About this release This document contains important information about the current release. We strongly recommend that you read the entire document.

Similar documents
Data Loss Prevention Endpoint

McAfee Data Loss Prevention Endpoint 10.0

McAfee Data Loss Prevention Endpoint 9.4.0

McAfee epolicy Orchestrator 5.x

McAfee Endpoint Security

McAfee epolicy Orchestrator Update 2

Resolution: The DataChannel servlet no longer stops working, regardless of the state of the DataChannel extension.

McAfee Database Security Hotfix 2 Release Notes

Release Notes for McAfee(R) Security for Lotus Domino(TM) Version 7.5 with Patch 2 Hotfix Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator)

Release Notes for McAfee(R) Security for Microsoft Exchange(TM) Version 8.0 Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee Drive Encryption Interface Reference Guide. (McAfee epolicy Orchestrator)

Release Notes McAfee Change Control 7.0.0

Release Notes McAfee Change Control 8.0.0

========================================================== Release date: December 03, This release was developed and tested with:

McAfee Drive Encryption Administration Course

McAfee Firewall Enterprise 8.3.2P05

Hotfix version. Date. McAfee Agent 4.5. Installation instructions. Installing on epolicy Orchestrator 4.x systems. Tasks. Tasks

McAfee Drive Encryption Product Guide. (McAfee epolicy Orchestrator)

McAfee Security for Microsoft SharePoint Hotfix

McAfee Firewall Enterprise

McAfee Web Gateway

Endpoint Intelligence Agent 2.2.0

McAfee Security for Microsoft Exchange Hotfix Release Notes

Release Notes for McAfee(R) VirusScan Enterprise for Linux Version Hotfix Copyright (C) 2013 McAfee, Inc. All Rights Reserved

Deploying the hybrid solution

McAfee epo Deep Command

McAfee Endpoint Upgrade Assistant 1.5.0

Dell Client Manager 2.0 FAQ

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Release Notes McAfee Application Control 6.1.2

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Encryption

McAfee Data Loss Prevention Endpoint

SafeNet Authentication Client

McAfee Data Loss Prevention Prevent 11.1.x Release Notes

Q A F 2.2 ger A n A m client dell dell client manager 2.2 FAQ

McAfee Management of Native Encryption 3.0.0

Boot Attestation Service 3.0.0

McAfee Data Loss Prevention 9.3.3

McAfee MVISION Endpoint 1811 Installation Guide

McAfee File and Removable Media Protection 6.0.0

McAfee Data Protection for Cloud 1.0.1

McAfee Endpoint Encryption for PC

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

This document contains important information about the current release. We strongly recommend that you read the entire document.

Intel Security/McAfee Endpoint Encryption

McAfee Data Loss Prevention Endpoint

McAfee epolicy Orchestrator Release Notes

McAfee Policy Auditor 6.2.2

Data Loss Prevention Discover 11.0

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

============================================================ About this release:

ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference. July 2017

McAfee Endpoint Security

Release Notes - McAfee Deep Defender 1.0

McAfee File and Removable Media Protection Installation Guide

McAfee Web Gateway

Installation Guide. McAfee Web Gateway Cloud Service

Intel vpro AMT Remote Configuration using McAfee epo Deep Command

KYOCERA Net Admin Installation Guide

McAfee Next Generation Firewall 5.9.1

Network Security Platform 8.1

Network Security Platform 8.1

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Network Security Platform 8.3

McAfee Network Security Platform

McAfee Network Security Platform 8.3

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

Stonesoft Management Center. Release Notes Revision B

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Data Loss Prevention 9.3.2

McAfee Firewall Enterprise and 8.3.x

Network Security Platform 8.1

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016

McAfee Network Security Platform 9.1

NGFW Security Management Center

SafeGuard Easy Demo guide. Product version: 6 Document date: February 2012

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

McAfee MVISION Endpoint 1808 Installation Guide

Release Notes McAfee Application Control 6.1.0

Network Security Platform 8.1

McAfee Boot Attestation Service 3.5.0

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Network Security Platform 8.1

Sidewinder. Release Notes 8.3.2P11. Revision A

Installing Client Proxy software

NGFW Security Management Center

McAfee Enterprise Security Manager 9.5.2

PS-4700/4800Series User ユーザーマニュアル Hardware Manual Manual

Network Security Platform 8.1

NGFW Security Management Center

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

McAfee Network Security Platform 9.2

McAfee Virtual Network Security Platform 8.4 Revision A

McAfee Web Gateway

Network Security Platform 8.1

McAfee File and Removable Media Protection Product Guide

McAfee SiteAdvisor Enterprise 3.5.0

Transcription:

