Dell Endpoint Security Suite Enterprise Technical Advisories v3.1 August 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2021 Dell Inc. All rights reserved.
Contents Chapter 1: Technical Advisories.....................................................................................................5 Contact Dell ProSupport....................................................................................................................................................5 New Features and Functionality v3.1..............................................................................................................................5 Resolved Security Advisories v3.
New Features and Functionality v1.8........................................................................................................................... 35 Resolved Technical Advisories v1.8...............................................................................................................................37 Technical Advisories v1.8.................................................................................................................................................
1 Technical Advisories Endpoint Security Suite Enterprise offers advanced threat protection at the operating system and memory layers, authentication, and encryption, all centrally-managed from the Security Management Server or Security Management Server Virtual. With centralized management, consolidated compliance reporting, and console threat alerts, businesses can easily enforce and prove compliance for all of their endpoints.
Encryption v3.1 ● The Encryption Management Agent now creates folders for use with Windows 10 Feature Updates only for the Dell Encryption solutions installed. [DDPC-12038] ● An issue resulting in corruption of hard link files after new data is written is resolved. [DDPC-12079] ● Files in OneDrive folders now decrypt as expected. [DDPC-12444] ● Dell Encryption now uninstalls properly using the Data Security Uninstaller and the Encryption Removal Agent - Download Keys from Server option.
Invalid Value for 100 [DDPSUS-2980] ● When changing the password for removable media protected by Encrypted External Media, Password Accepted displays incorrectly. [DDPC-12721] ● The Data Security Console does not currently display information for protected removable media. [DDPC-12722] ● The Data Security Uninstaller currently does not uninstall properly if using the Encryption Removal Agent - Import Keys from a File option.
Resolved Security Advisories v3.0 ● The Endpoint Security Suite Enterprise signing certificate is updated. Resolved Technical Advisories v3.0 Advanced Threat Prevention v3.0 ● No technical advisories exist. Firewall and Web Protection v3.0 ● The Web Protection and Client Firewall SDK has been updated. This change ensures compatibility with new Cylance and Dell signing certificates and affects that are protected by Endpoint Security Suite Enterprise v2.9 and older protected by Dell Encryption v10.
Pre-boot Authentication v3.0 ● No technical advisories exist. SED Manager v3.0 ● The Encryption Management Agent now performs additional checks during installation and uninstallation to detect if the computer was rebooted. This prevents an inaccessible boot drive. [DDPC-12390, DDPSUS-2925] Full Disk Encryption v3.0 ● An issue that is caused by boot sector mapping resulting in the inability to boot into the PBA on a computer that is protected by Dell Encryption is resolved.
Pre-boot Authentication v3.0 ● Computers leveraging Microsoft-based accounts and protected by SED Manager with the Sync Users at PBA Activation policy enabled currently cannot use single sign-on after rebooting. As a workaround, at the Windows sign-in screen, select Other User and log in using your user name and password. Single sign-on is functional for the local users and Active Directory domain users if the system is domain-joined. [DDPC-12089] SED Manager v3.
Firewall and Web Protection v2.9 ● Web Protection and Firewall can now be installed during a Dell Encryption upgrade. [DDPC-11999] ● When updating Endpoint Security Suite Enterprise interactively, Firewall and Web Protection now upgrades as expected. [DDPC-12022] Encryption v2.9 ● If a duplicate user attempts to activate with Deferred Activation, the following message displays: Activation Failed & the user is already activated on this computer.
Technical Advisories v2.9 Advanced Threat Prevention v2.9 ● No technical advisories exist. Firewall and Web Protection v2.9 ● No technical advisories exist. Encryption Client v10.9 ● Devices with multiple disks may not display the status of disks immediately when selecting the Encryption tab in the Data Security Console . [DDPC-11346] ● If Policy-Based Encryption is installed before the Encryption Management Agent, computer crash may occur.
● The DiagnosticInfo utility now displays the following prompt for Personally Identifiable Information: ● Full Disk Encryption and SED Manager now support the following platforms: ○ Latitude 9510 ○ Latitude 9510 2-in-1 ○ XPS 15 9500 Resolved Security Advisories v2.8 ● Additional files used during the installation of Endpoint Security Suite Enterprise are now signed.
