User`s guide
the system. Note that if you unmount the volume prior to shutting down the system, the shutdown will complete properly.
[25694/2470647]
Zero byte certificate files. Under certain circumstances, zero byte cert*.pem files are created on the root of the disk.
You can delete these temporary files as they are not used after installation has completed. [29407/2474363]
PGP Keys
Interoperability with older versions of PGP Desktop: PGP Desktop 9.0.X did not have support for DSA key sizes
greater than 1024 bits. Users of PGP Desktop 9.0.X cannot properly view the properties of such keys, or create signatures
with them, or verify signatures made by them. If interoperability with this version is important, use RSA keys, or DSA keys of
1024 bits. [27905/2472860]
Adding an ADK to a keypair: When adding an Additional Decryption Key (ADK) to a keypair, do not then create
another ADK and add the second ADK to the first keypair. [28420/2473376]
Using local keyrings: While you can create additional keyrings in Symantec Encryption Desktop, Symantec recommends
that you use only the default keyring created during installation of the product. Only the default keyring is used by Symantec
Encryption Desktop and keys stored in other keyrings are not used. [2577064]
PGP Messaging
Adding new Exchange email accounts: When you add a Microsoft Exchange account in Mail.app, Mail.app
automatically selects its server type and uses Exchange Web Service with Port 80 for that email account. As a result,
Symantec Encryption Desktop cannot proxy email through the account. To work around this issue, when you add a new
Microsoft Exchange account in Mail.app, hold down the Option key after you click Continue when setting up the email
account. You can then select IMAP as the Account type. You will not encounter this issue if you are using Thunderbird for
your email client on Mac OS X.
Thunderbird Email Sent to BlackBerry Users: If your Thunderbird email client is set to send email in HTML-only
format, and the message is encrypted by either Symantec Encryption Management Server or Symantec Encryption Desktop
before it arrives at the BES gateway, the recipient will be unable to view the email message on his or her BlackBerry. To
work around this issue, configure your Thunderbird email client so that it does not send HTML-only messages.
[16273/2461463]
Adding comments to secured messages: To ensure proper display of comments added to secured messages using
the Add a comment to secured messages option, Symantec Corporation recommends using ASCII text in the
Comment field. [11127/2456310]
S/MIME-signed email messages: Symantec Encryption Desktop may not process S/MIME signed emails if the signing
X.509 certificate is not included in the email. The certificate is almost always included with the email unless the sender turns
off this option. [9489/2454670, 9491/2454672]
Automatic mode: Symantec Encryption Desktop is initially installed in Automatic mode. If necessary, you can change this
in the Preferences to accommodate your environment. Automatic mode uses Mac OS X’s built-in firewall functionality to
redirect your email client connections through Symantec Encryption Desktop. Some less common configurations may need
to use Manual mode instead. If you fall into the categories below, you should switch to Manual mode in the PGP
Preferences (Messaging > Proxy Options > Email). [NBN]
These include:
Those with a requirement to use the built-in firewall for other purposes. Note that third-party applications can be
installed to provide much more complete configuration options than the built-in user interface in System Preferences.
These other solutions are compatible with Symantec Encryption Desktop. Note that Norton Internet Security 3.0 does
not use these methods, and is not compatible with Automatic mode.
Those who already redirect their email connections through, for instance, an SSH tunnel or VPN connection. Some
VPN connections may cause problems with the connection diversion capabilities of Symantec Encryption Desktop.
Automatic mode should not be used on a system which is also a mail server; use Manual mode instead.
Multiple users and Automatic mode: If you fast user switch between multiple Symantec Encryption Desktop users on
a single Mac OS X machine, the first user to enable Automatic mode in Symantec Encryption Desktop will be the only user
who will be able to use Automatic mode; all other users must use Manual mode. If there are three or more users, each
Manual mode user must bind to unique ports. [3335/2448506]
Mail.App displays a message “Cannot send message using the server [server name].” This message is
displayed because Mail.App defaults to forcing using SSL for email. To work around this issue:
1. When you receive the message in Mail.App, click Edit SMTP Server List.
2. In the Accounts window, click the Advanced tab, ensure that the option to Use Secure Sockets Layer (SSL) is not
Symantec Encryption Desktop 10.3 for Mac OS X Release Notes
Page 4 of 8