Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Symantec Endpoint Encryption Removable Storage Release Notes

Symantec Endpoint Encryption Removable
Storage Release Notes
Symantec Endpoint Encryption Removable Storage 8.2.0
Symantec Endpoint Encryption Framework 8.2.0
www.symantec.com
About Symantec Endpoint Encryption Removable Storage
Symantec Endpoint Encryption Removable Storage allows enterprise organizations and government
agencies to enjoy the benefits of removable storage devices while eliminating the liability, customer
service, and brand erosion costs associated with data breach incidents. As part of Symantec Endpoint
Encryption, Symantec Endpoint Encryption Removable Storage leverages existing IT infrastructures for
seamless deployment and operation.
Symantec Endpoint Encryption Removable Storage provides the industry’s most robust and comprehensive
integration with Microsoft Active Directory for fast, simple deployment of endpoint data protection
controls in a familiar administrative environment.
What’s New
Device Session Default Password
If allowed by policy, users can now set a default password that lasts as long as the device remains
connected or until the user logs off of Windows.
Removable Storage Access Utility Distribution
Administrators can now choose whether to distribute the Removable Storage Access Utility for Mac OS X,
the Removable Storage Access Utility for Windows, or both.
CD/DVD Burner Blocking
Symantec Endpoint Encryption Device Control can now block all CD/DVD burning applications except the
Removable Storage CD/DVD Burner application, ensuring enforcement of Removable Storage policy on
optical media.
eSATA
Removable Storage now protects eSATA drives.
Release Notes
USB 3.0
USB 3.0 ports and devices are now supported.
Multi-Factor Authentication Enhancements
This release of Removable Storage features the following enhancements to multi-factor Client Console
authentication.
■
Additional Readers Supported—ExpressCard smart card readers and Argus 3015 USB 2.0 Dual Card
Reader (smart card slot only).
■
Additional Smart Cards Tested—Oberthur ID-One Cosmo 64 v5.2D Fast ATR with PIV application
SDK, Oberthur ID-One 128K v5.5 (dual), and HID Crescendo C700.
■
Additional Software Supported—SafeSign Identity Client v3.0.40 and VeriSign PKI Client v1.5.
■
Additional Data Model Supported—SafeSign v2.1.
Installation Notes
Symantec Endpoint Encryption Framework 8.2.0 is only compatible with Symantec Endpoint Encryption
Removable Storage 8.2.0 and Symantec Endpoint Encryption Full Disk 8.2.0. If you are running Symantec
Endpoint Encryption Full Disk and plan to upgrade to Symantec Endpoint Encryption Removable Storage
8.2.0, you must also upgrade to Symantec Endpoint Encryption Full Disk 8.2.0.
Resolved Issues
Number
Description
MA23447
Attempts to access encrypted PST files on USB flash drives no longer cause occasional
blue screens.
MA23531
Removable Storage now encrypts files with names that begin with the $ symbol.
MA24001
Third party utilities can no longer be used to recover unencrypted copies of files that were
encrypted using the Removable Storage Access Utility for Windows.
Known Issues
Compatibility
Number
Third Party
Product
Description
Workaround
MA20688
Symantec
Backup Exec
Attempts to restore from backup
may fail with the message, “Errors
exist.”
Remove and reinsert device.
MA24144
Microsoft
Security
Essentials
(MSE)
After clicking to open an encrypted
file, users may see XML code
instead of the file contents.
Remove and reinsert device. To
prevent the issue from
recurring, disable the MSE realtime protection feature.
MA23517
Microsoft
Application
Virtualization
(App-V)
App-V cannot function when
Symantec Endpoint Encryption
Removable Storage is installed.
Refer to the Symantec Endpoint
Encryption knowledge base
http://www.symantec.com/
business/support/index?page=
content&key=55414&channel=
TECHNICAL_SOLUTION
Symantec Endpoint Encryption Removable Storage 8.2.0
Page 2 of 9
Release Notes
Number
Third Party
Product
Description
Workaround
MA22831
PGP Desktop
Removable Storage blocks access to
PGP Virtual Disks.
MA21710
Windows Live
File System
If the user chooses to format a
CD/DVD using the Windows Live
File System, the existing encryption
policy will be enforced on the
CD/DVD but the automatic copying
of the Removable Storage Access
Utility will not.