Pre-boot Authentication v2.8 ● When using Recovery Questions to log in through the PBA, the password reset prompt now only appears for the first 90 seconds after login. [DDPC-11671] ● Right-clicking the username, password, smart card, pin or recovery answer field in the PBA no longer yields a menu. [DDPC-11795] ● An issue resulting in third-party authentication providers being disabled by default is resolved. [DDPC-12057, DDPSUS-2818] SED Manager v2.8 ● No technical advisories exist.
Full Disk Encryption v2.8 ● No technical advisories exist. BitLocker Manager v2.8 ● No technical advisories exist. New Features and Functionality v2.7 ● Windows 10 v2004 (May 2020 Update/20H1) does not support 32-bit architecture. For more information, see https:// docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview. ● Endpoint Security Suite Enterprise is now supported with Windows 10 v2004 (May 2020 Update/20H1).
● Dell's DiagnosticInfo utility now queries additional registry entries for more comprehensive results. ● Endpoint Security Suite Enterprise can now prompt the user to reboot their computer after the Encryption Removal Agent finishes its final state in the decryption process. This prompt can be disabled by configuring a registry value or enabling Force Reboot on Update in the Management Console. When Force Reboot on Update is enabled in the Management Console, the following registry entry is created. HKLM\S
● An issue resulting in ERR files after changing policy to Single Overwrite Pass during a System Data Encryption sweep is resolved. [DDPC-2751, DDPC-5038, DDPC5148, DDPC-7708, DDPC-8019, DDPC-8116] ● A rare issue resulting in the DiagnosticInfo utility failing to generate a temporary directory for data collection before packaging is resolved. [DDPC-4981] ● The reboot prompt no longer displays off-screen after a policy requiring a reboot is updated.
● An issue resulting in domain-added users failing to authenticate when a third-party credential provider is in use after an administrator invoked password change is resolved. [DDPC-11654, DDPSUS-2506, DDPSUS-2695] ● In issue resulting in the Dell Credential provider resetting the password field as a user attempts to log in after logging off or unlocking the computer is resolved. [DDPC-11826, DDPSUS-2739] BitLocker Manager v2.
SED Manager v2.7 ● No technical advisories exist. Full Disk Encryption v2.7 ● No technical advisories exist. BitLocker Manager v2.7 ● If the TPM is unmanaged, requiring BitLocker Manager to use the TPM or TPM and PIN results in a log error that does not clearly specify the state of TPM management. [DDPC-11960] New Features and Functionality v2.5 ● ● ● ● ● ● ● Swedish keyboards are now supported by the Pre-boot Authentication environment.
Encryption v2.5 ● An issue resulting in corrupted files created by Notepad++ and Onenote is resolved. [DDPC-11440, DDPSUS-2385, DDPSUS-2642] ● An issue resulting in files not encrypting after a change in encryption algorithm is resolved. [DDPC-11460] ● A rare occurrence resulting in the Change Password option to not display at Windows login is resolved. [DDPC-11400] ● Installing Dell Encryption with older versions of Encryption Management Agent now creates independent system tray icons for each product.
SED Manager v2.5 ● No technical advisories exist. Full Disk Encryption v2.5 ● Full Disk Encryption's encryption status may not properly display in the Data Security Console on computers protected by Dual Encryption. [DDPC-11133] Bitlocker Manager v2.5 ● No technical advisories exist. New Features and Functionality v2.4 ● ● ● ● ● ● ● ● ● Dell Encryption's DDSSetup and DDSSuite installers have been updated to resolve CVE-2016-2542.
● Full Disk Encryption and SED Manager now support the following platforms: ○ Latitude 5403 ○ Precision 5540 ○ Precision 7540 ○ Precision 7740 ○ XPS 7390 ○ XPS 7390 2-in-1 ○ XPS 7590 Resolved Technical Advisories v2.4 Advanced Threat Prevention v2.4 ● The master uninstaller now functions properly on non-English operating systems with Advanced Threat Prevention installed. [DDPC-11338] Encryption v2.4 ● The master uninstaller now removes all files and folders as expected.
