Endpoint Encryption for PC 5.2.11 Release Notes - McAfee

Release Notes for McAfee Endpoint
Encryption for PC 5.2.11
About this document
About this release
Requirements
Documentation
Known issues
Before installing McAfee Endpoint Encryption for PC 5.2.11
New fixes in this release
About this document
Thank you for using McAfee Endpoint Encryption for PC 5.2.11. This document contains important information
about this release. We strongly recommend that you read the entire document.
About this release
McAfee Endpoint Encryption for PC (EEPC) 5.2.11 provides full disk encryption and data protection for PCs and
laptops. It prevents the loss of sensitive data, especially from lost or stolen equipment. It protects the data
with strong access control using Pre-Boot Authentication and a powerful encryption engine.
EEPC 5.2.11 is the encryption software installed on client systems. It is deployed and managed through the
McAfee Endpoint Encryption Manager using policies. A policy is a set of rules that determine how encryption
functions on the user's computer.
Upgrading from previous releases
To apply this release to previous 4.0/5.0 installations, please follow the instructions in the Endpoint Encryption
Update and Migration Guide present in the root folder of the software build.
Requirements
This section provides the requirements for the McAfee Endpoint Encryption Manager 5.2.11 and EEPC 5.2.11
client.
System requirements
Systems Requirements
Endpoint Encryption Manager
CPU: Pentium III 1GHz or higher
RAM: 512 MB minimum (1 GB recommended)
Hard Disk: 200 MB minimum free disk space

Client systems for EEPC
Software requirements
Software Requirements
CPU: Pentium III 1GHz or higher
RAM: 512 MB minimum (1 GB recommended)
Hard Disk: 200 MB minimum free disk space
McAfee management software Endpoint Encryption Manager
Operating system requirements
Systems Software
Endpoint Encryption Manager See the Endpoint Encryption Manager Administration Guide
Client systems for EEPC
Documentation
Microsoft Windows 7 32-bit and 64-bit
Microsoft Windows 2000 Professoinal
This release of EEPC 5.2.11 includes the following documentation set.
Microsoft Windows XP Professional (32-bit only)
Microsoft Vista 32-bit and 64-bit (all versions)
Microsoft Windows Server 2003 and 2008
Standard product documentation
McAfee documentation provides the information you need during each phase of product implementation, from
installing a new product to maintaining existing ones. This release of EEPC 5.2.11 includes the following
documents:
McAfee Endpoint Encryption for PC 5.2.11 Release Notes
Known issues
McAfee Endpoint Encryption for PC 5.2.11 Administration Guide
McAfee Endpoint Encryption for PC 5.2.11 Quick Start Guide
For McAfee Endpoint Encryption for PC 5.2.11 Known Issues, refer to the KnowledgeBase article
https://kc.mcafee.com/corporate/index?page=content&id=KB73072.
Before installing McAfee Endpoint Encryption for PC
5.2.11 Make sure that you read this section completely and take the following precautions before installing EEPC
5.2.11 on the client.

Hard Disk hardware failure during Encryption
We recommend running a CHKDSK /r prior to installing EEPC to ensure the hard disk is in a healthy state. If
the Hard Disk is damaged or has a high number of undiscovered bad sectors, the disk could fail during the full
disk encryption process.
Adding new features and fixes to an existing Enterprise
If you want to add new features and fixes to an existing Endpoint Encryption Manager, please follow the
instructions in the Endpoint Encryption Update and Migration Guide present in the root folder of the software
build.
This document describes how to update an existing enterprise version of Endpoint Encryption to the latest
version and how to implement dedicated features like Smart Cards and Tokens. If you are installing it for the
first time, please follow the instructions in the Endpoint Encryption Quick Start Guide.
Adding new Smart Cards and Tokens
To implement new smart cards and tokens in the Endpoint Encryption Manager, follow the instructions in the
Endpoint Encryption Update and Migration Guide present in the root folder of the software build. If you are
performing a fresh installation, please follow the instructions in the Endpoint Encryption Quick Start Guide.
Make sure that your system has the supported reader drivers installed before trying to install Endpoint
Encryption for PC. You can find drivers for supported readers in the Tools software package, which can be
downloaded from www.mcafee.com.
Dynamic and RAID disks in Windows 2000, Windows XP, Windows 2003, Windows Vista
Because Endpoint Encryption works at sector level, it does not support software-based dynamic disks as seen
in Windows 2000. The following issues must be considered when installing Endpoint Encryption on a system
with this feature.
Volumes spanning one or more physical drives
Endpoint Encryption only encrypts the first drive, which the volume exists on, and leaves the remaining
volumes in plain text.
Volumes mapped as directories (hard links)
Endpoint Encryption does not encrypt the volume because the physical sectors are not supported at the
BIOS level.
Mirrored and RAID volumes
Endpoint Encryption is untested in this mode. It is not designed to support software mirroring and RAID.
Hardware RAID
Endpoint Encryption is untested in this mode, but should work properly in a situation where pure Hardware
RAID has been implemented. However, Endpoint Encryption cannot support diagnostic or disaster recovery
in this situation.
HP NoteBook PCs with SATA hard disks
McAfee and HP discovered an issue with the BIOS support of SATA hard disks on HP Notebooks, which makes
writing to the hard disk in SATA Native mode unreliable. The issue has been confirmed on the HP Compaq
nw8440 Mobile Workstation, HP Compaq nc8430 Notebook PC, and HP Compaq nx8420 Notebook PC.
If SATA Native Mode is enabled on these systems, the following issues eventually occur due to incorrect
writing of data by the HP BIOS:
Corrupt graphics and text pre-boot, missing users, missing tokens
Data Store Corrupt errors
Missing Attribute errors
Unknown User where the user previously functioned and has not been removed.
This issue is present in BIOS versions prior to F.10, released 17th April 2007. In these releases to prevent this
issue occurring, please disable SATA Native Mode in your notebooks BIOS. You can obtain BIOS version F.10
and greater through your HP support service. If you are using a BIOS version of F.10 or greater then this
issue is not relevant. Download the drivers and software from