MA22034
Windows
Server 2008
The CD/DVD burner bundled with
Windows Server 2008 enforces
Removable Storage encryption
policies.
MA21835
MA21950
MA20908
Volume
Shadow
Service (VSS)
Administrators may experience
intermittent failures with Windows
programs that make use of Volume
Shadow Service (VSS) on Symantec
Endpoint Encryption Removable
Storage–protected computers with
operating systems other than
Windows XP.
Try again.
MA11594
Anti-Virus
Tools
If an antivirus program scans a
removable storage device, multiple
password prompts may be
generated.
Enable group key, set Default
Password, or set Default
Certificate(s).
MA11146
SanDisk U3
Software
The use of SanDisk’s built-in U3
software to download U3
applications is not supported.
MA12322
Media
Transport
Protocol
(MTP)
Policies will not be enforced on
devices that are in Media Transport
Protocol (MTP) mode.
MA14639
Roxio Easy
Media Creator
If the encryption policy is set to
Encrypt all and the disc is
formatted with Roxio Drag-to-Disc,
files dragged and dropped to
CD/DVD using Windows Explorer
will be encrypted.
Users should insert a regular
USB flash drive to obtain the
Removable Storage Access
Utility. Users can use the
Removable Storage Access
Utility from the alternate media
to decrypt the CD/DVD.
Installation/Upgrade
Number
Description
Workaround
MA24186
If an eSATA or USB 3.0 drive was connected during
the installation of Full Disk and Removable Storage,
the message “Update Settings failed” appears
following the post-installation reboot.
Shut the computer down.
Remove the drive. Power on.
Symantec Endpoint Encryption Removable Storage 8.2.0
Page 3 of 9
Release Notes
Number
Description
Workaround
MA23202
Novell users with Single Sign-On enabled are no
longer logged onto Novell automatically following an
upgrade from Symantec Endpoint Encryption Full
Disk 7.0.7 or earlier or GuardianEdge Hard Disk 9.5.1
Patch 1 or earlier.
Users must log on to the User
Client Console, open the Novell
SSO panel, select the Turn on
Single Sign-On to Novell
Netware check box, and click
OK.
MA22161
If a custom destination folder was chosen during the
installation of GuardianEdge Management Server
9.2.2, 9.2.1, or 9.2.0, the default path shown in the
Destination Folder page during the upgrade to 7.0.7
will be missing the final subdirectory. For example, if
you chose C:\GuardianEdge\Management Server\ for
your original installation files, C:\GuardianEdge will
be the default.
Click Change and navigate to
the desired destination of the
Symantec Endpoint Encryption
Management Server files.
MA20747
If a local instance is selected during the installation of
the Symantec Endpoint Encryption Management
Server, the Symantec Endpoint Encryption
Management Server uninstallation will fail with the
message, “Could not connect to Microsoft SQL
Server.”
Locate the
GEServerConfig.xml file on the
Symantec Endpoint Encryption
Management Server machine.
Find (local). Replace with the
computer name of the
Symantec Endpoint Encryption
Management Server machine.
Save and close the file. Try the
uninstall again.
Manager Console
Number
Description
MA21307
If an XPS print job is canceled, the following error
may be displayed, “The data area passed to a system
call is too small.”
MA20559
After clicking a column heading to sort by the column,
the sort arrow will be displayed to the left of the
column heading if the operating system is Vista or
Server 2008.
Symantec Endpoint Encryption Removable Storage 8.2.0
Workaround
Page 4 of 9
Release Notes
Number
Description
Workaround
MA16623
Deploying an Active Directory policy that contains a
change to the Client Administrator settings from an
Symantec Endpoint Encryption 6.1.0 or later Manager
to Symantec Endpoint Encryption 6.0.0 or earlier
and/or GuardianEdge 8.5.3 or earlier clients will result
in a failure of the new Client Administrator policy to
be applied, a deletion of all existing Client
Administrator policies, and a return to the Client
Administrators specified in the original installation
settings.