● An issue resulting in the inability to install Cadence, orCAD, and Allegro with Encryption present on the target computer is resolved. [DDPC-11420, DDPSUS-2630] ● An exception resulting in the Encryption service crashing is resolved. [DDPC-11425, DDPSUS-2629] ● An issue resulting in system crash caused by a new file classification starting in KB4515384 and KB4512941 is resolved. For more information, see KB article SLN318627.
Technical Advisories v2.4 Advanced Threat Prevention v2.4 ● No technical advisories exist. Encryption Client v10.4 ● After installing Dell Encryption, the Support pane in the Data Security Console displays a blank page until the device activates, or an internet connection is available.
Bitlocker Manager v2.4 ● No technical advisories exist. New Features and Functionality v2.3 ● Pre-boot Authentication now supports block SID features. ● Dell Encryption now supports Micron 1300 self-encrypting drives. ● Dell Encryption now supports the following platforms: ○ Latitude 5300 ○ Latitude 5500 ○ Latitude 7200 2-in-1 ○ Latitude 7400 ○ Latitude 7400 2-in-1 ● Advanced Threat Prevention 1531.1 has been integrated into Endpoint Security Suite Enterprise v2.3. ● Endpoint Security Suite Enterprise v2.
NOTE: This fix requires the BIOS update launched in late April 2019 or in May 2019. The BIOS revision and release date will vary based on the platform affected. If the BIOS update is applied before Dell Encryption v2.3 is installed on devices with US English keyboards, the Pre-boot Authentication environment may not properly translate all characters. ● An issue resulting in an incorrect prompt when a new user attempts authentication with a smart card without connection to the Dell Server is resolved.
"UseEncryptableVolumeType" = DWORD:1 0=Disabled (default) 1=Enabled [DDPC-10510, DDPSUS-2279] ● An issue resulting in one minute polling is resolved. [DDPC-10964, DDPSUS-2539] Technical Advisories v2.3 Advanced Threat Prevention v2.3 ● No technical advisories exist. Encryption Client v10.3 ● In rare occurrences, when the TPM is in a cleared state in BIOS, Dell Encryption may attempt to take ownership of the TPM and receives a null value.
Resolved Technical Advisories v2.2.1 Advanced Threat Prevention v2.2.1 ● No resolved technical advisories exist. Encryption v10.2.1 ● An incompatibility issue with Windows 10 March Cumulative Update that resulted in UI errors and missing activation information is resolved. [DDPC-10944, DDPSUS-2537] Pre-boot Authenticationv2.2.1 ● No resolved technical advisories exist. Full Disk Encryption v2.2.1 ● No resolved technical advisories exist. Technical Advisories v2.2.1 Advanced Threat Prevention v2.2.
New Features and Functionality v2.2 ● Advanced Threat Prevention is now supported on Windows 10 October 2018 Update (Redstone 5 release). ● Advanced Threat Prevention 1511.5 has been integrated into Endpoint Security Suite Enterprise v2.2. ● Optional Firewall and Web Protection features are now supported on Windows 10 October 2018 Update (Redstone 5 release). ● Following Windows 10 feature upgrade, a restart is required to finalize Dell Encryption.
● The K13A Rugged dock (only compatible with Rugged computers) no longer requires the an open lid to display on external monitors. [DDPC-10093] ● A network connectivity issue on the Lenovo Thinkpad T560 with BIOS version N1KET39W (1.26) 2018-05-28 in UEFI mode is resolved. [DDPC-10498] ● Recovery question user experience is improved. [DDPC-10544, DDPC-10543, DDPC-10640] ● The Sign In button is no longer enabled following initial activation of the pre-boot authentication.
● Advanced Threat Prevention is now supported on Windows 10 IoT Enterprise. ● Dell Encryption v10.1 and later defaults to leveraging a new cryptographic library, provided by RSA, as well as multiple new options for cryptographic libraries. For more information, see http://www.dell.com/support/article/us/en/19/SLN301500. ● HP EliteBook 840 G4 and HP EliteBook 1040 G3 have been validated with SED and FDE when running in UEFI Boot mode.
