Web Security Service

English

Recent
WSS Agent
 Releases

This topic lists the currently supported
WSS Agent
 versions and lists the features and resolved issues for each version.
You must use the fully-patched vendor-provided versions of the operating systems. All attempts to install on an unsupported OS fail.
VPN Client Compatibility
The
WSS Agent
 cannot compete with multiple VPN clients, such as Cisco AnyConnect, that might be installed on client systems. You can configure a full or split tunnel with other configurations.
  • Full Tunnel—This is possible if the VPN server egress IP address is configured as an IPSec Location in
    WSS
     (
    Connectivity > Locations
    ).
    WSS Agent
     enters into Passive Mode when on the Location network.
  • Split Tunnel—To prevent connection flapping, add the IP address of the VPN server to the IP Bypass list.

WSS Agent
 Version Support Policy

To continuously protect clients that connect from non-corporate networks, Symantec (a Broadcom Division) is committed to delivering innovative
WSS Agent
 technologies. To achieve this goal and to simplify product maintenance, Symantec implements the following agent version End Of Maintenance (EOM) policy:
  • All
    major
    WSS Agent
     software versions receive support for two years (24 months) from their release date.
  • All supported major and minor versions receive critical fixes and enhancements.
  • The following
    example
     demonstrates the format of a
    WSS Agent
     version series:
    • 7.1.1 is released as a
      major
       version because it is the initial version of 7.x series. It provides new features and protection technologies.
    • Some months later, 7.2.1 is released as a
      minor
       version within the 7.x major series. A minor version contains more resolved issues and might contain feature enhancements.
    • 7.2.2 and 7.2.3 are then released as
      maintenance
       versions, which typically contains critical fixes.
      Note:
       Symantec derives maintenance versions only from the most recent minor release. Those fixes are not backported to previous versions. In this example, 7.1.1 would
      not
       receive these fix patches.
  • All minor versions within a major version reach EOM at the same time. The best practice is to plan for and deploy the most recent agent version as soon as it is feasible.
The following table provides the current EOM status for currently available major versions. Use this information to plan a migration to a newer version before support for your current version expires.
Agent Version
Release Date
EOM
All versions of Unified Agent         
December, 2013
March 31, 2021
WSS Agent
 5.x
July, 2019
July, 2021
WSS Agent
 6.x
August, 2020
September 30, 2022
WSS Agent
 7.x
November, 2020
December 31, 2022
Some features, including interactions with other WSS features, require minimum minor versions. The subsequent sections in this topic list the enhancements and resolved issues for recent
WSS Agent
 versions.

Virtual Desktop Infrastructure Support

WSS Agent
 7.1.1+ supports Virtual Desktop Infrastructure (VDI) environments
if
 the environment presents a full virtual machine exclusive to each user.
You must use the
MCU=1
 option to install
WSS Agent
 onto
each
 virtual machine. Without this installation option,
WSS Agent
 displays the
No user logged on at physical console
 error message. For information about
WSS Agent
 CLI installation commands, see Install WSS Agent—Win CLI.
WSS Agent
 is
not
 supported in the following environments:
  • In a VDI environment where multiple users share a single installation of the operating system.
  • On Windows Server operating systems.
  • In terminal server environments; examples include: Citrix and Windows Virtual Desktops (WVD).
Reporting Impacts
WSS Agent
 detects when it has been cloned and treats each new instance as a new installation. A unique installation ID is assigned for each new VM cloned from an image. The pristine image retains the same installation ID throughout its life. This deployment has the following impact on reporting:
  • Each new VDI session results in the creation of an additional entry on the
    WSS
    Connectivity > Agent
     portal page. For larger companies this might result in a very large number of entries. However, a moderate number of entries still requires searching or filtering for record location.
  • With or without VDI, the number of logged sessions remains the same in the
    Last Access
     report. The report logs new sessions from the
    WSS Agent
     to
    WSS
    . What changes is that each session for a given user has a different
    Device ID
     that corresponds to each virtual session. In a physical deployment, the
    Device ID
     remains constant across all sessions.

WSS Agent
 7.3.5

Supported Operating Systems
  • 64-bit Windows 10 Professional, Enterprise or Education version 1803 and later (Semi-Annual Servicing Channel).
  • macOS Mojave, Big Sur (includes native M1 support).
Resolved Issues
  • Resolves an issue that blocked the use of MS Direct Access.
  • Resolves a Windows connection failure triggered by rapid network changes.
  • Resolves intermittent IPv6 packet drops when the
    Block IPv6
     option is disabled.
  • On macOS Big Sur, resolves an issue that prevented the bypassing of some third-party applications.
Technology Notes
  • On a Windows machine that is accessed through Microsoft RDP,
    WSS Agent
     7.x+ must be installed with the Multiple Concurrent Users (MCU) option set. Failure to do so results in
    WSS Agent
     clients receiving an error:
    No user logged on at physical console
    .
  • WSS Agent
     v7.x+ does not support Captive Portal.

