Endpoint Encryption for PC 5.2.11 Release Notes - McAfee
Endpoint Encryption for PC 5.2.11 Release Notes - McAfee
Endpoint Encryption for PC 5.2.11 Release Notes - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Release</strong> <strong>Notes</strong> <strong>for</strong> <strong>McAfee</strong> <strong>Endpoint</strong><br />
<strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong><br />
About this document<br />
About this release<br />
Requirements<br />
Documentation<br />
Known issues<br />
Be<strong>for</strong>e installing <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong><br />
New fixes in this release<br />
About this document<br />
Thank you <strong>for</strong> using <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong>. This document contains important in<strong>for</strong>mation<br />
about this release. We strongly recommend that you read the entire document.<br />
About this release<br />
<strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> (EE<strong>PC</strong>) <strong>5.2.11</strong> provides full disk encryption and data protection <strong>for</strong> <strong>PC</strong>s and<br />
laptops. It prevents the loss of sensitive data, especially from lost or stolen equipment. It protects the data<br />
with strong access control using Pre-Boot Authentication and a powerful encryption engine.<br />
EE<strong>PC</strong> <strong>5.2.11</strong> is the encryption software installed on client systems. It is deployed and managed through the<br />
<strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> Manager using policies. A policy is a set of rules that determine how encryption<br />
functions on the user's computer.<br />
Upgrading from previous releases<br />
To apply this release to previous 4.0/5.0 installations, please follow the instructions in the <strong>Endpoint</strong> <strong>Encryption</strong><br />
Update and Migration Guide present in the root folder of the software build.<br />
Requirements<br />
This section provides the requirements <strong>for</strong> the <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> Manager <strong>5.2.11</strong> and EE<strong>PC</strong> <strong>5.2.11</strong><br />
client.<br />
System requirements<br />
Systems Requirements<br />
<strong>Endpoint</strong> <strong>Encryption</strong> Manager<br />
CPU: Pentium III 1GHz or higher<br />
RAM: 512 MB minimum (1 GB recommended)<br />
Hard Disk: 200 MB minimum free disk space
Client systems <strong>for</strong> EE<strong>PC</strong><br />
Software requirements<br />
Software Requirements<br />
CPU: Pentium III 1GHz or higher<br />
RAM: 512 MB minimum (1 GB recommended)<br />
Hard Disk: 200 MB minimum free disk space<br />
<strong>McAfee</strong> management software <strong>Endpoint</strong> <strong>Encryption</strong> Manager<br />
Operating system requirements<br />
Systems Software<br />
<strong>Endpoint</strong> <strong>Encryption</strong> Manager See the <strong>Endpoint</strong> <strong>Encryption</strong> Manager Administration Guide<br />
Client systems <strong>for</strong> EE<strong>PC</strong><br />
Documentation<br />
Microsoft Windows 7 32-bit and 64-bit<br />
Microsoft Windows 2000 Professoinal<br />
This release of EE<strong>PC</strong> <strong>5.2.11</strong> includes the following documentation set.<br />
Microsoft Windows XP Professional (32-bit only)<br />
Microsoft Vista 32-bit and 64-bit (all versions)<br />
Microsoft Windows Server 2003 and 2008<br />
Standard product documentation<br />
<strong>McAfee</strong> documentation provides the in<strong>for</strong>mation you need during each phase of product implementation, from<br />
installing a new product to maintaining existing ones. This release of EE<strong>PC</strong> <strong>5.2.11</strong> includes the following<br />
documents:<br />
<strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong> <strong>Release</strong> <strong>Notes</strong><br />
Known issues<br />
<strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong> Administration Guide<br />
<strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong> Quick Start Guide<br />
For <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong> Known Issues, refer to the KnowledgeBase article<br />
https://kc.mcafee.com/corporate/index?page=content&id=KB73072.<br />
Be<strong>for</strong>e installing <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong><br />
<strong>5.2.11</strong> Make sure that you read this section completely and take the following precautions be<strong>for</strong>e installing EE<strong>PC</strong><br />
<strong>5.2.11</strong> on the client.
