Dell Encryption Enterprise Technical Advisories v10.9 November 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2020 Dell Inc. All rights reserved.
Contents Chapter 1: Technical Advisories.....................................................................................................6 Contact Dell ProSupport....................................................................................................................................................6 New Features and Functionality v10.9........................................................................................................................... 6 Resolved Security Advisories v10.
Technical Advisories v8.17.2........................................................................................................................................... 33 New Features and Functionality v8.17.1.......................................................................................................................33 Resolved Technical Advisories v8.17.1..........................................................................................................................
Technical Advisories v8.4................................................................................................................................................ 72 New Features and Functionality v8.3.2....................................................................................................................... 72 Resolved Technical Advisories v8.3.2...........................................................................................................................
1 Technical Advisories Encryption Enterprise enables an enterprise to support a mobile workforce with the peace of mind that sensitive information is secure. See KB 301500 to view FIPS compliance status for the data security line of products. Contact Dell ProSupport Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support.
● An issue resulting in encryption sweep failures on computers protected by Dell Encryption and VMWare Carbon Black Cloud or many anti-virus solutions is resolved. [DDPC-12205, DDPSUS-2883] ● An issue resulting in failed provisioning for computers protected by Dell Encryption is resolved. [DDPC-12289, DDPSUS-2893, DDPSUS-2906] ● An issue resulting in nonfunctional shortcuts after completing an encryption sweep is resolved.
BitLocker Manager v10.9 ● No technical advisories exist. New Features and Functionality v10.8 ● The Data Security console now displays the encryption technology in use. ● Full Disk Encryption can now be selected in the feature selection screen of the master installer. ● Full Disk Encryption now writes disk encryption percentage to the registry at the following location: HKLM\SYSTEM \CurrentControlSet\Services\DellMgmtAgent\Parameters ● The DiagnosticInfo utility is now installed when the Encryption Managem
Resolved Technical Advisories v10.8 Encryption Enterprise for Windows v10.8 ● ● ● ● Custom Support Dialog is now properly consumed against a Security Server with nondefault ports when set. [DDPC-8060] Deferred activation now activates properly against a Security Server with nondefault ports. [DDPSUS-2762] Unsupported languages no longer display in help directories after installing Encryption Enterprise. [DDPC-10746] Reboot prompts no longer display on the login screen after decryption.
SED Manager v10.8 ● No technical advisories exist. Full Disk Encryption v10.8 ● No technical advisories exist. BitLocker Manager v10.8 ● No technical advisories exist. New Features and Functionality v10.7 ● ● ● ● Encryption Enterprise is now supported with Windows 10 v2004 (May 2020 Update/20H1). The Dell DiagnosticInfo utility logging is improved. Boot order logging is improved. A new RAID controller driver is added to the Dell Encryption Recovery WinPE environment.
Resolved Technical Advisories v10.7 Encryption Enterprise for Windows v10.7 ● Dell Encryption files are now properly cleaned up during uninstallation. [DDPC-866, DDPC-2548, DDPC-11094, DDPC-11497] ● A rare issue resulting in the DiagnosticInfo utility failing to generate a temporary directory for data collection before packaging is resolved. [DDPC-4981] ● An issue resulting in installation files being improperly flagged as threats is resolved. [DDPC-6827, DDPC-11573, DDPC-11844.
BitLocker Manager v10.7 ● The Encryption Management Agent no longer manages the TPM if TPM management is disabled for BitLocker Manager in the Dell Server. [DDPC-8991, DDPC-11960] ● BitLocker Manager now detects and creates the recovery password protector for non-system drives protected by BitLocker.
○ OpiPlex 7080 Tower Resolved Technical Advisories v10.6 Encryption Enterprise for Windows v10.6 ● An issue resulting in the inability to decrypt and uninstall if multiple System Data Encryption keys were present in the registry is resolved. [DDPC-2428, DDPC-11662, DDPSUS-2208] ● An issue resulting in ERR files after changing policy to Single Overwrite Pass during a System Data Encryption sweep is resolved.
● When leveraging smartcard authentication with the PBA, users are unable to properly select other certificates in the Other Users option. [DDPC-11898] ● No technical advisories exist. SED Managerv10.6 ● No technical advisories exist. Full Disk Encryptionv10.6 ● No technical advisories exist. Bitlocker Managerv10.