When deploying an Active
Directory policy from a 6.0.0 or
earlier Manager, add the
following WMI filter: Select *
FROM Win32_Product
WHERE (name=“Symantec
Endpoint Encryption
Framework Client” AND
Version <= “6.0.0”) OR
(name=“GuardianEdge
Framework Client” OR
name=“Encryption Anywhere
Framework Client”) AND
version <= “8.5.3”))
When deploying an Active
Directory policy from a 6.1.0 or
later Manager, add the
following WMI filter: Select *
FROM Win32_Product
WHERE (name = “Symantec
Endpoint Encryption
Framework Client” AND
version > "6.1.0") OR (name
= “GuardianEdge Framework
Client” AND version >
"9.0.0")
Microsoft Office Files
Number
Description
Workaround
MA21207
After a user opens and attempts to save a previously
encrypted Microsoft Office 2003 or 2007 file residing
on removable media other than CD/DVD when an
Encrypt to CD/DVD only policy is in place, a
“permission denied” error will occur.
The user should select Save As
instead of Save.
Removable Storage Access Utility
Number
Description
MA21347
The device must have free space equivalent to twice
the size of each file to be encrypted to accomplish
encryption using the Removable Storage Access
Utility.
MA21392
If a Mac OS X user adds a file or folder to the device,
declines to encrypt it, then chooses to encrypt it later,
the file may show a status of No in the Encrypted
column and be inaccessible.
Remove and reinsert the device.
MA21252
Users will be unable to launch the Removable Storage
Access Utility from Mac OS X computers if the
RSMacAccessUtility.dmg file or the Mac Access
Utility folder was renamed.
Rename the folder to Mac
Access Utility. Rename the file
to RSMacAccessUtility.dmg.
Try again.
Symantec Endpoint Encryption Removable Storage 8.2.0
Workaround
Page 5 of 9
Release Notes
Number
Description
Workaround
MA18663
The Removable Storage Access Utility will not be
copied automatically to CompactFlash cards inserted
into multi-card readers after Windows has loaded.
Power down, insert the card,
and power on.
MA17816
MA17526
Upon closing the Removable Storage Access Utility on
a PC, users will not be prompted to encrypt
unencrypted files if the files were added to the device
using Windows Explorer or using the Send to
right-click menu option.
Users should use the
Removable Storage Access
Utility to add files to their
removable storage devices, not
Windows Explorer.
MA18337
Users may be able to copy two files or folders of the
same name to a removable storage device using
Windows Explorer or the Send to right-click menu
option on a PC.
MA17454
MA18230
When an Encrypt all policy is enforced in conjunction
with the writing of the Removable Storage Access
Utility to all devices, users may receive a Write Failed
message after clicking Continue or Limited Access on
the pre-existing files warning message and a 0 byte
Autorun.inf file will be copied to their device.
Users should be instructed to
ignore these messages and
occurrences.
eSATA Drives
Number
Description
MA23780
Attempts to launch the Removable Storage Access
Utility from an eSATA drive connected using any port
other than an eSATA port that was built into the
original computer will fail.
MA23836
MA23695
Removable Storage blocks access to eSATA drives
connected using ports other than eSATA ports that
were built into the original computer.
Workaround
File Decryption/Encryption
Number
Description
Workaround
MA23099
Due to Windows limitations, self-extracting
executables larger than 4 GB fail to extract with the
message, “file name.exe is not a valid Win32
application.”
Users should not create a selfextracting executable larger
than 4 GB.
MA20076
MA21512
Users may be unable to decrypt files encrypted by the
Removable Storage Access Utility from a Symantec
Endpoint Encryption Removable Storage–protected
machine—if the device is of a sector size other than
512 bytes.
If the file was encrypted on a
PC, you can use the Removable
Storage Access Utility on a PC
to decrypt the files.
MA16902
Browsing the contents of removable storage devices
using Windows Explorer, users may receive repeated
decryption prompts for thumbs.db and image files
when Thumbnails or Filmstrip is selected from the
Windows Explorer View menu.
The user should set a Default
Password or Default
Certificate(s) or else avoid
viewing removable storage
device files in these modes.
MA24174
After upgrading to Symantec Endpoint Encryption
from a GuardianEdge version, users cannot decrypt
files encrypted under a Certificates only policy.
Use the Removable Storage
Access Utility of the version
that you upgrade from to
decrypt the files.
Symantec Endpoint Encryption Removable Storage 8.2.0
Page 6 of 9
Release Notes
Device Session Default Passwords
Number
Description
Workaround
MA23786
Removal of MultiMediaCards and Secure Digital cards
does not result in the deletion of the Device Session
Default Password.
Users must remove the device
from the computer to clear the
Device Session Default
Password.
MA23801
A policy that allows users to set Device Session
Default Passwords may occasionally prevent
Removable Storage from caching decryption
passwords on NTFS-formatted external hard drives.