Hard Disk hardware failure during <strong>Encryption</strong><br />
We recommend running a CHKDSK /r prior to installing EE<strong>PC</strong> to ensure the hard disk is in a healthy state. If<br />
the Hard Disk is damaged or has a high number of undiscovered bad sectors, the disk could fail during the full<br />
disk encryption process.<br />
Adding new features and fixes to an existing Enterprise<br />
If you want to add new features and fixes to an existing <strong>Endpoint</strong> <strong>Encryption</strong> Manager, please follow the<br />
instructions in the <strong>Endpoint</strong> <strong>Encryption</strong> Update and Migration Guide present in the root folder of the software<br />
build.<br />
This document describes how to update an existing enterprise version of <strong>Endpoint</strong> <strong>Encryption</strong> to the latest<br />
version and how to implement dedicated features like Smart Cards and Tokens. If you are installing it <strong>for</strong> the<br />
first time, please follow the instructions in the <strong>Endpoint</strong> <strong>Encryption</strong> Quick Start Guide.<br />
Adding new Smart Cards and Tokens<br />
To implement new smart cards and tokens in the <strong>Endpoint</strong> <strong>Encryption</strong> Manager, follow the instructions in the<br />
<strong>Endpoint</strong> <strong>Encryption</strong> Update and Migration Guide present in the root folder of the software build. If you are<br />
per<strong>for</strong>ming a fresh installation, please follow the instructions in the <strong>Endpoint</strong> <strong>Encryption</strong> Quick Start Guide.<br />
Make sure that your system has the supported reader drivers installed be<strong>for</strong>e trying to install <strong>Endpoint</strong><br />
<strong>Encryption</strong> <strong>for</strong> <strong>PC</strong>. You can find drivers <strong>for</strong> supported readers in the Tools software package, which can be<br />
downloaded from www.mcafee.com.<br />
Dynamic and RAID disks in Windows 2000, Windows XP, Windows 2003, Windows Vista<br />
Because <strong>Endpoint</strong> <strong>Encryption</strong> works at sector level, it does not support software-based dynamic disks as seen<br />
in Windows 2000. The following issues must be considered when installing <strong>Endpoint</strong> <strong>Encryption</strong> on a system<br />
with this feature.<br />
Volumes spanning one or more physical drives<br />
<strong>Endpoint</strong> <strong>Encryption</strong> only encrypts the first drive, which the volume exists on, and leaves the remaining<br />
volumes in plain text.<br />
Volumes mapped as directories (hard links)<br />
<strong>Endpoint</strong> <strong>Encryption</strong> does not encrypt the volume because the physical sectors are not supported at the<br />
BIOS level.<br />
Mirrored and RAID volumes<br />
<strong>Endpoint</strong> <strong>Encryption</strong> is untested in this mode. It is not designed to support software mirroring and RAID.<br />
Hardware RAID<br />
<strong>Endpoint</strong> <strong>Encryption</strong> is untested in this mode, but should work properly in a situation where pure Hardware<br />
RAID has been implemented. However, <strong>Endpoint</strong> <strong>Encryption</strong> cannot support diagnostic or disaster recovery<br />
in this situation.<br />
HP NoteBook <strong>PC</strong>s with SATA hard disks<br />
<strong>McAfee</strong> and HP discovered an issue with the BIOS support of SATA hard disks on HP Notebooks, which makes<br />
writing to the hard disk in SATA Native mode unreliable. The issue has been confirmed on the HP Compaq<br />
nw8440 Mobile Workstation, HP Compaq nc8430 Notebook <strong>PC</strong>, and HP Compaq nx8420 Notebook <strong>PC</strong>.<br />
If SATA Native Mode is enabled on these systems, the following issues eventually occur due to incorrect<br />
writing of data by the HP BIOS:<br />
Corrupt graphics and text pre-boot, missing users, missing tokens<br />
Data Store Corrupt errors<br />
Missing Attribute errors<br />
Unknown User where the user previously functioned and has not been removed.<br />
This issue is present in BIOS versions prior to F.10, released 17th April 2007. In these releases to prevent this<br />
issue occurring, please disable SATA Native Mode in your notebooks BIOS. You can obtain BIOS version F.10<br />
and greater through your HP support service. If you are using a BIOS version of F.10 or greater then this<br />
issue is not relevant. Download the drivers and software from
http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?<br />
prodNameId=1839208&lang=en&cc=us&taskId=135&prodClassId=-<br />
1&prodTypeId=321957&prodSeriesId=1839152<br />
Plat<strong>for</strong>m Support<br />
The integrated solution works on a wide variety of <strong>PC</strong> plat<strong>for</strong>ms. The <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> team has<br />
identified at least the following plat<strong>for</strong>ms that have known issues:<br />
HP6515b: The OS hangs in Pre-Boot <strong>for</strong> laptops containing the NLG3500 card.<br />
Gateway CA6: No power is provided to the NLG3500 card.<br />
Split builds<br />
This release of <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> <strong>5.2.11</strong> (EE<strong>PC</strong>) and <strong>Endpoint</strong> <strong>Encryption</strong> Manager <strong>5.2.11</strong> (EEM)<br />
introduces the products as separate builds. Moving <strong>for</strong>ward these builds will be maintained, updated,<br />
installed/upgraded and potentially released separately. This avoids dependency with other encryption products<br />
such as <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> Files and Folders (EEFF), and allows independent release schedules.<br />
Administrators need to install the EEM first, followed by the product(s) they wish to use. The overall<br />
functionality of the products remains the same but their install/upgrade procedure can and may change.<br />
Anti-Virus exclusions<br />
It is not necessary to use a virus scanner on the database (SBDATA). Most of the data is encrypted, so there<br />
is nothing to be scanned and scanning will reduce much of the per<strong>for</strong>mance.<br />
We recommend you to create the following exceptions <strong>for</strong> every <strong>Endpoint</strong> <strong>Encryption</strong> <strong>for</strong> <strong>PC</strong> Client:<br />
SbClientManager: The <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> Client Manager should be excluded on the client. The<br />
process is called SbClientManager.exe<br />
SBFS: We recommend you to exclude the <strong>McAfee</strong> <strong>Endpoint</strong> <strong>Encryption</strong> File System where the Pre-Boot<br />
environment is stored. Exclude this folder: \Device\SafeBootFSVolumes\Disk0\<br />
New fixes in this release<br />
New fixes in this release of EE<strong>PC</strong> <strong>5.2.11</strong> are listed below:<br />
Reference Description<br />
52110.1 Unable to enroll in local recovery after upgrade. This has been fixed in this release.<br />
52110.2 Sbcredprov.dll crashes when RDP occurs from Windows 7 to 2008 Server. This has been<br />
fixed in this release.<br />
52110.3 The option to run the screen saver when a token is removed does not work <strong>for</strong> eTokens.<br />
This has been fixed in this release.<br />
52110.4 The Allow autoboot to be cancelled option does not display the pop-up window that allows<br />
cancellation. This has been fixed in this release.<br />
52110.5 In accessibility mode, there is no feedback when the Please insert token dialog box is<br />
displayed.<br />
When the Please insert token is displayed, the system now produces a<br />
Beep Code (beep beep beep)<br />
52110.6 After installing EE<strong>PC</strong> on HP ProBook 6465b – receive error E002001B<br />
These computers use some instructions when accessing the protected disks.<br />
These needed to be emulated by our Pre-Boot when calling the 16-Bit BIOS<br />
from our 32-Bit Pre-Boot.