Pre-boot Authentication v10.5 ● Boot time when the Pre-boot Authentication environment is present is improved. [DDPC-11042, DDPC-11422, DDPSUS-2471] ● Swiss French keyboard mapping now functions as expected in the Pre-boot Authentication environment. [DDPC-11122, DDPSUS-2579] SED Manager v10.5 ● No technical advisories exist. Full Disk Encryption v10.5 ● No technical advisories exist. Bitlocker Manager v10.5 ● No technical advisories exist. Technical Advisories v10.
Bitlocker Managerv10.5 ● No technical advisories exist. New Features and Functionality v10.4 ● ● ● ● 16 Dell Encryption's DDSSetup and DDSSuite installers have been updated to resolve CVE-2016-2542. Dell has added verbosity in the Policy-Based Encryption logs when performing Windows 10 Feature Updates. Read speed on Full Disk Encryption is improved by parallelized decryption routine. Mounting a disk protected by Full Disk Encryption in a WinPE is now possible through a GUI.
● Full Disk Encryption and SED Manager now support the following platforms: ○ Latitude 5403 ○ Precision 5540 ○ Precision 7540 ○ Precision 7740 ○ XPS 7390 ○ XPS 7390 2-in-1 ○ XPS 7590 Resolved Technical Advisories v10.4 Encryption Enterprise for Windows v10.4 ● The master uninstaller now removes all files and folders as expected. [DDPC-9468] ● An issue resulting in the Encryption service failing after activation and, in rare occurrences, operating system crashes is resolved.
● An issue resulting in duplicate DHCP requests in the Pre-Boot Authentication environment is resolved. This fix reduces boot time. [DDPC-11366] ● An issue resulting in the inability to Single-sign-on through the Pre-boot Authentication environment with a domain user after local administrator activation is resolved. [DDPC-11378] SED Manager v10.4 ● An issue resulting in smartcard login being unavailable for devices protected by SED Manager after resuming from sleep is resolved.
● A high volume events may result in an excessive number of notifications. To suppress notifications, see Encryption Enterprise Advanced Installation Guide. Pre-boot Authenticationv10.4 ● The XPS 7390 touchpad functions improperly after the Pre-boot Authentication environment is created. After logging into Windows, the touchpad functions properly. To work around this issue, use the Tab key to transition between dialog boxes and options.
● Encryption sweeps now function as expected after upgrading a computer protected by Dell Encryption in Encryption External Media mode. [DDPC-10828, DDPSUS-2508] ● An issue resulting in a crash if Microsoft's .Net Framework is corrupted on a computer protected by Dell Encryption is resolved. [DDPC-10871, DDPSUS-2519] ● A rare issue resulting in a crash during a Policy Based Encryption upgrade with Secureboot enabled is resolved.
0=Disabled (default) 1=Enabled NOTE: This value may prevent the Dell credential provider from properly syncing credentials initially due to third-party credential providers being disabled. Ensure the devices using this registry key can properly communicate with the Dell Server. [DDPC-10542, DDPSUS-2410, DDPSUS-2412, DDPSUS-2506] ● An issue resulting in a malformed Pre-boot Authentication database due to incorrect updates to the Pre-boot Authentication environment's datastore is resolved.
New Features and Functionality v10.2.1 ● No technical advisories exist. Resolved Technical Advisories v10.2.1 Encryption Enterprise for Windows v10.2.1 ● An incompatibility issue with Windows 10 March Cumulative Update that resulted in UI errors and missing activation information is resolved. [DDPC-10944, DDPSUS-2537] Pre-boot Authentication v10.2.1 ● No resolved technical advisories exist. Full Disk Encryptionv10.2.1 ● No resolved technical advisories exist. Technical Advisories v10.2.
Resolved Technical Advisories v10.2 Encryption Enterprise for Windows v10.2 ● An issue that caused operating system crash following an Windows update is resolved.[DDPC-5664, DDPC-9457, DDPSUS-1356, DDPSUS-1409, DDPSUS-2216] ● An issue with the Dell Authentication Service resulting in the inability to register recovery questions is resolved. [DDPC-9972, DDPC-10503, DDPC10528, DDPC-10620] ● Added 3/2019 - Check for Policy Updates now triggers policy polling as expected with Policy Based Encryption v10.
Full Disk Encryptionv10.2 ● Performance is improved on computers protected by Full Disk Encryption. [DDPC-9748, DDPC-9787, DDPC-9802, DDPC-9821, DDPC-9889] ● Peripherals no longer experience a delay when waking from hibernation on a computer leveraging Full Disk Encryption. [DDPC-10602, DDPSUS-2418] Technical Advisories v10.2 Encryption Enterprise for Windows ● No technical advisories exist. Pre-boot Authentication v10.2 ● No technical advisories exist. SED Management v10.
