Release notes for Symantec Mobile Security Suite for Windows Mobile 5.1
|Article:TECH104468|||||Created: 2008-01-25|||||Updated: 2010-01-09|||||Article URL http://www.symantec.com/docs/TECH104468|
This document describes the new features and known problems in Symantec Mobile Security Suite for Windows Mobile 5.1.
New features in this release
This release of Symantec Mobile Security Suite includes following new features:
- Support for Windows Mobile 6, all editions (Standard, Classic, and Professional)
- Support for Microsoft Windows Mobile 6.1 Professional and Microsoft Windows Mobile 6.1 Standard
- Stateful firewall capability allows inbound packets that are recognized as responses to recently sent outbound TCP or UDP packets
- New "Mobile Security Stateful Default" policy package to leverage stateful firewall functionality
- Enhanced performance of Logout and Encrypt, which encrypts the PIM database, the email database, and files in the \Windows\Messaging folders (i.e. email attachments)
- Number of firewall levels is increased from 2 to 4 for greater flexibility (Standard edition)
- Default firewall level is Cautious
- Simplified and fortified Idle Timeout settings (removal of Grace Period and Force Authentication on Resume)
- LiveUpdate support for Symantec Mobile Security Suite
- Internationalization - installs and operates on non-English devices
- Localization for Japanese, Traditional Chinese and Simplified Chinese (distributed separately)
Operating system support
Version 5.1.0 of Symantec Mobile Security Suite runs exclusively on the Windows Mobile 5.0, Windows Mobile 6.0, and Windows Mobile 6.1 operating systems. Windows Mobile 6.5 is not supported at this time.
Supported devices have been tested with the software and the most recent available ROM revision.
The following Windows Mobile 5.0 PocketPC devices are supported:
- Treo 700w
- Treo 750
- Dell Axim X51
- Cingular 8525 (HTC Hermes)
- Cingular 8125 (HTC Wizard)
- HTC TyTN (Hermes 200)
- HP hw6915
- Sprint PPC 6700
The following Windows Mobile 5.0 Smartphone devices are supported:
- Motorola Q
- T-Mobile Dash (HTC Excalibur)
- Samsung Blackjack (SGH-i607)
- T-Mobile SDA (HTC Tornado)
- Qtek 8310 (HTC Tornado)
- Cingular 2125 (HTC Faraday)
- Cingular 3125 (HTC StrTrk)
The following Windows Mobile 6.0 Classic/Professional device is supported:
- T-Mobile Wing
The following Windows Mobile 6.0 Standard devices are supported:
- T-Mobile Dash (HTC Excalibur)
- Motorola Q9
Some devices have not been tested with the software. However, they are assumed to work because they have compatible operating systems and features that are similar to the tested devices.
The following Windows Mobile 5.0 PocketPC devices are supported, but they have not been tested:
- Treo 700wx
- Dell Axim X51v
- Qtek 9100 (HTC Wizard)
- i-mate K-Jam (HTC Wizard)
- T-Mobile MDA Vario (HTC Wizard)
- 02 XDA Mini S (HTC Wizard)
- Dopod 838 (HTC Wizard)
- HP hw6910/20/25/40
- Verizon XV6700
The following Windows Mobile 5.0 Smartphone devices are supported, but they have not been tested:
- HTC 620 (HTC Excalibur)
- i-mate SP5 (HTC Tornado)
- i-mate SP5m (HTC Tornado)
- i-mate SmartFlip (HTC StrTrk)
- Qtek 8500 (HTC StrTrk)
This release of Symantec Mobile Security Suite includes the following known issues. Workarounds are provided where available.
Installation and upgrade issues
The following known issues are related to installation and upgrade of the software:
- Problem: When you install or reinstall the client software, you receive the following error message: "Failed to install the Local Authentication Plugin."
Workaround: Install the software again. This message is rare and it is not serious.
Problem: Installation to the default directory in RAM is the only supported configuration. Installation to external storage media is not supported.
Problem: Installation on a Dell Axim X51 disables WiFi.
Workaround: Turn WiFi off and on to regain connectivity. Note that you must select an appropriate firewall level.
Problem: When you upgrade the software, the following error message appears: "Unable to remove previous version, do you want to continue upgrade?"
Workaround: Select 'Yes' to complete the upgrade. (The error message is misleading.)
Problem: If you cancel an upgrade, the software deletes any custom policies when you upgrade again. The problem also occurs if you click No in any upgrade dialog box. Click Yes in all dialog boxes to avoid this problem. Be sure to click Yes in a misleading error message box that indicates that the previous version cannot be removed from the device.