Remove and reinsert the device.
Removable Storage may occasionally fail to set Device
Session Default Passwords on NTFS-formatted
external hard drives.
MA23794
Removable Storage does not log an event in the
Windows System Event Log when it fails to set the
Device Session Default Password.
iTunes Synchronization
Number
Description
Workaround
MA20798
Users who have synchronized photos from a machine
not protected by Symantec Endpoint Encryption
Removable Storage may experience encryption of the
photos upon inserting the iPod Classic or Nano into a
Symantec Endpoint Encryption Removable Storage–
protected machine when an Encrypt all policy is in
place.
The user must resynchronize
the iPod from the machine not
protected by Symantec
Endpoint Encryption
Removable Storage.
MA20803
MA20804
If an Encrypt all or Encrypt new policy is in place
and the user places files in the Calendar, Contacts,
Notes, Recordings, or Photos directories of their iPod
Classic or Nano using iTunes, these files will be
encrypted by Symantec Endpoint Encryption
Removable Storage. Encrypted files will not be visible
once the iPod is detached from the Symantec Endpoint
Encryption Removable Storage–protected machine.
Users must return to the
Symantec Endpoint Encryption
Removable Storage–protected
machine to view the content.
MA20895
MA20893
MA20902
If the user does not have iTunes closed when they plug
in their iPod, synchronization may fail.
Restore the iPod to its factory
settings from a machine not
protected by Symantec
Endpoint Encryption
Removable Storage. Ensure that
users remember to close iTunes
before plugging in their iPod.
Number
Description
Workaround
MA16932
If the key for an encrypted EXE file is not available,
the file may bear the icon of an unassociated file.
Ignore the incorrect icon
display.
File Icons
Symantec Endpoint Encryption Removable Storage 8.2.0
Page 7 of 9
Release Notes
Safely Remove Hardware
Number
Description
Workaround
MA15648
Under an Encrypt all policy on Windows XP SP1 and
SP2 endpoints, if Continue is selected on the limited
access message and the device contains both encrypted
and unencrypted files, selection of Safely Remove
Hardware from the Windows notification area may
occasionally produce a message that the device cannot
be removed.
Upgrade to Windows XP SP3.
MA20831
iPod Classic, Nano, and Shuffle devices cannot be
safely removed.
CD/DVD
Number
Description
Workaround
MA23901
The CD/DVD Burner application fails to cache the
decryption password if an installation setting or policy
is in place that allows users to set Device Session
Default Passwords.
MA15003
If a CD or DVD is in the drive when the user registers,
the user will be unable to read the CD/DVD following
registration.
Log off Windows or reboot.
Number
Description
Workaround
MA19876
Users will have to log on to Novell and Windows
separately following the installation of Symantec
Endpoint Encryption Removable Storage, if Symantec
Endpoint Encryption Full Disk is not also installed.
Novell Logon
Section 508
Number
Description
Workaround
MA16937
JAWS does not always announce all of the information
displayed within the Registration wizard and User
Client consoles.
Users should follow these steps:
1. Press INSERT+F9.
2. Select the frame that is of
interest from the resultant
Frames List dialog.
3. Click OK.
4. Press P.
If this doesn’t work, restart
JAWS and try the steps again.
Legal Notice
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are
trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. GuardianEdge and Encryption Anywhere are either registered trademarks or trademarks of
GuardianEdge Technologies Inc. (now part of Symantec) in the USA and/or other countries. Other names
may be trademarks of their respective owners.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in
FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 “Commercial Computer
Symantec Endpoint Encryption Removable Storage 8.2.0
Page 8 of 9
Release Notes
Software - Restricted Rights” and DFARS 227.7202, “Rights in Commercial Computer Software or
Commercial Computer Software Documentation,” as applicable, and any successor regulations. Any use,
modification, reproduction release, performance, display or disclosure of the Licensed Software and
Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any
form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE
LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE,
OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Symantec Endpoint Encryption Removable Storage 8.2.0
Page 9 of 9
Related documents
The Role of Security in Establishing Smart Cities
The Role of Security in Establishing Smart Cities
Comparison Crypto Email and its analogues
Comparison Crypto Email and its analogues
TITLE: Removable Storage Devices policy (RSD)
TITLE: Removable Storage Devices policy (RSD)
Download