Resolved Technical Advisories v10.1 Encryption Enterprise for Windows ● EMS Explorer is now working as expected when connecting an encrypted USB with EMS on a computer without Dell Encryption. [DDPC-5585, DDPSUS-2401] ● Resolved an issue that resulted in the loss of user activation on reboot. [DDPC-6572, DDPSUS-1844] ● Local users can now activate with Dell Encryption installed with Opt-in mode on a computer running Windows April 2018 update and not joined to a domain.
SED Management v10.1 ● No technical advisories exist. Full Disk Encryption v2.1 ● No technical advisories exist. Bitlocker Manager v10.1 ● No technical advisories exist. New Features and Functionality v10.0.1 ● Resolved customer issues. Resolved Technical Advisories v10.0.1 Encryption Enterprise for Windows ● Added 12/2018 - Resolved an issue with Dell Encryption and Digital Persona credential providers conflicting.
Bitlocker Manager v10.0.1 ● No technical advisories exist. New Features and Functionality v10.0 ● Improvements to Windows Update handling in Self-Encrypting Drives and Full Disk Encryption is supported.
Full Disk Encryption v2.0 ● Multiple disks in the computer no longer caused partitioning failures when Legacy fill disk encryption in preview. [DDPC-7986] ● FDE activation no longer fails if the primary partition on the disk is over 1.5TB. [DDPC-8020] Technical Advisories v10.0 Encryption Enterprise for Windows ● In some cases, after changing passwords in Windows, the computer may experience slower logins during the first login or auto-reactivation may occur.
Bitlocker Manager v10.0 ● No technical advisories exist. New Features and Functionality v8.18 ● All clients are now supported with Windows 10 April 2018 Update (Redstone 4 release). ● As the security landscape becomes more complex, administrators are finding themselves needing to layer encryption solutions. Dell Data Security has modified how entitlements are consumed to meet this change in the landscape.
○ Lenovo T560 (UEFI) ● Starting with the Encryption Client v8.18, the authentication provider component has been fully replaced. This installer will leverage a new Dell built-in credentials provider that is part of the Client Security Framework installer. The old Digital Persona credentials provider is set to a disabled state. If leveraging the fingerprint or smart card contact-less authentication, these will no longer work after an upgrade of Encryption Client v8.18. Resolved Technical Advisories v8.
● Touchpad now works after a PBA activation. [DDPC-7758] ● There is no longer a touchpad functionality issue with dual interfaces such as PS/2 and I2C. [DDPC-7865] ● A machine with a non-SED drive, is able to detect the hard drive after enabling FDE and activating PBA. [DDPC-7999] Bitlocker Manager v8.18 ● An error message no longer displays during an upgrade of Digital Persona's Auth when the Dell Data Security Console is also open during the upgrade. [DDPC-7836] Technical Advisories v8.
Full Disk Encryption v1.2 ● In some cases, when user tries to login using PBA after changing hibernations settings, the Single Sign On feature fails. [DDPC-8683] ● In rare circumstances, when attempting to hibernate a system with Windows 10 and FDE activated, it may not properly hibernate. [DDPC-8814] ● Currently, the FDE recovery application becomes unresponsive when selecting a recovery file stored on an encrypted volume.
Legacy Boot Mode FDE For beta testing in non-production environments ● An issue causing the system to fail with a black screen after activating PBA and logging in to Windows has been resolved. [DDPC-6915] ● Added 05/2018 - Operating system Feature updates are supported with Full Disk Encryption. [DDPC-7527] ● Resolved an issue in Legacy BIOS based Full Disk Encryption preview where single sign-on devices from the Pre-Boot Authentication environment into Windows was failing.
○ JA - Japanese ○ ES - Spanish ○ KO - Korean ○ FR - French ○ PT-BR - Portuguese, Brazilian ○ IT - Italian ○ PT-PT - Portuguese, Portugal (Iberian) ○ DE - German ● FDE is available for beta testing in non-production environments on Dell computers running legacy boot mode. ● FDE encryption drivers are now compatible with HVCI . Resolved Technical Advisories v8.17.1 Encryption Enterprise for Windows ● Italian translations have been corrected for the Home/Advanced tab names.