http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?
prodNameId=1839208&lang=en&cc=us&taskId=135&prodClassId=-
1&prodTypeId=321957&prodSeriesId=1839152
Platform Support
The integrated solution works on a wide variety of PC platforms. The McAfee Endpoint Encryption team has
identified at least the following platforms that have known issues:
HP6515b: The OS hangs in Pre-Boot for laptops containing the NLG3500 card.
Gateway CA6: No power is provided to the NLG3500 card.
Split builds
This release of Endpoint Encryption for PC 5.2.11 (EEPC) and Endpoint Encryption Manager 5.2.11 (EEM)
introduces the products as separate builds. Moving forward these builds will be maintained, updated,
installed/upgraded and potentially released separately. This avoids dependency with other encryption products
such as Endpoint Encryption for Files and Folders (EEFF), and allows independent release schedules.
Administrators need to install the EEM first, followed by the product(s) they wish to use. The overall
functionality of the products remains the same but their install/upgrade procedure can and may change.
Anti-Virus exclusions
It is not necessary to use a virus scanner on the database (SBDATA). Most of the data is encrypted, so there
is nothing to be scanned and scanning will reduce much of the performance.
We recommend you to create the following exceptions for every Endpoint Encryption for PC Client:
SbClientManager: The McAfee Endpoint Encryption Client Manager should be excluded on the client. The
process is called SbClientManager.exe
SBFS: We recommend you to exclude the McAfee Endpoint Encryption File System where the Pre-Boot
environment is stored. Exclude this folder: \Device\SafeBootFSVolumes\Disk0\
New fixes in this release
New fixes in this release of EEPC 5.2.11 are listed below:
Reference Description
52110.1 Unable to enroll in local recovery after upgrade. This has been fixed in this release.
52110.2 Sbcredprov.dll crashes when RDP occurs from Windows 7 to 2008 Server. This has been
fixed in this release.
52110.3 The option to run the screen saver when a token is removed does not work for eTokens.
This has been fixed in this release.
52110.4 The Allow autoboot to be cancelled option does not display the pop-up window that allows
cancellation. This has been fixed in this release.
52110.5 In accessibility mode, there is no feedback when the Please insert token dialog box is
displayed.
When the Please insert token is displayed, the system now produces a
Beep Code (beep beep beep)
52110.6 After installing EEPC on HP ProBook 6465b – receive error E002001B
These computers use some instructions when accessing the protected disks.
These needed to be emulated by our Pre-Boot when calling the 16-Bit BIOS
from our 32-Bit Pre-Boot.

52110.7 Unable to load PBA on HP DV3022tx.
This was caused by 2 ‘end of interrupt’ signals.
This has been resolved for computers that DO NOT have EEPC Pre-Boot
USB support enabled.
NOTE: This is not due to EEPC code but the BIOS on the computer.
52110.8 Lenovo Thinkpad T420 has a long pause during PBA.
The delay is caused by the BIOS that fails to write when an unaligned buffer
is provided. This issue is not due to EEPC and can be reproduced in DOS.
Since other BIOS require that buffers be unaligned in order for them to
work under EEPC Pre-Boot, we cannot simply switch to always using aligned
buffers.
This system has been added to the compatibility list of computers that
require aligned buffers for disk access.
52110.9 An error occurs when reading disk sector while installing and booting on HP 4230’s
This system has been added to the compatibility list of computers that
require aligned buffers for disk access.
52110.10 Synchronise system name to client
The client manager will now check the computer name in the admin system
and if it is different to the local name, it will update it. When the name is
changed, the client log will have an entry saying "Changing local machine
name to "MACHINE_NAME"." (where "MACHINE_NAME" is the new name of
the machine).
52110.11
(PER
2981)
NOTE: This will not change the Windows network name—only the name that the
client stores internally.
Add support for the internal Alcor card reader in the HP8640p machine.
Support for this reader has been included in this release.
52110.12 Trackpoint does not work on Lenovo T420 and T410.
This has been fixed in this release.
52110.13
(PER
2796)
Provide onscreen keyboard support for the Wacom USB devices.
Support has been added for these devices.
52110.14 In HP elitebook 8460p, the Error reading disk sector error is generated when running in
IDE mode.
This system has been added to the compatibility list of machines that
require aligned buffers for disk access.
52110.15 Lenovo X220 fails at Pre-Boot with error E0020008 (Error writing to disk sector)
This system has been added to the compatibility list of machines that
require aligned buffers for disk access.
52110.16
(PER
3066, PER
3067)
Support PCMCIA Express readers, Omnikey Cardman 4321, and Gemalto PC Express54
readers.
These readers have been tested and are supported using the USB reader
files.

COPYRIGHT
Copyright © 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form or by any means without the written permission of McAfee, Inc., or
its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX
(MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS,
SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks
or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection
with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein
are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE
LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF
THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM
WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE
PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.