WSS Agent
 7.3.1

WSS Agent
 7.3.1 is the current default download version.
Supported Operating Systems
  • 64-bit Windows 10 Professional, Enterprise or Education version 1803 and later (Semi-Annual Servicing Channel).
  • macOS Mojave, Big Sur (includes native M1 support).
Features
  • Support to use wildcard characters in the Executable Bypass dialog.
  • Support for SAML authentication policy. An upcoming
    WSS
     portal update is required for this feature.
Documentation will be amended when the update occurs.
Resolved Issues
  • Resolved a deleted connect list cache when all datacenters fail.
  • Resolved an extraneous warning message during command line uninstall on macOS.
  • Resolved an incorrect default value for Ignore Proxy Settings option.
  • Resolved missing update notifications on Windows.
  • Removed the install check for the Entrust certificate.
  • Improved debugging and troubleshooting messages.
  • Improved performance and memory use.
Technology Notes
  • On a Windows machine that is accessed through Microsoft RDP,
    WSS Agent
     7.x+ must be installed with the Multiple Concurrent Users (MCU) option set. Failure to do so results in
    WSS Agent
     clients receiving an error:
    No user logged on at physical console
    .
  • WSS Agent
     v7.x+ does not support Captive Portal.

WSS Agent
 7.2.1

Supported Operating Systems
  • 64-bit Windows 10 Professional, Enterprise or Education version 1803 and later (Semi-Annual Servicing Channel)
  • macOS Mojave, Big Sur (includes native M1 support)
Features
  • macOS Big Sur support.
Resolved Issues
  • Low-memory might have caused a BSOD/Kernel Panic.
  • Undetermined user process information might have caused a crash on macOS.
  • Special characters in macOS machine name were incorrectly encoded.
  • Fixed Windows installer requiring administrator user to execute.
  • Improved download performance when connection is UDP.
Technology Notes
  • On a Windows machine that is accessed through Microsoft RDP,
    WSS Agent
     7.x+ must be installed with the Multiple Concurrent Users (MCU) option set. Failure to do so results in
    WSS Agent
     clients receiving an error:
    No user logged on at physical console
    .
  • WSS Agent
     v7.x+ does not support Captive Portal.

WSS Agent
 7.1.1

Supported Operating Systems
  • 64-bit Windows 10 Professional, Enterprise or Education version 1803 and later (Semi-Annual Servicing Channel)
  • macOS Mojave+
Features
  • Single Tunnel Mode by default.
  • Support for WSS-SEP-NTR (Network Traffic Redirection).
  • Installs the new TLS/SSL interception root certificate on endpoints. This certificate allows for control and reporting on encrypted traffic.
Resolved Issues
  • WSS Agent
     UI was out of sync with the background service
  • UIC traffic was occasionally allowed despite the Block setting in the portal.
  • IPv6 domain addresses were not correctly honored.
  • Improved stability and performance.
Technology Notes
  • On a Windows machine that is accessed through Microsoft RDP,
    WSS Agent
     7.x+ must be installed with the Multiple Concurrent Users (MCU) option set. Failure to do so results in WSS Agent clients receiving an error:
    No user logged on at physical console
    .
  • WSS Agent
     v7.x+ does not support Captive Portal.

WSS Agent
 6.2.1

Supported Operating Systems
  • 64-bit Windows 10 Professional, Enterprise or Education version 1703 and later (Semi-Annual Servicing Channel)
  • macOS High Sierra+
Resolved Issues
  • Resolved a security issue. The best practice for any customers with
    WSS Agent
    s 6.1.1 through 6.1.3 deployed is to upgrade to 6.2.x.
  • Resolved issue where the notifier prompted for update, even if
    Prompt For Updates
     was disabled in the portal.
  • Resolved issue where an update always required a reboot on macOS Catalina.
  • Resolved issue where the macOS update progress UI could not be dismissed.
  • Improved automatic update process.
  • Resolved Kernel panic during startup on high-end hardware.
  • Mixed cases in domain bypass lists.
  • Updated the links on the
    About
     tab to point to Broadcom's license repository.
  • Switch to passive network required two reconnects.
  • Resolved an issue that causes unnecessary DNS requests.
  • Signed with Broadcom certificates. Broadcom's Organization Identifier on macOS is
    Y2CCP3S9W7
    .

WSS Agent
 6.1.1

Supported Operating Systems
  • 64-bit Windows 10 Professional, Enterprise or Education version 1703 and later (Semi-Annual Servicing Channel)
  • macOS High Sierra+
Features
  • Supports the Cloud Firewall Service (CFS).
  • Full support for HDN.
  • Block IPv6 Packets.
  • BNS Events in Windows Event Log.
  • Real-time statistics v2.
  • Improved macOS diagnostics.
  • UI enhancements.