● Added 05/2018- In some cases, the touchpad becomes unresponsive during the PBA login screen on a M300 machine with Windows 10 installed in UEFI mode and PBA enabled. [DDPC-8206] SED Management v8.17.1 ● The Oberthur chip only smart card ID-One COSMO V7.0 is read by the PBA but fails to log in on a UEFI machine. [DDPC-7985] Full Disk Encryption v1.
● An issue that resulted in the Port Control Policy for USB ports to not work properly when connected to a TB-16 dock has been resolved. [DDPC-7446] ● Encryption External Media can now be uninstalled through the Apps list in Windows 10. [DDPC-7465] ● SDE contents are now decrypted after SDE has been turned off on an encrypted machine.
Preboot Authentication v8.16.1 ● Upgrade from Windows 7 to Windows 10 Fall Creators Update (Redstone 3 release) is supported according to Microsoft's supported upgrade paths. For more information, seehttps://docs.microsoft.com/en-us/windows/deployment/upgrade/ windows-10-upgrade-paths SED Management v8.16.1 ● Upgrade from Windows 7 to Windows 10 Fall Creators Update (Redstone 3 release) is supported according to Microsoft's supported upgrade paths. For more information, seehttps://docs.microsoft.
● Encryption sweeps no longer pause or require manual intervention to complete. [DDPC-4499] ● Pausing encryption from the system tray icon now properly pauses the encryption sweep. [DDPC-5372] ● Added 05/2018 - An issue causing the local management console to become unresponsive or file explorer filename sorting to not function after an encryption sweep the Secure Post-Encryption Cleanup policy set to an overwrite value has now been resolved.
Technical Advisories Dell Encryption v8.16 ● During installation, when entering the address as part of the SERVERHOSTNAME, it must be surrounded by brackets when using IPv6. In this scenario, a port number cannot be included as it cannot be resolved as part of the address. [DDPC-7036] PBA Advanced Authentication v8.16 ● Advanced Authentication options display only under the following conditions: ○ When upgrading to v8.
New Features and Functionality v8.15 ● Added 03/2018-Dell has introduced a change to how built-in encryption exclusions are being handled. Previously, built-in exclusions would prevent the encryption of any file that was created, or copied into a folder that was defined within these exclusion lists. Future hard-coded exclusions introduced in 8.
Preboot Authentication Resolved Customer Issues ● An issue is resolved that resulted in pop-up messages persisting rather than closing. [DDPC-3604] SED Client v8.15 ● The Crypto Erase Password policy now cryptographically erases the SED, deletes the authentication tokens for all users, and locks the SED. Afterward, only an administrator can forcibly unlock the device.
BitLocker Manager ● The Local Management Console does not report status of a drive that is both Dell-encrypted and BitLocker-encrypted when the drive is locked. [DDPC-6329] ● SSL is no longer supported. TLS 1.0, 1.1, or 1.2 should be used rather than SSL. New Features and Functionality v8.13 ● ● ● ● ● The Encryption client is now supported with the Windows 10 Creators Update (Redstone 2 release). BitLocker Manager is now supported with Server 2016.
Advanced Authentication ● When a user is removed from a computer just before the computer is shut down, the removal process is now completed as expected. [DDPC-4260] Resolved Customer Issues ● An issue is resolved that resulted in a delay in displaying the User Account Control prompt.
● On some computers, Microsoft KB4015219 may fail to install. [DDPC-5789] Preboot Authentication v8.13 ● Amended 8/2017 - Preboot Authentication fails with some docking stations and adapters. For a list of docking stations and adapters that are supported with PBA, see www.dell.com/support/article/us/en/19/sln296720/. [DDPC-2693, DDPC-6228] SED Client v8.13 ● Amended 7/2017 - Configuration of self-encrypting drives for Dell’s SED management differ between NVMe and non-NVMe (SATA) drives, as follows.
● The PBA user interface has a new look and feel. ● New policies allow the administrator to configure the maximum number of Dell Server connection attempts and the retry interval for the Encryption client running on a server OS. ● A standalone version of Encrypt for Sharing, Encrypt4Share.exe, is now added to the \Dell Data Protection\Encryption folder at installation and can be accessed from the Windows Start menu. Resolved Technical Advisories v8.
