Users Guide
• On some Dell platforms, the desktop background turns black after the computer wakes from a sleep state. To work around this issue,
go to display settings and reset the desktop background. [24574]
BitLocker Manager
• Encryption Status Reports will not exactly match the Windows BitLocker encryption dialog window. BitLocker Manager updates
encryption status every 30 seconds, therefore there will be a 30 second delay in BitLocker Manager encryption status.
• If a user with local Admin rights uses the Microsoft Control Panel to turn o BitLocker encryption before the volume has been
completely encrypted, the preset user authentication (PIN or Startup key) will be removed and the system will revert back to TPM only.
To avoid this issue, local Admin users should not use the Microsoft Control Panel to change encryption status when two-factor
authentication is set by policy.
Technical Advisories v7.2.1
Encryption Client
• When using a desktop computer and attempting to block SD card ports by using the "Port: SD" policy, blocking SD ports will not be
successful. For desktop computers, the "Storage Class: External Drive Control" policy must be used to eectively block SD ports. The
use of the "Storage Class: External Drive Control" policy blocks access to all external storage devices irrespective of what bus they are
on. When using a laptop computer, SD ports can be blocked using the "Port: SD" policy. [23530]
• The F8 "discard the hibernation data" option MUST be used on the rst system restart after software HCA decryption (using the
recovery tool/bundle) is performed on a system drive that contains a valid hibernation le. HCA maintains a drive state value that
identies what drives are encrypted. Because of this, during hibernation resume, HCA attempts to decrypt data that is read from the
disk and encrypt data that is written to the disk (this transition in the hibernation le causes disk corruption). Instructions: 1. Allow HCA
decryption to complete. 2. During the rst reboot after HCA decryption, before the operating system loads, press F8 and select "discard
the hibernation data". The user can now resume normal operation of the computer.
• When using a computer equipped with a Hardware Crypto Accelerator, the Preboot Password Requirement dialog that is displayed is
misleading regarding Hardware Crypto Accelerator usage. The message will be changed in the next major release to display: "A recent
policy update requires the initial setup of the preboot authentication system. To enter the BIOS setup, reboot and click F2 during the
Dell splash screen. Go to the "Security" option and select Preboot Authentication > Set System Password. Enter a password and exit
the BIOS setup." [23205]
• When the Hardware Crypto Accelerator has used all of its lifecycles, the Shield erroneously asks the user for their Hardware Crypto
Accelerator Password and Preboot Password. The message should notify the user that the computer does not have any remaining
lifecycles and to contact their Administrator to get a replacement Hardware Crypto Accelerator. We expect this scenario to rarely occur.
[22492]
• When using VMware, if the host computer is Shielded (essentially meaning that the port control drivers are installed on the host), when
a user connects a USB device to their computer, and forces it to connect to the OS running on the VMware computer instead of the
host OS, the VMware OS will not be able to access the les on the USB. The Dell port control driver is a lter driver running on USB
stack. VMware is not compatible with USB lter drivers. For more information, see VMware KB article: http://kb.vmware.com/
selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1016809. [20280, 22820, 28522]
• The Encryption Removal Agent can decrypt les with path lengths up to 256 characters. Files paths longer than 256 characters result
in a decryption failure. To work around this issue, shorten the path length to less than 256 characters and re-initiate the Encryption
Removal Agent. [23474, 23510]
Technical Advisories v7.2
Encryption Client
• When scanning very large les on removable media, there is a slight screen refresh delay between the local console and the External
Media Shield dialog that displays the les name that are being processed. No loss of functionality is experienced. [23453]
• When ejecting removable storage without clicking the "safely removing devices" option in the system tray, the local console status line
briey ashes the "Not Attached to the Encryption System" message. The status resolves to the correct status within a second or two.
This is slight screen refresh delay between the local console and External Media Shield. No loss of functionality is experienced. [23454]
• Repeatedly switching between multiple users and using fast user switching will eventually result in the Dell Data Protection | Encryption
client becoming unmanaged. To identify if you are experiencing this issue, you will get a message from the local console stating the
"Connecting to Dell Data Protection | Encryption..." message, however, the connection will never be made. A computer restart corrects
the issue. [23448]
• System Restore is not a full backup/restore utility. Only the following are restored when using System Restore:
Registry
40
Endpoint Security Suite Pro Technical Advisories v1.8
Technical Advisories