Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.8

• To complete Advanced Threat Prevention installation when the Dell Server managing the client is running in Connected mode (default), the computer must have network connectivity. However, network connectivity is not required for Advanced Threat Prevention installation when the managing Dell Server is running in Disconnected mode.
• To provision a tenant for Advanced Threat Prevention, the Dell Server must have Internet connectivity.
• The optional Client Firewall and Web Protection features should not be installed on client computers that are managed by Dell Server running in Disconnected mode.

• Other vendors' antivirus, antimalware, and antispyware applications may conflict with the Advanced Threat Prevention client. If possible, uninstall these applications. Conflicting software does not include Windows Defender. Firewall applications are allowed.

  If uninstalling other antivirus, antimalware, and antispyware applications is not possible, you must add exclusions to Advanced Threat Prevention in the Dell Server and also to the other applications. For instructions on how to add exclusions to Advanced Threat Prevention in the Dell Server, see KB article 126745. For a list of exclusions to add to the other antivirus applications, see KB article 126118.

Operating Systems

• The following table details supported operating systems.

  Windows Operating Systems (32- and 64-bit)

  As of January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https://support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation packages. Applications and installation packages signed with SHA1 certificates will function but an error will display on the endpoint during installation or execution of the application without these updates installed Windows 10: Education, Enterprise, Pro v1909-v22H2 (November 2019 Update/19H2 - November 2022 Update/22H2) Note: OEMs and ODMs do not ship Windows 10 v2004 (May 2020 Update/20H1 and later) with 32-bit architecture. For more information, see https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview. Windows 10 2019 LTSC Windows 10 2021 LTSC Windows 11: Enterprise, Pro v21H2 - 22H2 Windows Server 2008 R2 SP1: Standard Edition, Datacenter Edition, Enterprise Edition, Webserver Edition Windows Server 2012 R2: Standard Edition, Essentials Edition, Datacenter Edition Windows Server 2016: Standard Edition, Essentials Edition, Datacenter Edition Windows Server 2019: Standard Edition, Datacenter Edition

Ports

• The Advanced Threat Prevention agents are managed by and report to the management console SaaS platform. Port 443 (https) is used for communication and must be open on the firewall for the agents to communicate with the console. The console is hosted by Amazon Web Services and does not have any fixed IPs. If port 443 is blocked for any reason, updates cannot be downloaded, so computers may not have the most current protection. Ensure that client computers can access the URLs, as follows.

  Use	Application Protocol	Transport Protocol	Port Number	Destination	Direction
  All Communication	HTTPS	TCP	443	Allow all https traffic to *.cylance.com	Outbound

BIOS Image Integrity Verification

If the Enable BIOS Assurance policy is selected in the Management Console, the Cylance tenant validates a BIOS hash on endpoint computers to ensure that the BIOS has not been modified from the Dell factory version, which is a possible attack vector. If a threat is detected, a notification is passed to the Dell Server and the IT administrator is alerted in the Management Console. For an overview of the process, see BIOS Image Integrity Verification Process.