Release Notes Hotfix 1044054 McAfee Drive Encryption 7.1.1 For use with epolicy Orchestrator Contents About this release New features Resolved issues Installation instructions Known issues Additional information Find product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. When installing a new version of a product, upgrading an existing product or performing any complex changes to the environment, always ensure that a copy of the epo Database is taken for DR purposes. For more information on the backup process see KB66616 epo server backup and disaster recovery procedure. We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version. Release build 7.1.1.1044054 This release was developed for use with: McAfee epolicy Orchestrator 4.6.7, 4.6.8 and 4.6.9 McAfee epolicy Orchestrator 5.1 and 5.1.1 Purpose This Hotfix release of McAfee Drive Encryption (DE) 7.1 Patch 1 (7.1.1) introduces fixes for issues that were reported in the previous versions. Rating High Priority McAfee considers this release to be high priority for supported Windows versions. Failure to apply a high Priority update may result in potential business impact. Read this before upgrading Upgrade from EEPC 6.x.x Customers using EEPC 6.1.2 or later only need to upgrade the extensions to either EEPC 7.0 Patch 2 or Patch 3 before initiating the upgrade process to DE 7.1 Patch 1. These clients can then be upgraded directly from EEPC 6.1.2 or later to DE 7.1 Patch 1. Once the extension has been checked in, follow the steps detailed in the Product Guide. Before upgrading EEPC 6.1.x or 6.2.x clients to DE 7.1 Patch 1, McAfee strongly recommends that you 1

review KB81522. Upgrade from EEPC 7.0 RTW or 7.0 Patch 1 Customers using EEPC 7.0 RTW or EEPC 7.0 Patch 1 only need to upgrade the extensions to either EEPC 7.0 Patch 2 or Patch 3 before initiating the upgrade process to DE 7.1.1 HF1044054. These clients can then be upgraded directly from EEPC 7.0.x to DE 7.1.1 HF1044054. Once the extension has been checked in, follow the steps detailed in the Product Guide. Upgrade from EEPC 7.0 Patch 2 or Patch 3 Perform these tasks to upgrade from EEPC 7.0 Patch 2 or Patch 3 to Drive Encryption 7.1.1 HF1044054: 1. Upgrade the EEPC 7.0 Patch 2 or Patch 3 EEAdmin extension to EEPC 7.0 Patch 4, which is included in the DE 7.1.1 HF1044054 Package. 2. Follow the remaining upgrade steps in the Product Guide, which remain the same. New features The following is a description of the new features introduced in DE 7.1.1 HF1044054. This release retains all the features introduced in previous Drive Encryption 7.1 Patch 1 (7.1.1) releases. A complete reference of the new features introduced in Drive Encryption 7.1 Patch 1 is available in the knowledgebase article New features in McAfee Drive Encryption 7.1 Patch 1 KB81901. Resolved issues These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Reference Issue description 996316 On selected UEFI enabled machines removing a USB device when in PBA causes the machine to freeze. 1011666 On Windows 8.1 if a smart card reader is attached and McAfee Device Encryption Single Sign On is enabled the logon window will default to smart card instead of password. 1013841 Number of days for password expiry is blank at PBA on Japanese operating systems. 1026472 Add support for UTC +13 time zones. 1028821 Reports of high CPU utilization when activating McAfee Device Encryption. 1028753 UEFI Opal activated devices randomly boot to the Windows Recovery Console. 1040854 Logon timeout message appears incorrectly with Japanese language applied. 2

Installation instructions For information about installing or upgrading Drive Encryption for PC, see McAfee Drive Encryption 7.1 Product Guide - PD24867. Requirements Make sure that your system meets these requirements before installing the software. Systems Requirements McAfee epolicy Orchestrator (epo) server systems See the product documentation for your version of McAfee epo. McAfee Agent McAfee Agent for Windows 4.6 and later versions. o Note Windows 8 support requires McAfee Agent 4.6.1 or above. o Note Windows 8.1 and 8.1 Update support requires McAfee Agent 4.8 Patch 1 or above. Client systems for EEPC CPU: Pentium III 1GHz or higher RAM: 1 GB minimum (2 GB recommended) Hard Disk: 200 MB minimum free disk space o For more requirements on Intel AMT Systems see the product documentation for epo Deep Command product. Software requirements Software Requirements McAfee management software McAfee epolicy Orchestrator 4.6.7 McAfee epolicy Orchestrator 4.6.8 McAfee epolicy Orchestrator 4.6.9 McAfee epolicy Orchestrator 5.1 McAfee epolicy Orchestrator 5.1.1 For the latest information regarding supported environments please consult Supported Environments for Drive Encryption 7.1 KB79422. Operating system requirements Systems Software Client systems For the latest information regarding supported environments please consult Supported Environments for Drive Encryption 7.1.x KB79422. Known issues For a list of known issues in this product release, refer to McAfee KnowledgeBase article KB81902. 3