Workaround: If you cancel the upgrade, obtain a new policy package file. Place it in the My Documents folder, and then run the upgrade again. Or, uninstall the software, obtain the custom policy file, and then install the software again.
Problem: After you upgrade to version 5.1, you must hard reset the device before you can uninstall the software.
General known problems
The following known problems are related to the software in general.
User interface for Windows Mobile 5.0 Pocket PC and Windows Mobile 6.0 Classic or Professional:
- Problem: The user interface does not automatically adapt to screen orientation or resolution changes.
Workaround: Exit the software, and then start it again.
Problem: Some elements of the user interface are partially obscured on square displays and in landscape mode.
User interface for Windows Mobile 5.0 Smartphone and Windows Mobile 6.0 Standard:
- Problem: When you reset the device, or after idle timeout occurs, the home screen appears in a disabled state.
Workaround: Press Unlock to display the authentication dialog box.
Problem: Keyboard input mode is not automatically set to match the type of characters that are required in password and password override fields.
Workaround: Always check the input mode before you enter data.
- Note: To manually change the password, on the Main menu, go to Settings > Security > Password.
Problem: On some devices, when you authenticate, or when you set the password, you may see the following error message: "A problem has occurred with the gwes.exe."
Workaround: To suppress this error and continue, disable error reporting. This problem is not serious.
- Warning: Do not interrupt encryption or decryption. Do not perform a soft reset of the device while it is in the encrypted state. These actions may corrupt the data in files or databases.
Warning: Notes are not encrypted. Any notes that are added to the calendar or to contact information remain unencrypted.
Problem: Logout and Encrypt is not allowed on a device that has less than 256K of free storage.
Problem: Logout and Encrypt is not allowed if one of the files to be encrypted is larger than available storage memory.
Problem: If a call on a Phone Edition device arrives, the phone cannot display the caller name if the contacts database is encrypted.
Important: Contacts are not encrypted on smartphone devices so that contact information is always readable for incoming calls.
Problem: After you use Logout and Encrypt on a Motorola Q9 device, wing dings may appear on some screens (for example, the authentication screen or the change password screen).
Workaround: Soft reset the device.
Problem: If you use the Logout and Encrypt (lock icon) feature, and if there is no PIM or email data to encrypt, you cannot encrypt any data the next time you use the feature. Always make sure that there is at least one contact, calendar event, or email before you use the lock icon to turn off the device. Note that some devices include default contacts or other PIM data.
Workaround: Confirm that there is at least one contact, calendar event, or email to encrypt. Log off the device by using the lock icon, and then log back on to the device. Note whether a status bar about decryption appears. This bar indicates that Logout and Encrypt is fully functional. It appears only briefly if you have only a small amount of encrypted data.
- Important: When you save a file to a Secure Folder, choose the folder from the Location menu, not from the Folder menu.
Problem: Secure Folders cannot be renamed.
Problem: Always use the Secure Folders control panel to delete Secure Folders.
Important: To delete a Secure Folder on a storage card, the storage card that contains the Secure Folder must be inserted into the device.
Problem: On some devices, such as the T-Mobile Dash, secure folders are referred to as storage cards in the Location menu. If there is a storage card in the device, secure folders are listed as storage card 2, storage card 3, and so on.
Problem: The time to copy a file into a Secure Folder on a storage card increases if you also use the native OS encryption. This increase is because the data is encrypted twice, once by the native OS, and once by the Symantec software.
Workaround: On Windows Mobile 6.0 devices that include a native encryption option, disable this option. Or, you can create the Secure Folders on the device, instead of on the storage card.
- Problem: Feature blocking may not work as expected on a device that is not included in the list of supported devices.
Problem: USB blocking does not work correctly if RNDIS settings are selected. On the HTC Hermes (TyTN) and on the Treo 750, the RNDIS settings are selected by default.
Workaround: To allow a USB blocking policy to work as expected, uncheck Enable advanced network functionality (Settings > Connections > USB to PC).
Problem: When a new policy is added to block add-ons, such as storage cards, the following error message appears: "The file sddaemon cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file."
Workaround: Click OK to close the message box. Add-ons are blocked as expected.
Problem: The HTC Hermes (TyTN) device requires a manual soft reset for the following feature blocking options to take effect: speaker blocking or unblocking; add-on storage card blocking or unblocking; IR blocking. If the device receives a policy that blocks any of these features, the policy does not take effect until you perform a soft reset.
Problem: The T-Mobile Dash device requires a manual soft reset to unblock the speaker. If the device receives a policy to block the speaker, you do not need to perform a soft reset. However, if the device receives a subsequent policy to unblock the speaker, you do need to perform a soft reset.