● ● ● ● ● ● ● ○ OptiPlex 3050 All-In-One ○ OptiPlex 5250 All-In-One ○ OptiPlex 7450 All-In-One ○ OptiPlex 3050 Tower, Small Form Factor, Micro ○ OptiPlex 5050 Tower, Small Form Factor, Micro ○ OptiPlex 7050 Tower, Small Form Factor, Micro ○ Latitude 3180 ○ Latitude 3189 ○ Latitude 3380 ○ Latitude 3480 ○ Latitude 3580 ○ Latitude 5285 ○ Latitude 5289 ○ Precision 7520 ○ Precision 7720 ○ Precision 5720 All-in-One When the Dell Latitude 7370 with PBA activated is docked, the user is now prompted at the PBA log
[DDPC-4583] Secure Lifecycle ● Encryption sweep performance is improved. [DDPCE-4183] ● An issue is resolved that previously prevented the Save As function in Google Drive to overwrite a protected file with an unprotected update to the file. [DDPCE-4275] Secure Lifecycle Mobile Application ● The bookmark feature now functions as expected on iOS and Android operating systems. [DDPCE-4124, DDPCE-4160] Technical Advisories v8.
XendowSys.xdb xendow.xtc 3. Restart the computer. [DDPCE-4420] ● Added 4/2017 - If an external user is blacklisted and later re-activated, to regain access to keys, the user may be required to uninstall then reinstall Data Guardian. [DDPCE-4458] ● When an internal user attempts to grant protected file access to an unprotected file, an error displays rather than a message that the file is unprotected and, therefore, does not need to be shared. [DDPCE-4461] ● After upgrade from Cloud Edition v2.
Resolved Technical Advisories v8.11 Enterprise Edition for Windows ● An issue is resolved that resulted in the Local Management Console appearing unresponsive while the Encryption client performed tasks in the background. [DDPC-2769] ● Slotted activation now proceeds as expected for users who change their passwords before activation. [DDPC-3279] ● The WSScan user interface now opens to the option of Unencrypted Files, as expected, when commands -ua-, -ua, and uav are used to launch the user interface.
Secure Lifecycle ● When Folder Management is enabled, the Dropbox option remains in Folder Management after Dropbox is uninstalled. [DDPCE-417] ● Files cannot be downloaded directly from a cloud storage provider's website. To work around this issue, open files in the Secure Lifecycle virtual drive on the client computer.
● Added 2/2017 - After canceling an operation to add a date restriction to a file, the Secure Lifecycle window is unresponsive for a short time. [DDPCE-3845] ● Added 4/2017 - Embargo dates occasionally do not display when an embargoed Office document is saved directly to a network drive. To work around this issue, save the file on a local drive and then copy it to the network drive.
● On computers running Windows 10 Education Edition, log files are now stored in \ProgramData\Dell\Dell Data Protection \Encryption as expected, rather than in \ProgramData\Application Data\Dell\Dell\Data Protection\Encryption\. [DDPC-2651] ● An issue that caused the computer to very rarely become unresponsive when renaming a file has been resolved. [DDPC-3086] ● An issue that caused a prompt to reboot in some cases with SDE encryption enabled is resolved.
Resolved Technical Advisories v8.10 Enterprise Edition for Windows ● Installer logging of launch conditions is improved. [DDPC-918] ● An issue that resulted in a computer occasionally becoming unresponsive after reboot is now resolved. [DDPC-1255] ● The Encryption Removal Agent no longer crashes during decryption of HCA- or SDE-encrypted files if the key bundle is missing or inaccessible to the Agent. Instead, a message displays that files could not be decrypted.
Enterprise Edition for SED ● Added 09/2016 - When PBA is activated on a Windows 7 computer without Microsoft Security Advisory 3033929 installed, the computer becomes unstable when resuming from sleep (S3). To work around this issue, install Microsoft Security Advisory 3033929 before installing the SED Client. If the SED Client is already installed, deactivate PBA and uninstall. After installing the Microsoft Security Advisory, reinstall the SED Client. For more information, see https:// technet.microsoft.
● Decryption with the Encryption Removal Agent at uninstallation now succeeds. Previously, in a few cases, decryption began but did not finish sweeping the entire volume. [DDPSUS-751] ● An issue that caused multiple reboots during installation or upgrade on some computers is resolved. [DDPSUS-766] Advanced Authentication ● A non-administrator user can now run an application through User Account Control on a Windows 8, 8.1, or 10 computer with Security Tools installed.