Additional information The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. McAfee, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. Hotfix files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the hotfix. Hotfix files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of hotfix files. Hotfix files are not a substitute or replacement for product Service Packs which may be released by McAfee, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from McAfee, Inc. Further, posting of McAfee hotfix files to publicly available Internet sites is prohibited. McAfee, Inc. reserves the right to refuse distribution of hotfix files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee hotfix files should be directed to McAfee Technical Support. Product documentation This release of DE 7.1 Patch 1 includes the following documentation set. Standard product documentation McAfee documentation provides the information you need during each phase of product implementation, from installing a new product to maintaining existing ones. This release of DE 7.1 Patch 1 includes the following documents: McAfee Drive Encryption 7.1.1 HF1044054 Release Notes (this document) Knowledgebase articles FAQs for Drive Encryption 7.1.x: KB79784 Drive Encryption 7.1.x Error Codes and Messages: KB79785 Supported Environments for Drive Encryption 7.1.x: KB79422 Opal-based disk drive support: KB75045 How to access Windows Safe Mode when Drive Encryption or Endpoint Encryption is installed: KB73714 How do the recovery tools for Windows 8 interact with EEPC: KB76638 Note Windows Recovery Console (F8 recovery) is not available on Samsung Slate 700T tablets because technical issues prevent F8 recovery from working on this platform in. Note For general information about the recovery tools available with McAfee Drive Encryption 7.x please refer to the FAQs for Drive Encryption 7.1.x KB79784 Tablet Support for Endpoint Encryption for PC 6.2 Patch 1 and later: KB78049 Supported tokens and readers McAfee Drive Encryption for PC supports different logon tokens and token readers. The token type associated with a user or a group can be modified using McAfee epo. For details on modifying tokens, see the McAfee Drive Encryption 7.1 Product Guide. KnowledgeBase articles for tokens and readers in DE 7.1.x For more information about supported tokens and readers, refer to these KnowledgeBase articles: Supported Tokens for authentication in Drive Encryption 7.1.x KB79787 Supported Readers for authentication in Drive Encryption 7.1.x KB79788 Support for self-encrypting Opal-based disk drive Drive Encryption 7.1 Patch 1 provides support for self-encrypting Opal-based disk drives on UEFI and BIOS. 4

UEFI Opal-based self-encrypting disk drives will be supported on UEFI systems where the system is Windows 8 logo compliant and if the system was shipped from the manufacturer fitted with an Opal selfencrypting drive. Opal-based self-encrypting disk drives might not be supported on UEFI systems if the system is not Windows 8 logo compliant, or if the system did not ship from the manufacturer fitted with an Opal selfencrypting drive. This is because a UEFI security protocol that is required for Opal management is only mandatory on Windows 8 logo compliant systems where an Opal-based self-encrypting disk drive is fitted at the time of shipping. Those shipped without self-encrypting drives might or might not include the security protocol. Without the security protocol, Opal management is not possible. Note Drive Encryption 7.1.1 HF1044054 will support the Opal-based encryption provider on UEFI systems fitted with an Opal-based disk drive if the UEFI protocol EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is present on the system. BIOS Opal is supported for Opal-based disk drives under BIOS. To activate a system using the native Opal functionality, Windows 7 SP1 Operating system and above is required. On systems with Opal-based disk drives where the Operating System is Windows 7 RTW or below, PC software encryption will be used. Note By default, software encryption will be used on both Opal and non-opal based systems in Drive Encryption 7.1.1 HF1044054. To make sure that Opal technology is chosen in preference to software encryption, we recommend you always set Opal as the default encryption provider by moving it to the top of the list on the Encryption Providers page. This makes sure that Opal locking is used on Opal-based disk drives. For more information about Opal, refer to the FAQs available in KB76591. Reimaging Opal drives When an Opal system (activated using the Opal encryption provider) is reimaged and restarted without first removing Endpoint Encryption, the user is locked out of the system. This happens because: The Pre-Boot is held off the disk and it is still active when the system is restarted. The Pre-Boot File System is destroyed during the imaging process. Note On BIOS systems, IDE and RAID modes are not supported with Opal. For more information regarding Opal support, please review the KnowledgeBase article KB75045. Opal activation might occasionally fail because the Microsoft defragmentation API used fails to defragment the host. For this to happen, the activation will restart at the next Agent-Server Communication Interval (ASCI). Before installing Drive Encryption 7.1.x Make sure that you read this section completely and take the following precautions before installing Drive Encryption 7.1 on the client. Hardware Disk hardware failure during Encryption We recommend running a CHKDSK /r prior to installing Drive Encryption to make sure the hard disk is in a healthy state. If the Hard Disk is damaged or has a high number of undiscovered bad sectors, the disk could fail during the full disk encryption process. In addition, we recommend using Drive Encryption GO to discover potential issues prior to installation. For more information, see KB72777. 5