- Problem: The Events by Severity table shows statistics for events with a severity of high, medium or low, but not informational. The Events by Category table shows firewall and security event statistics for all severity levels including informational.
Problem: The Events by Category table is not available in landscape mode.
- Problem: A device cannot be automatically linked to a user record that contains an email address longer than 35 characters.
Problem: To obtain the override access code, the device must be registered with Symantec Mobile Security Manager. Complete registration requires that the device be linked to a unique user record.
Problem: Data Wipe performs a hard reset. All data is lost.
Problem: If the package_contents file is open when a new policy package arrives on the device, you must perform a soft reset for the package_contents file to display the correct information. However, the policy takes effect.
Problem: The device clock must be set to the correct date and time for the Mobile Connect configuration settings to take effect when expected.
Problem: If a device is synchronized in a locked state, you must unlock the device and enter your password to complete synchronization. To access some devices after synchronization, you may need to unlock the device and enter your password again. The password is required even if you synchronized the device in an unlocked state.
Problem: Device Quarantine does not disable IR or Bluetooth connections.
Problem: Help links do not work correctly when you use the English-language version of the software on foreign devices. This issue exists when the Help files are not placed in the Program Files folder on the device.
ROM issues on specific devices
The following known issues are related to older ROM revisions on specific devices. For best performance, install the latest ROM for your device.
Windows Mobile 5.0 PocketPC devices:
- Sprint PPC 6700: ROM revisions before 2.0.6.00 WWE did not support a globally unique device identifier. Symantec Mobile Security Suite uses this identifier for device identification on the Manager console. Without this identifier, the device cannot communicate properly with the Manager.
The unique identifier is also used to block shared files in Secure Folders on a storage card. Without the ROM upgrade, files that are created in Secure Folders on a storage card can be read on other devices without a shared password.
Cingular 8125: If the operating system is earlier than AKU2, installation of Symantec Mobile Security Suite may cause the device to stop responding.
Workaround: Hard reset the device.
Windows Mobile 5.0 Smartphone devices:
- Motorola Q: You must update the OS on this phone to AKU2. Otherwise, you may experience an issue the selected input mode does not reflect actual input.
Cingular 2125: The OS on this phone should be updated to 5.1.195, Build 149126.96.36.199, ROM version 188.8.131.52 or later. Older versions are not supported because of tabbing issues on the initial authentication screen. The initial password cannot be confirmed and the device is rendered unusable.
T-Mobile SDA and QTek 8310: The OS on these phones should be updated to AKU2 or higher. On AKU1 phones, on the initial set PIN screen, use the Options > Tab softkey to navigate to the confirm PIN field. The 'prompt if unused for' field is not accessible on the initial setup screen.
Workaround: Go to Settings > Security > Password to change this setting. After Logout and Encrypt or device idle timeout, press any key for the 5-way navigator to respond.
T-Mobile SDA: On AKU1 phones, a data wipe causes the device to stop responding.
Workaround: To reset the device, remove the battery, reinsert the battery and perform an external hard reset. Alternately, you can wait for an extended period of time. This action may reset the device.
Other device-specific issues
The following known issues are related to specific devices, but not to ROM.
Windows Mobile 5.0 PocketPC devices:
- Warning: On HTC Apache (PPC 6700, XV6700) and HTC Wizard (Cingular 8125) devices, back up all data before uninstalling. The native authentication module may fail to load at the end of the uninstall process. This issue is rare.
Workaround: Perform a hard reset on the device.
HTC Hermes (TyTN): After insertion or removal of an external storage card, the device does not recognize the card until after the device is soft reset.
HTC Hermes (TyTN) and Treo 750: See Feature Blocking section.
Dell Axim X51: See Installation section.
Symbol MC70: The client software interferes with the cache disk, which is configured on the Symbol device by default. After installation, and after every subsequent soft reset, the following dialog appears: "Do you want to try to format this storage card to make it readable? This will permanently delete any files on the card." This message refers to the cache disk that is configured by default on the Symbol device. It does not refer to the storage card. If you click Yes, the cache disk is erased and the name is changed to Mounted Volume. If you click No, the cache disk becomes unreadable. You may experience performance issues with Internet Explorer, because temporary Internet Explorer files are stored on the cache disk.
- Motorola Q9: See Logout and Encrypt section.
T-Mobile Dash: Sometimes the device freezes unexpectedly after a soft reset. This issue exists because of a timing issue.
Workaround: Perform a soft reset of the device. Alternately, remove the battery, re-insert it, and then turn the device back on. See also Feature Blocking.
Windows Mobile 6.5 is supported in Symantec Endpoint Protection Mobile Edition 6.0.1
Article URL http://www.symantec.com/docs/TECH104468