Resolved Technical Advisories v8.9 Enterprise Edition for Windows ● The Encryption client uninstaller now defaults to the uninstall/decrypt option instead of uninstalling but leaving files encrypted. When the option to uninstall without decrypting is selected, the Encryption Removal Agent is no longer installed. [DDPC-857, DDPC-1455] ● Silent uninstallation now supports decryption with pre-download key material on locally and remotely managed clients.
Enterprise Edition for Windows ● Added 04/2016 - A computer running Windows 7 hibernates although the client is unable to encrypt the hibernation data and the Prevent Unsecured Hibernation policy is enabled. [DDPC-1220] ● The organization and naming of some policies differ in the local console and EE or VE Server Remote Management Console.
Advanced Authentication ● Single sign-on now succeeds on computers running Windows 7, with installation of the Microsoft KB, https:// support.microsoft.com/en-us/kb/2533623. [CSF-788] ● Installation now proceeds normally on computers running Windows 10 (64-bit). [CSF-968] Preboot Authentication ● With PBA activated on the Dell Latitude E5250, E5450, and E5550, hibernation now proceeds normally. [CSF-5] ● When PBA is disabled by policy, the client DDP Console now indicates that PBA is deactivated.
Advanced Authentication ● With Windows 10 on Dell Latitude E7250 or E7450, after the computer resumes from sleep, hibernation, warm boot, or cold boot, the user can now authenticate with an enrolled contactless smart card without having to occasionally re-enroll the card. [CSF-362] Enterprise Edition for SED ● Added 11/2015 - The following drives are now supported for SED management: Drives with "X" are supported for SED management but are not qualified for or shipped in Dell systems.
Technical Advisories v8.7.1 Preboot Authentication ● Added 8/2017 - The Dell Optiplex 7040 keyboard becomes unresponsive when the Advanced Boot Options menu is accessed with the PBA active. [DDPC-2684] Technical Advisories v8.7 Enterprise Edition for Windows ● If the HCA algorithm is changed during encryption, SDE encryption rather than HCA re-encryption begins. To work around this issue, restart the computer. After log in, HCA encryption begins normally.
● When DDP|CE is installed but the Dropbox sync client is not, files and folders downloaded from the Dropbox website cannot be decrypted. To work around this issue, install the Dropbox sync client and open Dropbox files in the DDP|CE virtual drive on the client computer. [DDPCE-1810] ● On 64-bit browsers, the notification that the user has navigated away from a protected website does not display. Although the notification does not display, file encryption in the cloud proceeds as expected.
Resolved Technical Advisories v8.6.1 Enterprise Edition for Windows ● During an upgrade, the following error no longer displays: "error Opendatabase,Databasepath,Openmode/error 80004005, (MSI API error)." This error occurred intermittently and the upgrade successfully completed after the user acknowledged the error. [DDPC-882] ● An issue that previously occurred on some Dell Latitude E5540 computers with USB external drives connected that resulted in a blue screen has been resolved.
Resolved Technical Advisories v8.6 Enterprise Edition for Windows ● At uninstallation, decrypting a registry hive that exceeds 52 MB now succeeds and the computer no longer experiences a blue screen when uninstallation is complete. [DDPC-867] ● Encryption Removal Agent failure due to file sharing violations is now resolved. [DDPMTR-883] ● Issues that resulted in rollback of upgrades when installation was attempted more than once are now resolved. [DDPMTR-1029] ● Upgrade from v8.
● Attempting to upgrade Enterprise Edition to Encryption with Deferred Activation results in disabling of deferred activation after reboot and display of the Encryption client entry in Control Panel Programs and Features.
● Upgrade on a computer with a LiteOn M3 series SSD installed and PBA activated fails due to the small disk size. To work around this issue, before upgrading, deprovision the PBA. After upgrade, the PBA can be reactivated. [CSF-528] ● With PBA activated on Dell Latitude E7450, navigation of the Advanced Boot Options menu is not possible because the native keyboard is not available. To work around this issue, deactivate the PBA, access the Advanced Boot Options menu, and keyboard navigation is available.
● The issue of upgrading or uninstalling Encryption with the tray application or console application running causing upgrade and uninstallation failures has been resolved. The tray application and console now close gracefully so that the upgrade or uninstallation can complete as specified. [DDPC-449] ● The rare occurrence of NTFS corruption leading to truncated .pst files is resolved. [DDPC-625] ● Interoperability issues with Symantec Endpoint Protection v12.1.5 have been resolved. Upgrades from SEP v12.1.
● The issue of BitLocker Manager or computers running DDP|HCA contacting the Server too frequently during encryption and decryption has been resolved. The Server is contacted only at encryption/decryption completion (or other regularly scheduled polling intervals).