● Windows 10 upgrades on systems running Full Disk Encryption may fail on a computer with Advanced Threat Prevention when script control is enabled and set to Block . To work around this issue, exclude the working directories for Windows 10 Updates, or set Script Control to Alert mode while the Windows 10 upgrade is running. For more information see: https:// www.dell.com/support/article/us/en/04/sln298382 . [DDPC-10445] Encryption Client v10.
Encryption Client v10.0.1 ● Added 12/2018 - Resolved an issue with Dell Encryption and Digital Persona credential providers conflicting. [DDPC-10120] ● The installation of Dell Encryption on a domain controller no longer changes the local machine policies set in the "Default Domain Policy" Group Policy Object. Dell Authentication can handle logging in with no password set when a 0 password length policy is enabled. For more information, see https://www.dell.
Resolved Technical Advisories v2.0 Advanced Threat Prevention 2.0 ● An issue resulting with a shift in licensing when an installation of Threat Prevention entitlement used with a non-Dell McAfee version with Endpoint Security Suite Enterprise installed on top has been resolved. [DDPC-9454] Encryption Client v10.
Encryption Client v10.0 ● In some cases, after changing passwords in Windows, the computer may experience slower logins during the first login or auto-reactivation may occur. To work around this issue, run WSDeactivate after changing the password. [DDPC-9459] ● In rare occurrences, when updating to v10.0, an error may present if the user interface is used for the update. This can be safely closed with no impact to the install.
● As the security landscape becomes more complex, administrators are finding themselves needing to layer encryption solutions. Dell Data Security has modified how entitlements are consumed to meet this change in the landscape. Dual Encryption is now offered through volume license as a solution to customers who want to encrypt data on Windows computers using two Dell Encryption technologies.
● Starting with the Encryption Client v8.18, the authentication provider component has been fully replaced. This installer will leverage a new Dell built-in credentials provider that is part of the Client Security Framework installer. The old Digital Persona credentials provider is set to a disabled state. If leveraging the fingerprint or smart card contact-less authentication, these will no longer work after an upgrade of Encryption Client v8.18. Resolved Technical Advisories v1.8 Encryption Client v8.
● A machine with a non-SED drive, is able to detect the hard drive after enabling FDE and activating PBA. [DDPC-7999] Bitlocker Manager v8.18 ● An error message no longer displays during an upgrade of Digital Persona's Auth when the Dell Data Security Console is also open during the upgrade. [DDPC-7836] Technical Advisories v1.8 Advanced Threat Prevention v1.8 ● Advanced Threat Prevention events may not show immediately in the Standard UI interface. To display these events, exit and re-query for events.
SED Management v8.18 ● When a NVME is used as a data drive with a standard 2.5" Self Encrypting Drive, a "Device Locked" message will display on the PBA screen. [DDPC-9256] Full Disk Encryption v1.2 ● In some cases, when user tries to login using PBA after changing hibernations settings, the Single Sign On feature fails. [DDPC-8683] ● In rare circumstances, when attempting to hibernate a system with Windows 10 and FDE activated, it may not properly hibernate.
Preboot Authentication v8.17.2 ● The username text is now displayed in French on the PBA screen after FDE has been installed on a UEFI machine. [DDPC-8012] ● An issue where the Lock/Unlock commands were not immediately enforced even though the "check for PBA commands" policy was enabled has been resolved. [DDPC-8021] Legacy Boot Mode FDE For beta testing in non-production environments ● An issue causing the system to fail with a black screen after activating PBA and logging in to Windows has been resolved.
Bitlocker Manager v8.17.2 ● No technical advisories New Features and Functionality v1.7.
Technical Advisories v1.7.1 Encryption Client v8.17.1 ● In some cases, a device may not show in compliance after sweep completes. The current workaround is to reboot the device. [DDPC-7977] Preboot Authentication v8.17.1 ● In some cases, the intensity of USB Type C mouse seems to strengthen while user is in PBA on a UEFI machine. [DDPC-7885] ● When a network cable is unplugged after loading the PBA, there is no IP address captured which causes the server sync to fail.
● The Encryption client is now supported with Windows 10 Fall Creators Update (Redstone 3 release). Upgrades to Fall Creators Update are now supported. ● SED Management and Bitlocker Manager are now supported with Windows 10 Fall Creators Update (Redstone 3 release). Upgrades to Fall Creators Update are supported, except for upgrades from Windows 7. ● Full Disk Encryption is now supported with Windows 10 Fall Creators Update (Redstone 3 release). Upgrade to Fall Creators Update will be supported in v8.17.1.
