March 23, 2023
Summary
PreVeil provides end-to-end encrypted communication between protected devices using the PreVeil client software installed on supported devices. The PreVeil software running on your user client devices must be able to communicate with the PreVeil cloud servers in order for the service to operate.
Network Access
Below is the list of endpoints that are contacted by the PreVeil client-side software. Please confirm these DNS entries have been enabled.
Server Endpoint | Protocol | Port | Description |
HTTPS (http over TLS 1.2/1.3) | 443 | PreVeil website | |
HTTPS (http over TLS 1.2/1.3) | 443 | Web-based version of PreVeil | |
HTTPS (http over TLS 1.2) | 443 | PreVeil application server | |
HTTPS (http over TLS 1.2) | 443 | PreVeil software update management | |
HTTPS (http over TLS 1.2) | 443 | PreVeil software update management | |
| HTTPS (http over TLS 1.2) | 443 | Required for initial (one time) org creation session |
Proxies
PreVeil is compatible with most proxy configurations. Network devices that perform deep packet inspection or other MITM detection may require additional settings to permit communications.
In the absence of proxies, the PreVeil client will make direct connections to Amazon S3 using the default route provided by the system. The PreVeil server will issue pre-signed URLs to the clients so they can download the files faster without additional client-server roundtrip.
- Please describe your proxy environment to the PreVeil onboarding team so that they can confirm compatibility and (if necessary) provide additional instruction.
Additional Network Communications
PreVeil’s local interface can be accessed to by going to https://www.preveil.com/app which will detect whether or not PreVeil is installed and either redirect the user to http://127.0.0.1:4003 or, if PreVeil is not installed, to the download page at https://www.preveil.com/download .
This check is performed securely and non-invasively by the PreVeil website making a request to https://local-collections-proxy.preveil.com:5000/ping, domain whose DNS has been configured to resolve to 127.0.0.1. The request is only successful if the PreVeil agent process running on 127.0.0.1:5000 responds to the process. This architecture ensures that the chain of trust as established in the HTTPs certificates stays valid.
- Please confirm your environment allows HTTPS communications between PreVeil software running on your user client devices and the PreVeil cloud servers.
- Please confirm your environment allows Websockets between PreVeil software running on your user client devices and the PreVeil cloud servers.
Client Software Diagnostic Tool and Troubleshooting Logs
In order to confirm that network access has been enabled, we recommend that a member of the security / network / firewall team install the PreVeil software and use the Windows or OSX PreVeil software to perform an automated diagnostic check. This will verify local services are running as expected, and that the PreVeil client software has connectivity with the PreVeil servers. In the event the diagnostic indicates issues, the diagnostic can generate log files for troubleshooting.
- After the required network access has been enabled, please have at least one member of the security / network / firewall team successfully install the PreVeil software on a Windows device. Note: Local Admin privileges are required to complete the installation. https://www.preveil.com/download/
- Please complete the diagnostic steps below to confirm access has been successful:
- If, in the diagnostic testing screen, “Connected to all PreVeil servers” displays a red error, network attempts have been unsuccessful. Please export your PreVeil troubleshooting logs (see screenshot below) and provide them to the PreVeil team to enable us to assist with troubleshooting unique conflicts with your proxies, firewalls, etc. Alternatively, PreVeil troubleshooting logs can be exported via the automated tool (screenshot below), or the log export utility can be accessed directly at http://tinyurl.com/WindowsLogExtractor
Enabling of PreVeil’s Client Software via Antivirus / EDR
PreVeil’s client software agent installs multiple background daemons and local services, including a local-only webserver. As a result, PreVeil services may be flagged and/or blocked by your AV/EDR software.
- Using the diagnostic testing process referenced above, please confirm that “All services active” displays a green “Success” response. If not, additional Antivirus/EDR enabling may be required. A complete list of services installed by the PreVeil software agent is available upon request.
Spam Filter Settings
Spam filters can block the emails that PreVeil sends during activation, enabling access may be required.
- Confirm users can receive mail from verification.no-reply@preveil.com (sent from Amazon Simple Email Service servers)
Native Mail Client Integration
PreVeil integrates natively with Outlook on Windows and Apple Mail on OSX.
- Confirm your computing environments, endpoints, mail clients, OS(s) are supported by PreVeil.
Supported platforms
Desktop Browsers | Windows | Auto-Add to Mail Clients* | Android | macOS | iOS |
Google Chrome | 11 | Outlook 2019 | Tiramisu (13+) | Ventura (10.18) | 16.x |
Mozilla Firefox | 10 | Outlook 2016 | Snow Cone (12+) | Monterey (10.17 | 15.x |
Microsoft Edge | 8.1 | gmail.com | Red Velvet Cake (11+) | Big Sur (10.16) | 14.x |
|
| Apple Mail 10.x | Quince Tart (10+) | Catalina (10.15) | 13.x |
|
|
| Pie (9.0+) | Mojave (10.14) | 12.x |
|
|
| Oreo (8.0+) | High Sierra (10.13) |
|