy the installer to the workstation.

See the following back up commodity: Minimum Requirements for Agent Push button Deployment

Without proper firewall configuration, agents are unable to contact the Panel

An incorrectly configured firewall can forbid communication betwixt the agent and the Console.

Run across the following back up article: Minimum Requirements for Agent Push Deployment

Device Control policy changes may crave an amanuensis restart before they take consequence

On Consoles upgraded to ix.six or earlier, policy changes will non be practical until the amanuensis is restarted.

Workaround: Manually restart the agent to utilize policy changes.

To manually restart an agent

Correct-click on the agent in the grid
Select Effect Remote Restart Control

The Database Migration Utility may crash if the SQL Database has whatsoever spaces in the database name

The Database Migration Utility for VIPRE 9.six or before may crash during the migration process if your SQL Database has spaces in the name of the database.

Workaround: Resolution is under evolution. When created, database names should contain no spaces, no symbols, and no carriage returns.

Anti-Phishing does not piece of work if Outlook is open during agent install

If Outlook is running when enabling Anti-Phishing in the VIPRE Console before pushing an agent installation, it will not office properly until Outlook is restarted.

Workaround ane: Shut down Outlook during amanuensis installation when enabling Anti-Phishing

Workaround 2: Restart Outlook after amanuensis install when enabling Anti-Phishing

Outdated Citrix drivers may cause BSOD on Windows 7 agents

Updating a Windows 7 agent to VIPRE Endpoint Security 9.6 or earlier can cause a blue screen state on systems with older versions of Citrix drivers on them.

Workaround: Updating the Citrix commuter should resolve the effect.

On some systems, Windows Defender'southward Smart Screen blocks the agent installer

Select More Infofrom the Windows Defender popup and then select RunAnyhow.

Issues Fixes

The following bugs have been resolved with this release.

Panel

VIPREBIS-6532 - Upgrades from Business Antivirus or Business organization Premium incorrectly have Device Control enabled in all policies
VIPREBIS-6754 - Upgrade script does non add new field (ISOLATED) to agent tabular array
VIPREBIS-6755, VIPREBIS-6782 - Inconsistent times are shown on Agent versus Console; some are UTC time
VIPREBIS-6756 - Audit Trail may display no data in version eleven afterward upgrading from an older version of VIPRE
VIPREBIS-6757, VIPREBIS-6633 - In some cases, the Threat and Health Summary Reports do not display right data
VIPREBIS-6766 - Custom reboot text is not displayed when issuing a remote reboot
VIPREBIS-6856 - Supplemental software packages may display multiple device control versions later releasing a new version
VIPREBIS-6878 - User assistants is not working resolved with documentation Update
VIPREBIS-6198 - Social movie links on weekly health summary practice not do anything
VIPREBIS-6110 - (Rebrand) VIPRE Business to show VIPRE Security instead of ThreatTrack Security
VIPREBIS-1371 - Agent Quarantine tab > Send File for Analysis not creating toast notification
VIPREBIS-4797 - Scan elapsing in the Scan History - Preview should exist in format hh:mm:ss

Agent

VPBAGENT-3306- Device Command authorisation code stops working over time
VPBAGENT-4004- Device Control does non correctly identify all device types
VPBAGENT-4136 - Google Globe Pro patch breaks Google Earth
VPBAGENT-4137 - Device Command is breaking the encrypted keyboard driver included with IBERIABANK TreasuryConnect Secure Browser
VPBAGENT-4330 - Unprotected Popup after Update to 11.0.7627
VPBAGENT-4486 - Incorrect identification of car type for some systems
VPBAGENT-4554, VPBAGENT-4810 - MSI repair breaks communication with VSS or VIPRE Deject
VPBAGENT-4576 - BSOD using Arcserve with agent eleven.0.7628
VPBAGENT-4644 - Computers are not booting subsequently install of VIPRE
VPBAGENT-4667- Agents converting to the consumer version
VPBAGENT-4810- Amanuensis sending howdy phone call to Localhost afterward migration to Endpoint Deject
VPBAGENT-4838 - Logoff is slower on Windows 7 with Advanced Active Protection enabled
VPBAGENT-4853 - Percent (%) Browse Complete is reported incorrectly
VPBAGENT-4856 - Agent does non bank check for definition updates on startup
VPBAGENT-5221 - BSOD may occur when Agent upgrades from 10.1.7631 VPE to 12.0.7795 VES
VPBAGENT-5387- Deep scans are non completing
VPBAGENT-5393 - Agent GUI displays inconsistent data for last defs Update
VPBAGENT-5406 - Browser protection may interfere with some sites
VPBAGENT-5596- Agents may stop downloading definitions later a period of time

VPBAGENT-6235- Loss of connectivity and intermittent network bug on some server Bone'southward
VPBAGENT-6237-Problems with network protection resiliency: Under certain atmospheric condition, such as networks with large amounts of non-TCP/UDP traffic, specific queues within the VIPRE network filter driver could overflow and cause excessive network latency - sometimes causing other network connections to fail.
VPBAGENT-6243- Unable to connect to Exchange server: Outlook and Exchange configured with RPC over HTTP or MAPI over HTTP may experience failed connections when malicious content scanning is turned on
VPBAGENT-6249 - URL whitelist non honored: Under certain conditions, URL whitelist entries were non being honored by the URL and Content Filtering features
VPBAGENT-6265 - BSOD when streaming multiple videos; heavy video streaming load may cause a crash in the network filter commuter
VPBAGENT-6335 - Play Shop Help and Support URLs incorrect for browser extensions
VPBAGENT-6350-Agent locking access to ag-grid.com
VPBAGENT-6351 - Net connection may freeze when OpenVPN is run in full tunnel
VBAGENT-6383- idsrules2.def is not being copied & updated through incremental definitions updates

muellerwessin.blogspot.com

Source: https://success.vipre.com/endpoint-server-release-notes/endpoint-server-console-release-notes-20200714