Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.1
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

Windows Operating Systems Supported to Access Encrypted Media (32- and 64-bit)

￭ Windows 10 2016 LTSB

￭ Windows 10 2019 LTSC

Mac Operating Systems Supported to Access Encrypted Media (64-bit kernels)

○ macOS High Sierra 10.13.5 - 10.13.6

○ macOS Mojave 10.14.0 - 10.14.4

○ macOS Catalina 10.15.5 - 10.15.6

Full Disk Encryption

● Full Disk Encryption requires activation against a Dell Server running v9.8.2 or later.

● Full Disk Encryption is not currently supported within virtualized host computers.

● Full Disk Encryption requires a discrete hardware TPM. PTT and firmware-based TPMs are not supported at this time.

● Third-party credential providers will not function with FDE features installed and all third-party credential providers will be

disabled when the PBA is enabled.

● The client computer must have network connectivity or access code to activate.

● The computer must have a wired network connection for a smartcard user to log in through pre-boot authentication for the

first time.

● Operating system Feature updates are not supported with Full Disk Encryption.

● A wired connection is required for the PBA to communicate with the Dell Server.

● An SED cannot be present on the target computer.

● Full Disk Encryption utilizes Intel's encryption instruction sets, Integrated Performance Primitives (IPP). For more

information, see KB article 126015.

● Full Disk Encryption is not supported with BitLocker or BitLocker Manager. Do not install Full Disk Encryption on a computer

on which BitLocker or BitLocker Manager is installed.

● Dell recommends Intel Rapid Storage Technology Driver v15.2.0.0 or later, with NVMe drives.

● Any NVMe drive that is being leveraged for PBA:

○ If the Dell device was manufactured in 2018 or later: Either RAID ON or AHCI may be leveraged with NVMe drives.

○ If the Dell device was manufactured in 2017 or earlier: The BIOS's SATA operation must be set to RAID ON, as Dell's PBA

manager does not support AHCI on NVMe drives.

○ The BIOS boot mode must be set to Unified Extensible Firmware Interface (UEFI). Legacy operation ROMs must be

disabled.

● Any non-NVMe drive that is being leveraged for PBA:

○ BIOS SATA operation must be set to AHCI.

○ RAID ON is not supported because access to read and write RAID-related data (at a sector that is not available on a

locked non-NVMe drive) is not accessible at start-up, and cannot wait to read this data until after the user is logged on.

○ The operating system will crash when switched from RAID ON > AHCI if the AHCI controller drivers are not pre-installed.

For instructions on how to switch from RAID > AHCI (or vice versa), see KB article 124714.

● Full Disk Encryption management does not support dual boot configurations since it is possible to encrypt system files of the

other operating system, which would interfere with its operation.

● In-place operating system re-install is not supported. To re-install the operating system, perform a backup of the target

computer, wipe the computer, install the operating system, then recover the encrypted data following established recovery

procedures.

● Direct Feature Updates from Windows 10 v1607 (Anniversary Update/Redstone 1), to the Windows 10 v1903 (May 2019

Update/19H1) are not supported with FDE. Dell recommends updating the operating system to a newer Feature Update if

updating to Windows 10 v1903. Any attempts to update directly from Windows 10 v1607 to v1903 results in an error message

and the update is prevented.

● The master installer installs these components if not already installed on the target computer. When using the child

installer, you must install these components before installing the clients.

Requirements