Full Disk Encryption v1.0 ● Resetting the TPM or replacing a motherboard no longer causes the PBA to lock out. [DDOC-7337] Technical Advisories v1.7 All Clients ● No Technical Advisory exists for all clients Dell Encryption v8.17 ● No Technical Advisories exist. Preboot Authentication v8.16.1 ● Upgrade from Windows 7 to Windows 10 Fall Creators Update (Redstone 3 release) is supported according to Microsoft's supported upgrade paths. For more information, seehttps://docs.microsoft.
● ● ● ● ● in addition to disk encryption, with the capability to remotely disable endpoint login and lock the device. Keys are protected with the Trusted Platform Module (TPM), preventing access to encrypted data in the event that the hard drive is removed from the computer. Web Protection and Client Firewall features can now be installed independently of Dell Encryption.
● An issue resulting in BSOD when resuming from hibernation using an NVMe drive in AHCI is resolved. [DDPC-6456] ● An issue is resolved that resulted in customized Encryption External Media dialogue boxes to display incorrectly. For more information, see http://www.dell.com/support/article/us/en/19/sln302925. [DDPC-6537] ● Applications using Microsoft's Encrypted File System no longer conflict with Policy Based Encryption. [DDPC-6846] ● A USB 3.
The following installs Web Protection and Client Firewall with default parameters (silent mode, install Client Firewall and Web Protection, override Host Intrusion Prevention, no content update, no settings saved). EPSetup.exe ADDLOCAL="fw,wc" /override"hips" /nocontentupdate /nopreservesettings / l"C:\ProgramData\Dell\Dell Data Protection\Installer Logs\McAfee" /qn ○ \Threat Protection\ThreatProtection\WinXXR The following example installs the client with default parameters (suppress the reboot, no dialogu
● Full Disk Encryption is not supported with BitLocker or BitLocker Manager. Do not install Full Disk Encryption on a computer on which BitLocker or BitLocker Manager is installed. [DDPC-7311] ● Full Disk Encryption requires a 180 Mb partition at the end of the drive to write the Preboot Authentication environment to the local disk. The sectors used for this partition are stored within the registry for tracking within the host operating system and the Preboot Authentication environment.
Resolved Technical Advisories - Auto-Updates For information about periodic Advanced Threat Prevention updates for enterprises enrolled for Agent Auto Update on the Dell Server, see http://www.dell.com/support/article/us/en/19/SLN305419/dell-data-protection-endpoint-security-suiteenterprise-and-dell-data-protection-threat-defense-release-notes?lang=EN. Select the Saas Updates tab.
Technical Advisories v1.5 Advanced Threat Prevention v1.5 ● To block all PowerShell scripts with Advanced Threat Prevention, both the PowerShell and PowerShell Console policies must be set to Block in the Dell Server Remote Management Console. When both policies are set to Block, no scripts can be run, either through the PowerShell console or the Cmd console. This ensures that PowerShell one-line scripts are not vulnerable to execution.
● Recovery of a SanDisk X300 drive with the Recovery All bundle succeeds but may require up to two minutes to complete. [DDPC-6389] ● SSL is no longer supported. TLS 1.0, 1.1, or 1.2 should be used rather than SSL. SED Client v8.15 ● SSL is no longer supported. TLS 1.0, 1.1, or 1.2 should be used rather than SSL. BitLocker Manager v8.15 ● The Local Management Console does not report status of a drive that is both Dell-encrypted and BitLocker-encrypted when the drive is locked.
Resolved Customer Issues ● Setting the registry entry, EnableNGMetadata, resolves an issue that resulted in Microsoft update failure on computers with Common key-encrypted data and performance issues related to encrypting, decrypting, or unzipping large numbers of files within a folder. Set the EnableNGMetadata registry entry in the following location: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CmgShieldFFE] "EnableNGMetadata" = dword:1 0=Disabled (default) 1=Enabled [DDPC-694, DDPC-794, DDPSUS-8
Technical Advisories v1.4 Advanced Threat Prevention v1.4 ● Setting an Action in a Client Firewall rule to Block IPv4 traffic prevents client connectivity with the Dell Server. Do not set such an Action when running in Connected Mode. [DDPC-5716] ● The Client Firewall and Web Protection features of Endpoint Security Suite Enterprise v1.4 require Dell Enterprise Server or VE v9.7 or later. Before upgrading clients to use these features, Dell Server v9.
■ ■ RAID ON is not supported because access to read and write RAID-related data (at a sector that is not available on a locked non-NVMe drive) is not accessible at start-up, and cannot wait to read this data until after the user is logged on. The operating system will crash when switched from RAID ON > AHCI if the AHCI controller drivers are not preinstalled. For instructions on how to switch from RAID > AHCI (or vice versa), see http://www.dell.com/support/ article/us/en/19/SLN306460.
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Fixed an issue where the Agent communicated using SSL 3.0 or TLS 1.0 only. Fixed an issue with a Windows device failing to generate a fingerprint. Resolved issue with Microsoft Word template file not being recognized when added to the whitelist. Fixed an issue with the Windows OS version incorrectly being reported to the Console. Fixed an issue with the false detection of Nsight drivers on Windows devices.
● Fixed an issue where the ScriptCache folder was consuming too much disk space if Script Control for Office Macros was enabled. Office documents are no longer cached as part of ScriptCache; only ActiveScript and PowerShell scripts are cached. ● Fixed an issue to ensure that on-demand scans are using both the Local model as well as Cloud lookups, as with background scans. ● Resolved a compatibility issue between Memory Protection and Remote Desktop on Windows 8 computers.
NOTE: Agent version 1401 supports Windows 10 Anniversary Edition but does not support Device Guard or Credential Guard, optional Windows 10 security features. If these features are enabled, disable them before using the Agent. Added 4/2017 - Resolved Technical Advisories - Auto-Updates For information about additional periodic Advanced Threat Prevention updates for enterprises enrolled for Agent Auto Update on the Dell Server, see http://www.dell.
● ● ● ● ● ● ● ○ Latitude 3480 ○ Latitude 3580 ○ Latitude 5285 ○ Latitude 5289 ○ Precision 7520 ○ Precision 7720 ○ Precision 5720 All-in-One When the Dell Latitude 7370 with PBA activated is docked, the user is now prompted at the PBA login screen for the authentication method set by policy rather than the access code. [DDPC-2693] An issue with smart card single sign-on that resulted in an error, "User did not sync with PBA," is now resolved.
Advanced Threat Prevention v1.3 ● Persistent and non-persistent clients' Protected status differs in the Dell Server Remote Management Console: Persistent - Following the first restart after activation, the client status is Protected. Non-Persistent - The client status does not change to Protected after activation, since the virtual machine does not retain the client instance after restart. Encryption Client v8.
● Fixed an issue where installing the Agent MSI package using the command line without including the installation token resulted in the Agent requiring an uninstall password and the Agent could not be uninstalled. ● Fixed an issue where a USB device was not being blocked upon first use on Windows XP and Windows Server 2003 devices when Device Control was enabled and set to Block. ● Fixed an issue with WMI errors occurring on Windows devices during startup and shutdown.
● Resolved a compatibility issue between Memory Protection and NVIDIA Nsight. ● Fixed an issue where Agents deleted from the Management Console would still attempt to connect to the Management Console to upload Agent logs. ● Resolved a compatibility issue between Memory Protection, Auto-Quarantine (AQT) and Novell Zenworks Logger. ● Fixed an issue where the Advanced Threat Protection service was not properly starting on devices using .NET 4 Client Profile.
● Addressed an issue where enabling Memory Protection on Windows Server 2012 with vShield resulted in a black screen on Remote Desktop (RDP) login/logout. ● Increased the details for Memory Protection events for Verbose logging. ● Fixed an issue where no event was reported to the Server for remote script execution. ● Addressed conflicts with the Luminex driver. ● Fixed an issue where enabling Memory Protection would cause a black screen to display when a user logged in to the device.
Technical Advisories v1.2 Advanced Threat Prevention v1.2 ● Added 8/2017 - The Advanced Threat Prevention tile displays Not Protected until the computer is restarted a second time. Occasionally, it is necessary to restart the DellMgmtAgent service. [CYL-435] Encryption Client v8.11 ● Cumulative encryption exclusions are now automatically applied when the Encryption client is upgraded. This will require an encryption sweep for each user upgraded to v8.11 or later.
Resolved Technical Advisories v1.1.1 Advanced Threat Protection v1.1.1 ● If Endpoint Security Suite Enterprise is uninstalled and then reinstalled on the same computer, committing a policy change at the Dell Data Protection Server is no longer necessary for the endpoint to receive policies. [DDPC-1616, CSF-1305] Encryption Client v8.10.1 ● A timeout message logged during a failed activation has been modified to clarify the timeout period in milliseconds.
○ Windows Server 2012 R2 ● Dell Data Protection | Server Encryption is now supported. Server Encryption provides remote management of servers, including the following: ○ Software encryption ○ Port control ○ Removable storage encryption ○ Support for maintenance scheduling, which allows control over enforcement of policies that require reboot ● Endpoint Security Suite Enterprise now includes an automatic client update feature.
Advanced Authentication v8.10 ● On Dell Latitude 3450 and 3550 computers running Windows 10, fingerprint authentication now proceeds as expected. [DDPC-1598/CSF-772] ● After restoring credentials in Password Manager, a second authentication prompt no longer displays. [DDPC-1617] ● Password Manager logon now functions as expected with Dell Remote Management Console logon. [DDPC-2356] Preboot Authentication v8.
● After a computer crash or forced shutdown, encrypted files occasionally become unavailable. To work around this issue, run WSDeactivate then reactivate the Encryption client. [DDPC-3228] SED Client v8.10 ● Added 09/2016 - When PBA is activated on a Windows 7 computer without Microsoft Security Advisory 3033929 installed, the computer becomes unstable when resuming from sleep (S3). To work around this issue, install Microsoft Security Advisory 3033929 before installing the SED Client.
● On a Windows computer, External Media Shield now successfully opens files and folders named with accented characters that are stored on external media and provisioned using a Mac computer. [DDPC-1517] ● When encryption models are changed (SDE to HCA) after an encryption sweep has completed, the computer no longer experiences a temporary blue screen. Previously, this occurred while key types were swapped, and allowing the computer to reboot typically restored functionality.
BitLocker Manager v8.9.1 ● Volumes with Unicode strings in their serial numbers are now correctly reported in inventory. [DDPC-1899] Technical Advisories v1.0.1 Advanced Threat Protection v1.0.1 ● Advanced Threat Protection cannot be upgraded in place from v1.0 to v1.0.1. To work around this issue, uninstall Advanced Threat Protection v1.0 and install Advanced Threat Protection v1.0.1: 1. Run the following command line to uninstall Advanced Threat Protection: msiexec.
Reporting and auditing processes are simplified, with comprehensive protection and FIPS compliance. Extensive reporting and auditing capabilities and secure recovery key escrow help auditors easily determine compliance. Technical Advisories v1.0 Advanced Threat Protection v1.0 ● To avoid very long installation times due to Windows updates running on Windows 7, ensure that all updates are installed before beginning installation.
Preboot Authentication v8.9 ● After recovering PBA access through recovery questions, the password change page displays a message that, if no action is taken, the user will be automatically logged in to the Windows session, although no automatic login occurs.
Technical Advisories v8.6.1 No Technical Advisories were introduced in v8.6.1. Technical Advisories v8.6 Encryption Client ● Added 09/2015 - In order to add new features, functionality, and the newest operating systems, Enterprise Edition for Windows will support Windows XP through Shield version 8.5.
● Added 08/2015 - If Microsoft TPM Base Services is improperly installed, the following functionality is affected: HCA provisioning, fingerprint enrollment in the DDP Console/Security Console, and BitLocker Manager operation. For more information and to work around this issue, refer to this KB article: http://www.dell.com/support/article/us/en/19/ SLN296706. [CSF-454] Preboot Authentication ● Upgrade from v8.1 or v8.2 to v8.6 on a computer with a SED installed and PBA activated fails.