Dynamic and RAID disks in Windows Endpoint Encryption works at sector level, consequently it does not support software-based dynamic disks and software based RAID. Hardware RAID Endpoint Encryption is untested in this mode, but may work properly in a situation where pure Hardware RAID has been implemented. However, Drive Encryption can t support diagnostic or disaster recovery in this situation. General Notes Users upgrading from EEPC 6.x should be aware that a new default theme is shipped as part of the Drive Encryption 7.1.x releases. If you are using customized themes with EEPC 6.x, then recreate your custom themes from the Drive Encryption default theme after the upgrade. This will make sure that the correct user interface is displayed and the correct audio is heard. Failure to do so will continue to display the EEPC 6.x user interface and use the EEPC 6.x audio. Those users who wish to deploy the new default theme to all their existing endpoints or have their own custom theme should follow these steps to make sure they are using the correct theme during PBA. 1. Create a Theme Deployment task and assign it to all of your endpoints. 2. Make sure that you have the desired theme selected in the Theme section of the Product Policy, that is, McAfee Default or your own custom theme based on the Drive Encryption 7.1 default theme. 3. After upgrading an endpoint, allow the Theme Deployment and Policy Enforcement tasks to complete before restarting the system. Note The size limit of the PNG file that can be uploaded is 2.5 MB. If you are using Policy Assignment Rules to assign specific Endpoint Encryption User-Based Policies (UBP) to users, see the Drive Encryption 7.1 Product Guide to learn how to configure these users to continue to use Policy Assignment Rules in Drive Encryption 7.1.1 HF1044054. This must be done prior to deploying the Endpoint Encryption (EE) Agent/PC to the clients. Failing to configure users correctly will result in users returning to the default User Based Policy assigned at system level. If you are using the autoboot feature in EEPC 5.x.x, please be advised that at least one EEPC user must be assigned to each client system to be upgraded to Drive Encryption 7.1 Patch 1 successfully. Note Since the release of Endpoint Encryption for PC 6.0, the autoboot feature no longer requires the use $autoboot$, therefore do not create this user as a valid user in Active Directory. In the context of the bullet above, one EEPC user refers to a valid Active Directory user. On upgrading from EEPC 6.x and EEPC 7.0.x to Drive Encryption 7.1.1 HF1044054, the EEPC MBR is backed up to the McAfee epo server. To avoid overloading the server, we recommend that you roll out the upgrade in batches of around 5000 systems. Note Removing the EEADMIN and DE extensions, then installing an earlier version of the EEADMIN / EEPC extensions, damages the database and is not supported. Out-of-band user management does not work when the action is performed on the client system at PBA through CIRA. RemoveDE is not supported in the UEFI version of the standalone DETech for Opal. The users should use the WinPE version of DETech if they wish to remove DE on a UEFI system. The reason for this is that the Opal removal process is highly complex on a UEFI system and is technically challenging to put in a standalone version of DETech. The built in track pad/mouse pad/touch interface may not work in Pre-Boot on UEFI booting systems. The reason for this is that OEM might not bundle a suitable UEFI driver for the device in the firmware. The track pad/mouse pad requires the UEFI Simple Pointer Protocol and the touch interface requires the Absolute Pointer Protocol to work correctly. 6

With HIPS 7.0 Patch 1, HIPS Security content 8.0.0.4611 is required for successful DE installation on the client. EEPC installation will fail if this security content is not updated on the client. Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. Task 1 Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com. 2 In the Support Content pane: Click Product Documentation to find user documentation. Click Technical Articles to find KnowledgeBase articles. 3 Select Do not clear my filters. 4 Enter a product, select a version, then click Search to display a list of documents. Copyright 2015 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback