Dell Data Protection | Personal Edition Technical Advisories v8.
Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. © 2016 Dell Inc. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
Contents 1 Technical Advisories....................................................................................................................................... 7 Contact Dell ProSupport................................................................................................................................................... 7 New Features and Functionality v8.12.............................................................................................................................
Resolved Technical Advisories v8.7................................................................................................................................ 14 Encryption....................................................................................................................................................................14 Advanced Authentication..........................................................................................................................................
Encryption...................................................................................................................................................................23 Advanced Authentication..........................................................................................................................................23 Technical Advisories v8.3.2.............................................................................................................................................
Encryption...................................................................................................................................................................33 Technical Advisories v7.2.1...............................................................................................................................................33 Encryption.........................................................................................................................................................
1 Technical Advisories To ensure the security of your confidential data, Personal Edition encrypts the data on your Microsoft Windows computer. You (or authorized users) can always access the data when logged into the computer, but unauthorized users will not have access to this protected data. Data always remains encrypted on the drive, but because our encryption is designed to be transparent to you, there is no need to change the way you work with applications and data.
Resolved Customer Issues • An issue is resolved that resulted in a long delay after pressing Ctrl+Alt+Del on a computer running Dell Desktop Authority. [DDPC-500] • An issue is resolved that resulted in multiple restart prompts. [DDPC-4484, DDPC-4535] Advanced Authentication • The Enroll Credentials window no longer occasionally displays after a computer with fingerprint or smart card enrolled credentials resumes from sleep. [DDPC-4269] Technical Advisories v8.
Technical Advisories v8.11 Encryption • Cumulative encryption exclusions are now automatically applied when the Encryption client is upgraded. This will require an encryption sweep for each user upgraded to v8.11 or later. However, subsequent updates will require a sweep only if the update includes new exclusions. [DDPC-1334, DDPC-5138] • Activation fails after attempting to roll back an External Media Edition upgrade.
Technical Advisories v8.10.1 Encryption • After upgrade to Windows 10, a second restart may be required for encryption to resume. [DDPC-4080] • When migrating from one edition of Windows to a different edition during a Windows 10 upgrade, the Encryption client is not migrated. The same issue occurs if either the option to keep only personal files or to keep nothing is selected during a Windows 10 upgrade. To resolve this issue, reinstall the Encryption client after upgrade.
• An issue that led to multiple restarts is now resolved. [DDPSUS-1087] Advanced Authentication • On Dell Latitude 3450 and 3550 computers running Windows 10, fingerprint authentication now proceeds as expected. [DDPC-1598/ CSF-772] • After restoring credentials in Password Manager, a second authentication prompt no longer displays. [DDPC-1617] • Password Manager logon now functions as expected with Dell Remote Management Console logon.
• A few WSProbe options have been deprecated to improve security. The WSProbe utility no longer supports the following options: -u (enable or disable Application Data Encryption), -x (exclude application from Application Data Encryption), and -i (revert an excluded application back to included in Application Data Encryption). [DDPC-1279] • All characters of the 32-character Endpoint Code now fully display in the External Media Shield manual authentication dialog.
• External Media Shield is now updated on a non-Shielded computer when that computer is used to access an encrypted removable media that has been updated. [DDPC-1259] • The issue that prevented the Managed Migration Utility from converting Personal Edition to Enterprise Edition when attempting to obtain the User Principal Name (UPN) from the operating system is resolved.
Preboot Authentication • After recovering PBA access through recovery questions, the password change page displays a message that, if no action is taken, the user will be automatically logged in to the Windows session, although no automatic login occurs. [CSF-1083] Resolved Technical Advisories v8.7.1 Encryption • With both VMware Mirage and Webroot running on Windows 7, the computer now starts normally.
Advanced Authentication • With Windows 10 on Dell Latitude E7250 or E7450, after the computer resumes from sleep, hibernation, warm boot, or cold boot, the user can now authenticate with an enrolled contactless smart card without having to occasionally re-enroll the card. [CSF-362] • Added 11/2015 - The following drives are now supported: Drives with "X" are supported but are not qualified for or shipped in Dell systems.
• Reinstallation may fail with an error such as a file or folder access error or an EMSService crash, if the \temp folder was previously encrypted with the Common Encryption Key and files were not fully decrypted before uninstallation. To work around this issue, before reinstalling, remove files from the \temp folder.
• The issue with continued rebooting on a computer with the number of users nearing 300 has been resolved. [DDPSUS-37] • The issue that caused upgrade to fail with the logged error, "CInstallInf::ProcessInf - Error calling SetupInstallServicesFromInfSection," is now resolved. [DDPSUS-283] • Encryption of the \Regback folder after a scheduled backup no longer requires a reboot for encryption to begin.
• On a UEFI computer with PBA activated and with default Title, Legal Notice, and Support Information for the PBA logon screen, selecting Options > System Information no longer returns the message “Support Information is not enabled.” [DDPUP-510] • On a UEFI computer running a Japanese or Korean operating system with PBA activated, the PBA logon screen now loads and functions as expected.
2 In Windows Control Panel, navigate to Device Manager. 3 Under Biometric Devices, disable the Validity Fingerprint Sensor. 4 Activate the PBA. 5 After reboot, the Validity Fingerprint Sensor can be re-enabled, and the fingerprint reader functions as expected. To download the latest Validity Fingerprint Sensor driver, go to http://www.dell.com/support/home/us/en/19/Products/?app=drivers and select your computer model to check and download the latest driver.
• When using Security Tools’ One-time Password feature, for devices that are already enrolled, enrollments are now properly deleted when the policy “Mobile Device Require Password” is changed from Off to On. [CSF-94] • When using Security Tools’ One-time Password feature, null reference pointers have been resolved. [CSF-98] • The issue of using Security Tools, Windows 8.1, and the GPO "Do Not Display Last Username", causing single sign-on to fail has been resolved.
New Features and Functionality v8.4.1 • Multi-certificate Common Access Cards are now supported. Resolved Technical Advisories v8.4.1 Encryption • The DDP installation process now proceeds normally on laptops connected to a power source, even if the battery charge falls below 10 percent. [27974/DDPC-56] • Previously, when using Dell Digital Delivery, installation could fail based on the order of installation of Security Tools or the DDP master installer. Logic has been added to correct this issue.
Preboot Authentication • Single Sign-on intermittently fails on computers with self-encrypting drives on which Preboot Authentication is activated. [DDPLP-144] • When replacing a provisioned self-encrypting drive (with the Preboot Authentication environment active) with a new self-encrypting drive and provisioning the Preboot Authentication environment, after the new SED is provisioned, the old SED can no longer be recovered.
Encryption • A new user is no longer presented a logon screen for a different user when logging on to the PBA for the first time with dual-factor authentication configured for Password + Fingerprints. [28886] Advanced Authentication • Fingerprint credentials are now retained when upgrading from v8.2.1 or earlier. [28457, 28766] • Upgrade failures related to a USH fingerprint sensor configuration file error have been resolved.
g • Enter a new password to restore access to encrypted files. PCIe SSDs are not supported on Precision T-series computers. New Features and Functionality v8.3.1 • Dell Data Protection | Encryption Personal Edition now supports Offline Files and Folders. For an overview of Offline Files and Folders, see http://windows.microsoft.com/en-us/windows/understanding-offline-files#1TC=windows-7. • Dell Data Protection | Encryption Personal Edition now supports OneDrive on Windows 8.1.
Resolved Technical Advisories v8.3 Encryption Revised 04-2014 • The Shield now properly processes category 3 policies to override ADE-encrypted (category 2) files. [25211] • Previously, a message stating "Invalid Value for 103" was displayed in the local console and current settings were not viewable. This issue has been resolved.
Cloud Edition • Users can no longer access protected sites when the policy is set to block those sites. [DDPCE-24] • When using OneDrive and an iOS app, files uploaded to the cloud are no longer deleted by the sync client running on a Windows computer. [DDPCE-97] • While IPv6 is not supported, the web browser no longer intermittently toggles between protected and unprotected states when IPv6 is enabled on the network adapter. IPv4 should be used, for Cloud Edition for Windows to function properly.
lost power unexpectedly." The issue occurs only during a reboot and does not impact the security of the data or the performance of the computer. [28795] • Amended 12/2014 - Secure Boot is a Unified Extensible Firmware Interface (UEFI) protocol that Windows 8 and 8.1 users can enable in the computer's BIOS to ensure that the computer boots using trusted firmware signed by the computer manufacturer.
2 Select Show advanced settings > Content settings > Disable individual plug-ins and then select Always allowed for the Dell Data Protection | Security Tools Plug-in. Close the Plug-ins page. 3 In the Google Chrome Settings page, select Extensions and check the Enable box next to the Dell Data Protection | Security Tools Extension. 4 Exit Google Chrome and re-launch.
New Features and Functionality v8.2.1 • Personal Edition now supports Microsoft Windows 8.1. Resolved Technical Advisories v8.2.1 Encryption • Personal Edition provides improved support for the touch keyboard on the Microsoft Windows 8.1 Sign On Screen. • Log files are now placed in the proper directory on localized operating systems.
Resolved Technical Advisories v8.1.1 Encryption • Upon upgrade to 8.1, EMS was failing to prompt CD/DVD media to encrypt due to the controller driver failing to provide the correct device type to EMS. This release resolves the issue and CD/DVD media is now properly prompted to encrypt. [28150] • Additional hardening and stability fixes have been added to this release. • This release resolves the issue of encrypting/decrypting files larger than 4GBs. New Features and Functionality v8.
Technical Advisories v8.1 Encryption • When running Windows 8, the Shield's Fast User Switching message is hidden behind the Windows 8 log off screen. [26272] • DVDs become corrupt after a PCS policy change to Read Only in the following scenario: When PCS is enabled for Optical Drives with 'UDF-Only' policy and the user copies files over (opens a session), before the session is closed (usually by ejecting the media) a new PCS policy comes down that sets the optical drive to 'Read-Only'.
Technical Advisories v8.0 Encryption • EMS cannot be used side-by-side with most third-party USB device encryption solutions, whether hardware or software. To use EMS, either add your third-party USB device to your whitelist, or remove the third-party encryption software. • When the local console is left open and the computer sleeps, a message displays that "no fixed storage is found." Closing and reopening the local console corrects the issue.
• Rare instances of computers failing to resume after hibernation have been addressed. [24571] • When running the Shield on a computer that has recently updated to the latest version of McAfee Virus Scan 8.7 Patch 5, McAfee Virus Scan 8.8 Patch 1, or McAfee HIPS 8.0 Patch 1, files can become corrupted. The issue is that the McAfee driver is being injected below Dell Data Protection | Encryption in the filter stack.
• The Encryption Removal Agent can decrypt files with path lengths up to 256 characters. Files paths longer than 256 characters result in a decryption failure. To work around this issue, shorten the path length to less than 256 characters and re-initiate the Encryption Removal Agent. [23474, 23510] Technical Advisories v7.
2 Workarounds Before you begin, be aware of the following workarounds that have been identified during testing. • Performing an upgrade during an encryption sweep may prevent the Shield Service from restarting normally after the installation finishes. A system restart corrects this issue. To work around the issue, we recommend upgrading when no encryption sweep is running. [14344] • Encrypted data must be backed up while its owner is logged in.
3 Software and Hardware Compatibility Personal Edition is tested with third-party software and hardware as needed. Dell reports problems found during testing to other vendors, where appropriate. Upgrade to the Windows 10 Anniversary Update • To upgrade a computer running the Encryption client to the Windows 10 Anniversary Update version, follow the instructions in the following article: http://www.dell.com/support/article/us/en/19/SLN298382.
Synaptics TouchPad • Random system errors may be caused by not having an updated Synaptics TouchPad driver when the Encryption client is installed. To correct this issue, download a driver update from http://www.synaptics.com. [10228] McAfee Host Intrusion Detection • When using the Shield and McAfee HID, McAfee HID may prevent the Encryption client from changing the registries and Services. To work around this issue, add the Encryption client to the McAfee HID trusted applications list.