Users Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

Technical Advisories v8.3

All Clients

• If Windows updates are not installed before the master installer runs, installation may fail. [28835]

Encryption Client

• Windows logon fails with some new CAC smart cards, which use multiple certicates with the same name. One certicate is the

authentication certicate and the other is a signing certicate. The algorithm used to select the certicate uses the newest certicate.

If the newest certicate is the signing certicate, Windows logon will fail. To work around this issue, create an Active Directory entry for

the principle name for the signing certicate. [27857]

• During a command line uninstall, the installer will not download the encryption keys for the computer unless Silent mode is specied

using the parameter CMGSILENTMODE=1. To work around this issue, specify CMGSILENTMODE=1 in the command. [27979]

• All registry keys and installation les are not removed after uninstallation. [28219]

• After uninstallation, logon with cached credentials occasionally fails when the computer is not connected to the network. During

uninstallation, the cached credentials are decrypted. If this decryption fails for any reason, the user will not be able to login while

disconnected from the network. To work around this issue, reconnect to the network and log on to cache the credentials. [28277]

• The encryption icon that indicates that a drive is encrypted does not display when a drive has been encrypted using HCA. [28400]

• During an attended (non-silent) upgrade from v8.1, the installer does not prompt the user to conrm that the upgrade is desired before

continuing the installation. [28574]

• Preboot Authentication uses a "Basic" disk partition and cannot be converted to "Dynamic" partition (for RAID arrays). Attempts to

convert the partition will result in the PBA not being created or the PBA not starting. [28587]

• After partial decryption recovery on a computer with an HCA card, the local Dell Data Protection | Encryption console may display

duplicate information about local disks. To work around this issue, reboot the computer. After the restart, disk information displays

properly. [28656]

• After installation of the Dell Data Protection | Encryption client, the Microsoft Usbccid Smartcard Reader is intermittently reported as

being in a problem state in Device Manager. However, smart cards and ngerprints seem to function normally. Dell ControlVault relies on

the Microsoft Usbccid drivers. A premier case has been opened with Microsoft regarding this issue. [28697]

• Decryption on computers with HCA cards removes Preboot Authentication, which must be reinstalled. At the next logon, both an

Encryption Administrator Password prompt and a Security Tools shutdown message display. When the computer is shut down, PBA

activation begins. However, provisioning will be completed only after a subsequent reboot and entry of the Encryption Administrator

Password. [28722]

• Infrequently, after HCA policy is set, the Preboot Authentication screen does not display until the computer is restarted a second time.

[28762]

• During Preboot Authentication activation, if the computer is not connected to the network with access to the Enterprise Server, the

Dell Data Protection | Encryption client does not enforce required shutdown and Preboot Authentication activation is not completed. If

the Dell Data Protection | Encryption client cannot access the Enterprise Server to back up encryption keys and other critical data, PBA

activation is not completed and the required shutdown does not occur. To work around this issue, ensure that the computer has access

to the Enterprise Server during the installation of the Dell Data Protection | Encryption client and policy deployment to back up

encryption keys and other critical data, complete PBA activation, and enforce required shutdown. [28787/DDPC-37]

• After encryption is enabled, the computer intermittently logs a Critical System Event 41 in the System Event Logs with this description:

"The system has rebooted without cleanly shutting down rst. This error could be caused if the system stopped responding, crashed, or

lost power unexpectedly." The issue occurs only during a reboot and does not impact the security of the data or the performance of the

computer. [28795]

• Secure Boot is a Unied Extensible Firmware Interface (UEFI) protocol that Windows 8 and 8.1 users can enable in the computer's BIOS

to ensure that the computer boots using trusted rmware signed by the computer manufacturer. The feature is not supported when

the following conditions are met:

• HCA with Dell Data Protection | Security Tools installed

• HCA with the Dell Data Protection | Encryption client installed

• HCA with Dell Data Protection | Security Tools and the Dell Data Protection | Encryption client installed

To upgrade to Windows 8 or 8.1 on a Dell computer with SED or HCA, Secure Boot cannot be enabled in BIOS. The Secure Boot

setting is disabled by default for computers shipping with Windows 7 or Windows 8/8.1 Downgrade Rights. This setting should not

be changed.

Instructions:

Endpoint Security Suite Pro Technical Advisories v1.8

Technical Advisories