New features and enhancements in TS Agent 1.0.5 EA
Windows Server 2025 compatibility
The TS Agent is now compatible with Windows Server 2025.
Port management
Script configuring ports that are reserved for system operations
A script to configure ports that are reserved for system operations is now available in your MyStormshield area. This script, which is provided by Stormshield, analyzes any ports that may be in conflict with the TS Agent, and adds them to its settings to reserve them for system operations. As such, these ports cannot be assigned to any user.
You will need to manually run the script as an administrator. You can use it immediately after the installation of the TS Agent or later to adjust its parameters, for example when installing new applications, or when there are connection issues.
For more information, refer to the section Using script to configure ports that are reserved for system operations in the technical note on Installing and deploying the TS Agent.
Editing the port range that is reserved by default for users
The port range that is reserved by default for users is now 20000-49151 in any new installation of the TS Agent. The range was previously 1024-49151. Stormshield recommends using the new port range, as other applications may use ports in the range 1024-19999.
When updating the TS Agent to version 1.0.5 EA, avoid keeping the existing configuration so that the new port range can be used. If you have customized the TS Agent's parameters in the registry base, you need to change them again.
If necessary, you can:
- Use the script to configure ports that are reserved for system operations, to exclude ports that are likely to be in conflict with the TS Agent, so that they are not assigned to users ("ReservedSystemPorts" parameter),
- Bring down the lower limit of the port range that is reserved for users, ensuring that ports from the new range are not being used by other applications ("TotalPortsRangeLow" parameter).
For more information, refer to the section Identifying/editing operating parameters on the TS Agent in the technical note on Installing and deploying the TS Agent.
Changes to parameters that block or allow applications
Several changes have been made to the TS Agent parameters that block or allow applications.
-
The default value of the parameter "ExhaustedPortAction" is now "pass" for any new installation of the TS Agent. This makes it possible to allow network connections when users use all the ports that have been allocated to them.
IMPORTANT
These connections are anonymous to the SNS firewall. Its filter policy must therefore allow anonymous network connections with source ports that are higher than or equal to the value of the TS Agent's "EphemeralPortMin" parameter (49152 by default). Otherwise, the firewall will block such connections.When updating the TS Agent to version 1.0.5 EA, avoid keeping the existing configuration so that the new value of the parameter can be used. If you have customized the TS Agent's parameters in the registry base, you need to change them again.
-
The TS Agent now lets applications open a port as a listening port if the port is not in the port range that is reserved for users. Furthermore, the TS Agent no longer generates events in the Windows Event Viewer in this case.
-
By default, the TS Agent now blocks applications that attempt to use a port from the port range that is reserved for users, unless this port is in the port ranges that have been assigned to the user in question.
If an application is blocked, an event will be generated in the Windows Event Viewer:
Process [...] has been blocked because it tried to use a port [...] which is reserved by the driver.
This behavior can be changed by switching the value of the "ReservedPortAction" parameter from "block" to "pass". Changing this parameter to "pass" is considered advanced configuration, as this may cause issues with the assignment of ports on the host.
For more information on configuring TS Agent parameters, refer to the section Identifying/editing operating parameters on the TS Agent in the technical note on Installing and deploying the TS Agent.