● On the Dell Latitude Rugged Extreme, the user is able to detach the tablet from the dock. However, the dock is needed to log in through the PBA. Detach the tablet only after the PBA authentication step is complete. [DDPLP-162, DDPLP-163] ● UPN name is not supported by PBA. The correct usage would be to login with a non-UPN user name, domain\username, or enter the username independently and select the domain from the drop-down menu.
work around this issue, ensure that the computer has access to the Enterprise Server during the installation of the Dell Data Protection | Encryption client and policy deployment to back up encryption keys and other critical data, complete PBA activation, and enforce required shutdown. [28787/DDPC-37] ● After encryption is enabled, the computer intermittently logs a Critical System Event 41 in the System Event Logs with this description: "The system has rebooted without cleanly shutting down first.
2. Select Show advanced settings > Content settings > Disable individual plug-ins and then select Always allowed for the Dell Data Protection | Security Tools Plug-in. Close the Plug-ins page. 3. In the Google Chrome Settings page, select Extensions and check the Enable box next to the Dell Data Protection | Security Tools Extension. 4. Exit Google Chrome and re-launch.
Instructions: 1. Turn on the power to your Dell computer. If the computer is already powered on, reboot it. 2. Press F2 or F12 continuously during boot until a message displays at the upper right of the screen that is similar to "preparing to enter setup" (F2) or "preparing one-time boot menu" (F12). This launches the system BIOS. 3. In Setting > General > Boot Sequence, ensure that the Legacy Boot List Option is selected. 4.
● The computer does not Single Sign-on (SSO) after waking up from Hybrid Sleep. After the user enters their credentials at the Preboot Authentication (PBA) screen, the computer stops at the Windows logon screen and the user must manually log on to the computer. Dell Data Protection | Security Tools and the SED client do not support Hybrid Sleep states and SSO when Preboot Authentication (PBA) is Active. Disable Hybrid Sleep when using Preboot Authentication if your organization intends to use SSO.
● On some Dell platforms, the desktop background turns black after the computer wakes from a sleep state. To work around this issue, go to display settings and reset the desktop background. [24574] BitLocker Manager ● Encryption Status Reports will not exactly match the Windows BitLocker encryption dialog window. BitLocker Manager updates encryption status every 30 seconds, therefore there will be a 30 second delay in BitLocker Manager encryption status.
console stating the "Connecting to Dell Data Protection | Encryption..." message, however, the connection will never be made. A computer restart corrects the issue. [23448] ● System Restore is not a full backup/restore utility. Only the following are restored when using System Restore: Registry Profiles COM+ DB WFP.dll cache WMI DB IIS Metabase File types which are monitored by System Restore are as specified in http://msdn.microsoft.com/library/en-us/sr/sr/ monitored_file_extensions.asp.
2 Workarounds Before you begin, be aware of the following workarounds that have been identified during testing. ● To host EMS, external media must have 64 MB available, plus open space on the storage that is equal to the largest file to be encrypted. To work around the issue, free up space on the storage or use media with more storage capacity. [DDPC-243] ● Encrypted data must be backed up while its owner is logged in.
3 Software and Hardware Compatibility Endpoint Security Suite Enterprise is tested with third-party software and hardware as needed. Dell reports problems found during testing to other vendors, where appropriate. Upgrade to the latest Windows 10 Feature Update ● To upgrade a computer running the Encryption client to the latest version of Windows 10 Feature Update, follow the instructions in the following article: http://www.dell.com/support/article/us/en/19/SLN298382.
\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeProvisionModeUtility.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\PwdUninstall.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\RepairCache\CCUninst.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\RepairCache\McAfee_Common_x64.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\RepairCache\McAfee_Common_x64.msi \Program Files\McAfee\Endpoint Security
\Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\mfeProvisionModeUtility.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\RepairCache\CCUninst.exe \Program Files (x86)\McAfee\En
Windows Devices ● Whole-disk compression is not supported with the Encryption client. ePocrates Rx Pro ● Because its databases contain only formulary reference information, if your organization uses ePocrates Rx Pro, we recommend that you exclude certain databases from encryption using the Databases to Exclude from Encryption policy. See the following table for the databases to exclude.