52110.7 Unable to load PBA on HP DV3022tx.<br />
This was caused by 2 ‘end of interrupt’ signals.<br />
This has been resolved <strong>for</strong> computers that DO NOT have EE<strong>PC</strong> Pre-Boot<br />
USB support enabled.<br />
NOTE: This is not due to EE<strong>PC</strong> code but the BIOS on the computer.<br />
52110.8 Lenovo Thinkpad T420 has a long pause during PBA.<br />
The delay is caused by the BIOS that fails to write when an unaligned buffer<br />
is provided. This issue is not due to EE<strong>PC</strong> and can be reproduced in DOS.<br />
Since other BIOS require that buffers be unaligned in order <strong>for</strong> them to<br />
work under EE<strong>PC</strong> Pre-Boot, we cannot simply switch to always using aligned<br />
buffers.<br />
This system has been added to the compatibility list of computers that<br />
require aligned buffers <strong>for</strong> disk access.<br />
52110.9 An error occurs when reading disk sector while installing and booting on HP 4230’s<br />
This system has been added to the compatibility list of computers that<br />
require aligned buffers <strong>for</strong> disk access.<br />
52110.10 Synchronise system name to client<br />
The client manager will now check the computer name in the admin system<br />
and if it is different to the local name, it will update it. When the name is<br />
changed, the client log will have an entry saying "Changing local machine<br />
name to "MACHINE_NAME"." (where "MACHINE_NAME" is the new name of<br />
the machine).<br />
52110.11<br />
(PER<br />
2981)<br />
NOTE: This will not change the Windows network name—only the name that the<br />
client stores internally.<br />
Add support <strong>for</strong> the internal Alcor card reader in the HP8640p machine.<br />
Support <strong>for</strong> this reader has been included in this release.<br />
52110.12 Trackpoint does not work on Lenovo T420 and T410.<br />
This has been fixed in this release.<br />
52110.13<br />
(PER<br />
2796)<br />
Provide onscreen keyboard support <strong>for</strong> the Wacom USB devices.<br />
Support has been added <strong>for</strong> these devices.<br />
52110.14 In HP elitebook 8460p, the Error reading disk sector error is generated when running in<br />
IDE mode.<br />
This system has been added to the compatibility list of machines that<br />
require aligned buffers <strong>for</strong> disk access.<br />
52110.15 Lenovo X220 fails at Pre-Boot with error E0020008 (Error writing to disk sector)<br />
This system has been added to the compatibility list of machines that<br />
require aligned buffers <strong>for</strong> disk access.<br />
52110.16<br />
(PER<br />
3066, PER<br />
3067)<br />
Support <strong>PC</strong>MCIA Express readers, Omnikey Cardman 4321, and Gemalto <strong>PC</strong> Express54<br />
readers.<br />
These readers have been tested and are supported using the USB reader<br />
files.
COPYRIGHT<br />
Copyright © 2011 <strong>McAfee</strong>, Inc. All Rights Reserved.<br />
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or<br />
translated into any language in any <strong>for</strong>m or by any means without the written permission of <strong>McAfee</strong>, Inc., or<br />
its suppliers or affiliate companies.<br />
TRADEMARK ATTRIBUTIONS<br />
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX<br />
(MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS,<br />
SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks<br />
or trademarks of <strong>McAfee</strong>, Inc. and/or its affiliates in the US and/or other countries. <strong>McAfee</strong> Red in connection<br />
with security is distinctive of <strong>McAfee</strong> brand products. All other registered and unregistered trademarks herein<br />
are the sole property of their respective owners.<br />
LICENSE INFORMATION<br />
License Agreement<br />
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE<br />
LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF<br />
THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE<br />
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT<br />
ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE<br />
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM<br />
WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET<br />
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE<br />
PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.