Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

Ports

● To ensure that Client Firewall and Web Protection receives the most current Client Firewall and Web Protection updates,

ports 443 and 80 must be available for the client to communicate with the various destination servers. If the ports are

blocked for any reason, anti-virus signature updates (DAT files) cannot be downloaded, so computers may not have the most

current protection. Ensure that client computers can access the URLs, as follows.

Use Applicatio

n Protocol

Transpo

Protocol

Port

Number

Destination Direction

Reputation

Service

SSL TCP 443 tunnel.web.trustedsource.

org

Outbound

Reputation

Service

Feedback

SSL TCP 443 gtifeedback.trustedsource.

org

Outbound

URL Reputation

Database

Update

HTTP TCP 80 list.smartfilter.com Outbound

URL Reputation

Lookup

SSL TCP 443 tunnel.web.trustedsource.

org

Outbound

Operating Systems

● The following table details supported operating systems.

Windows Operating Systems (32- and 64-bit)

○ Windows 7 SP1: Enterprise, Professional, Ultimate

￭ In January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows 7

or Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https://

support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation

packages.

Applications and installation packages signed with SHA1 certificates will function but an error will display on the

endpoint during installation or execution of the application without these updates installed

○ Windows 8.1: Enterprise, Pro

○ Windows 10: Education, Enterprise, Pro v1803-v20H2 (April 2018 Update/Redstone 4 - October 2020 Update/20H2)

Note: Windows 10 v2004 (May 2020 Update/20H1) does not support 32-bit architecture. For more information, see

https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview

￭ Windows 10 2016 LTSB

￭ Windows 10 2019 LTSC

SED Manager

● The computer must have a wired network connection to successfully install SED Manager.

● The computer must have a wired network connection for a smart card user to log in through pre-boot authentication for the

first time.

● Third-party credential providers will not function with SED Manager installed and all third-party credential providers will be

disabled when the PBA is enabled.

● IPv6 is not supported.

● SED Manager is not currently supported within virtualized host computers.

● Dell Encryption utilizes Intel's encryption instruction sets, Integrated Performance Primitives (IPP). For more information,

see KB article 126015.

Requirements