Client firewalls, anti-malware, anti-spyware and anti-virus can prevent the installation and upgrade of the Pulse/Ivanti software components. The following guidelines should be followed to allow access to these processes.
- Check GPO policies for managed endpoints to verify that the Pulse Secure/Ivanti components are permitted. (See list below).
- Ensure the following ports are open for the Ivanti Secure access client/Pulse to install/launch.
- TCP port 443
- UDP port 4500 for ESP mode with VPN tunneling
- If firewall filters are based on application name, use the following table to determine the process to permit.
(Note: The following list is based on 9.1 releases and only includes rebranded Pulse Secure executables. For 9.1 releases and older, go to the Client side changes Guide for Pulse Connect Secure, select the appropriate version. (See KB9085 for more information.)
Component
|
Process Name
|
All
| PulseSetupClient.cab install.log PulseExt.exe PulseExt64.exe PulseSetupClient.inf PulseSetupClient.ocx PulseSetupClient64.inf PulseSetupClient64.ocx PulseSetupClientCtrlUninstaller.exe PulseSetupClientCtrlUninstaller64.exe
|
Pulse Desktop Client
| PulseUninstall.exe uninstall.exe jamCommand.exe pdv.exe Pulse.exe PulseSecureSetupClientOCX.exe PulseSecureSetupClientOCX64.exe pulselauncher.exe PulseApplicationLauncher.exe nsstatsdump.exe uninst.exe Ivanti Secure Access Client Service (PulseSecureService.exe) 64bitProxy.exe PulseCompMgr.exe PulseHelper.exe |
Installer Service
| AccessServiceComponent.exe PulseInstallerService.exe |
If software restrictions on the client PC are applied to folder directories, the following file paths should be allowed:
%PROGRAMFILES(X86)%\Common Files\Pulse Secure (64-bit system)
%PROGRAMFILES%\Common Files\Pulse Secure (32-bit system)
%APPDATA%\Pulse Secure\
%PUBLIC%\Pulse Secure\
%ALLUSERSPROFILE%\Pulse Secure
- It may be necessary to stop the service that is associated with a Firewall, AV or Anti-Malware service so that a user can test installing the Pulse Secure application without any restrictions. If the user is able to install Pulse Secure components with one of these services stops then this can narrow down the program applying the restriction. Refer to third party vendor documentation for instructions on doing this.
- Try to install new client using Administrator account or install with administrator privilege to avoid rolling-back issues.