Technical Advisories v8.5 Enterprise Edition for Windows ● After using the Managed Migration Utility, files that were encrypted with Personal Edition using the User Roaming key are not accessible. To work around this issue, before migrating, ensure that the User Roaming key is not set for either the Application Data Encryption Key or User Data Encryption Key policy. If the User Roaming key is used, change the key to either Common or User, and save the policy change.
Enterprise Edition for SED ● During an update to Intel Rapid Storage Technology Drivers, the self-encrypting drive may become undetectable. To resolve this issue, reboot the computer a second time after the update has been applied. [MMW-633] Cloud Edition ● When using the master installer to install Cloud Edition and installing using the interactive UI mode, the Encryption client is automatically selected in the list of features to install and, therefore, two licenses are consumed.
Advanced Authentication ● Previously, when using a non-USH external fingerprint reader, after the computer went to sleep or was rebooted, logon using fingerprint failed. The issue with the credential provider timing out when attempting to confirm the fingerprint reader is connected to the computer is resolved.
● When replacing a provisioned self-encrypting drive (with the Preboot Authentication environment active) with a new selfencrypting drive and provisioning the Preboot Authentication environment, after the new SED is provisioned, the old SED can no longer be recovered. [DDPLP-150, MMW-581] ● On the Dell Latitude Rugged Extreme, the user is able to detach the tablet from the dock. However, the dock is needed to log in through the PBA. Detach the tablet only after the PBA authentication step is complete.
Technical Advisories v8.4 Cloud Edition ● The Dropbox preference, "Share screenshots using Dropbox", allows users to upload unencrypted screenshots to cloud storage. Administrators should consider putting a company policy in place that instructs users to not enable this Dropbox feature. [DDPCE-319] ● After a device is suspended from the system tray icon, the device can still access the Dropbox web site.
Technical Advisories v8.3.2 Enterprise Edition for Windows ● Local options to manage the secondary drive are unavailable in the Dell Data Protection | Encryption console until after a policy change on that drive is applied and the computer is re-booted. [29046] ● PCIe SSDs are not supported on Precision T-series computers. New Features and Functionality v8.3.1 ● Enterprise Edition for Windows now supports Offline Files and Folders. For an overview of Offline Files and Folders, see http://windows.microsoft.
● The Shield now properly processes category 3 policies to override ADE-encrypted (category 2) files. [25211] ● Previously, a message stating "Invalid Value for 103" was displayed in the local console and current settings were not viewable. This issue has been resolved. [27005] ● Sweep status update failures are reduced due to improved processing around renaming of internal lists to ensure that the rename does not fail if the file already exists.
Cloud Edition ● When an iOS device is moved to a different Enterprise Server, the local policy and cached keys are now correctly reset. [27765] ● Users can no longer access protected sites when the policy is set to block those sites. [DDPCE-24] ● When using OneDrive and an iOS app, files uploaded to the cloud are no longer deleted by the sync client running on a Windows computer.
● ● ● ● ● shut down, PBA activation begins. However, provisioning will be completed only after a subsequent reboot and entry of the Encryption Administrator Password. [28722] Infrequently, after HCA policy is set, the Preboot Authentication screen does not display until the computer is restarted a second time.
Advanced Authentication ● Removing the USB Fingerprint reader without ejecting the device causes Dell ControlVault to fail. The issue occurs because Windows handles the removal action of biometric devices incorrectly. To correct this issue, download and install the Hotfix available at http://support.microsoft.com/kb/2913763. [27696] ● A contactless card may not be immediately recognized, because Windows does not load its driver.
● Amended 05/2014 - Attempting to upgrade from 8.0.0 or 8.0.1 to the latest release fails and an error message is displayed saying that the computer has not been modified. This issue occurs because the installer cannot deactivate the PBA and, therefore, uninstallation of the earlier version is blocked. To work around this issue, deactivate the PBA and reboot the computer before attempting to upgrade to the new version.
● Log files are now placed in the proper directory on localized operating systems. [25463] ● An unrecoverable error no longer occurs upon encryption completion when the Local Management Console is left open and the computer is locked for an extended period of time. [27545] ● Interoperability issues when using VMware image files have been resolved. [28355] ● Previously, when uninstalling the Encryption client, if the uninstaller failed, the Decryption Agent would be installed before the uninstaller failed.
not supported. Changing the algorithms to AES128 or AES256 fixes the issue of occasional file corruption when using EMS and taking an encrypted device to a non-Shielded computer and attempting to open the files through EMS Explorer. [27597] Enterprise Edition for SED ● The PBA authentication process times on Samsung drives have been improved. [27318] ● A message that reads "Please do not turn off or unplug your computer" persists on the Dell Latitude E6440 running Microsoft Windows 7 (32-bit).
Resolved Technical Advisories v8.1 All Products ● Windows Vista is no longer a supported operating system. Enterprise Edition for Windows ● The Dell Data Protection | Encryption v8.x conflict with Symantec Endpoint Protection v12.x. has been resolved. The SEP v12.x product uses 2 separate filter drivers which led to a dead-lock with the re-architected Dell Data Protection | Encryption v8.x file encryption driver.
Enterprise Edition for SED ● Amended 03/2014 - The computer does not Single Sign-on (SSO) after waking up from Hybrid Sleep. After the user enters their credentials at the Preboot Authentication (PBA) screen, the computer stops at the Windows logon screen and the user must manually log on to the computer. Dell Data Protection | Security Tools and Dell Data Protection | Encryption do not support Hybrid Sleep states and SSO when Preboot Authentication (PBA) is Active.
Resolved Technical Advisories v8.0 Enterprise Edition for Windows ● As of v8.0, Shield and PCS events are turned off by default. The events can be re-enabled by configuration changes. EMS events remain as they have been in previous versions. ● To reduce the chances of DPAPI authentication failure, the registry is now notified of cached credential changes. ● Inventory times no longer display future times after a reboot when using SDE.
Advanced Authentication ● Advanced Authentication cannot be installed when Dell Data Protection | Access is present on the computer. Follow the steps in the Dell Data Protection | Enterprise Edition Administrator Guide to uninstall DDP|A. [27073] New Features and Functionality v7.7 Enterprise Edition for Windows Enterprise Edition for Windows and External Media Edition now update the Dell Enterprise Server to change the status to Unprotected at the beginning of a client uninstall process.
● File corruption issues related to an Intel update to the CPU IPP libraries no longer occur. [24086] ● Changes were made to the SDE key unlock mechanism to accommodate processors that reflect battery life in CPU ID. [24195] ● Improvements have been made to timing issues related to start up that resulted in blue screens. These issues occurred rarely, but were serious in nature.
Technical Advisories v7.2.1 Enterprise Edition for Windows ● When using a desktop computer and attempting to block SD card ports by using the "Port: SD" policy, blocking SD ports will not be successful. For desktop computers, the "Storage Class: External Drive Control" policy must be used to effectively block SD ports. The use of the "Storage Class: External Drive Control" policy blocks access to all external storage devices irrespective of what bus they are on.
WFP.dll cache WMI DB IIS Metabase File types which are monitored by System Restore are as specified in http://msdn.microsoft.com/library/en-us/sr/sr/ monitored_file_extensions.asp. Using System Restore on any of these files which are encrypted by Dell Data Protection | Encryption can potentially cause corruption. Backup and restoration of Shield-encrypted files should be done at the folder level and not on an individual file basis. [23437] Resolved Technical Advisories v7.0.
2 Workarounds Before you begin, be aware of the following workarounds that have been identified during testing. ● To host EMS, external media must have 64 MB available, plus open space on the storage that is equal to the largest file to be encrypted. To work around the issue, free up space on the storage or use media with more storage capacity. [DDPC-243] ● Encrypted data must be backed up while its owner is logged in.
3 Software and Hardware Compatibility Enterprise Edition is tested with third-party software and hardware as needed. Dell reports problems found during testing to other vendors, where appropriate. Upgrade to the latest Windows 10 Feature Update ● To upgrade a computer running the Encryption client to the latest version of Windows 10 Feature Update, follow the instructions in the following article: http://www.dell.com/support/article/us/en/19/SLN298382.
Norton Ghost ● The Encryption client is compatible with Norton Ghost 10.0. However, Ghost implements several file restore workflows, and not all of them are recommended with the Encryption client. The preferred method to recover files from a Ghost image is the Advanced Explore Recovery Points. Consult the Ghost documentation for instructions.
ePocrates Rx Pro ● Because its databases contain only formulary reference information, if your organization uses ePocrates Rx Pro, we recommend that you exclude certain databases from encryption using the Databases to Exclude from Encryption policy. See the following table for the databases to exclude.
