Release Notes for Symantec Endpoint Encryption Removable Storage 7.0.6

Article:TECH134874  |  Created: 2010-01-13  |  Updated: 2010-01-13  |  Article URL http://www.symantec.com/docs/TECH134874
Article Type
Technical Solution


Issue






Solution




What's New

Removable Storage Access Utility
  • The Removable Storage Access Utility can now be used on Mac OS X version 10.5 Leopard and version 10.6 Snow Leopard computers.
  • The Removable Storage Access Utility allows users to encrypt and decrypt data from Mac computers using password-based authentication.
  • Two copies of the Removable Storage Access Utility are automatically copied to removable media, one for PCs and another for Macs.if administrators have chosen the setting to automatically distribute the Removable Storage Access Utility.
  • The Removable Storage Access Utility for Mac complies with FIPS 140-2 Level 1 security requirements. At release time, FIPS 140-2 validation is in process.

Encrypt to CD/DVD Only
  • Administrators can now choose the option to mandate CD/DVD encryption only for endpoints for which hardware-encrypted USB devices are in use.
  • This setting will enforce encryption of all CD/DVD writes performed by the SEE Removable Storage CD/DVD Burner, while not encrypting writes to removable storage devices, such as USB flash drives.

Windows 7 Support
The SEE Removable Storage client now supports both the 32-bit and 64-bit versions of Windows 7 Professional, Ultimate, and Enterprise editions

64-Bit Client and Server Windows Platform Support
  • The SEE Full Disk and SEE Removable Storage endpoint clients now support the 64-bit editions of Windows XP Professional, Windows Vista and Windows 7. (See the Installation Guide for specific edition support for Vista and Windows 7.)
  • The server-side components of SEE Full Disk and SEE Removable Storage now support the 64-bit editions of both Windows Server 2008 and Microsoft SQL Server 2008.

Expanded Upgradeability
SEE Full Disk and SEE Removable Storage now support server and client upgrades from comparable GuardianEdge products. SEE Full Disk supports in-place client upgrades (even if the drive is encrypted) from GuardianEdge Hard Disk Encryption, Encryption Anywhere Hard Disk, and Encryption Plus Hard Disk. SEE Removable Storage supports in-place client upgrades from GuardianEdge Removable Storage Encryption and Encryption Anywhere Removable Storage. See the Installation Guide for details.

Installation Notes
SEE Framework 7.0.6 is only compatible with SEE Removable Storage 7.0.6 and SEE Full Disk 7.0.6. If you are running SEE Full Disk and plan to upgrade to SEE Removable Storage 7.0.6, you must upgrade to SEE Full Disk 7.0.6 also.

Resolved Issues
NumberDescription
MA21845NTBackup no longer fails intermittently on Windows XP computers.
MA18417A Command Prompt window is no longer displayed during the manual installation of SEE Removable Storage on the client.
MA20737Attempts to manually create system restore points on Vista computers no longer fail with the message, “The restore point could not be created for the following reason: The shadow copy provider had an error. Please see the system and application event logs for more information. (0x80042306). Please try again.”
MA21360The 32-bit Manager Console MSI (Symantec Endpoint Encryption Framework.msi) can no longer be installed on a 64-bit operating system.
MA21510
MA21099
64-bit editions of Windows Vista and XP no longer occasionally hang or blue screen when a great number of files (such as 250) or files of large sizes (such as over 1 GB) are copied to removable storage devices.
MA19000
MA19002
Encrypted Word document files no longer become permanently inaccessible if Microsoft Word’s Protect Document or Read-only recommended features are used.
The Installation Guide has been enhanced to include an upgrade procedure for multiple SEE Management Servers.

Known Issues
NumberHardwareDescriptionWorkaround
MA21710Windows Live File SystemIf the user chooses to format a CD/DVD using the Windows Live File System, the existing encryption
policy will be enforced on the CD/DVD but the automatic copying of the Removable Storage Access Utility will not.
Users should insert a regular USB flash drive to obtain the Removable Storage Access Utility. Users can use the Removable Storage Access Utility from the alternate media to decrypt the CD/DVD.
MA21835
MA21950
MA20908
Volume Shadow Service (VSS)Administrators may experience intermittent failures with Windows programs that make use of Volume
Shadow Service (VSS) on SEE Removable Storage–protected computers with operating systems other than Windows XP.
Try again.
MA20591IronKeyUsers will be unable to use IronKey devices when a read-only access policy is in place.
MA11594Anti-Virus ToolsIf an antivirus program scans a removable storage device, multiple password prompts may be generated.Enable group key, set Default Password, or set Default Certificate(s).
MA11146SanDisk U3 SoftwareThe use of SanDisk’s built-in U3 software to download U3 applications is not supported.
MA12322Media Transport Protocol (MTP)Policies will not be enforced on devices that are in Media Transport Protocol (MTP) mode.
MA14639Roxio Easy Media CreatorIf the encryption policy is set to Encrypt all and the disc is formatted with Roxio Drag-to-Disc, files dragged and dropped to CD/DVD using Windows Explorer will be encrypted.
Installation/Upgrade
NumberDescriptionWorkaround
MA22161If a custom destination folder was chosen during the installation of GuardianEdge Management Server 9.2.2, 9.2.1, or 9.2.0, the default path shown in the Destination Folder page during the upgrade to 7.0.6 will be missing the final subdirectory. For example, if you chose C:\GuardianEdge\Management Server\ for your original installation files, C:\GuardianEdge will be the default.Click Change and navigate to the desired destination of the SEE Management Server files.
MA20747If a local instance is selected during the installation of the SEE Management Server, the SEE Management Server uninstallation will fail with the message, “Could not connect to Microsoft SQL Server.”Locate the GEServerConfig.xml file on the SEE Management Server machine. Find (local). Replace with the computer name of the SEE Management Server machine. Save and close the file. Try the uninstall again.

Manager Console
NumberDescriptionWorkaround
MA21648The group key on the client will be changed following the application of a native policy, even if no change was specified.Manually paste the previous group key into the native policy or use Active Directory policies.
MA21307If an XPS print job is cancelled, the following error may be displayed, “The data area passed to a system call is too small.”
MA20559After clicking a column heading to sort by the column, the sort arrow will be displayed to the left of the column heading if the operating system is Vista or Server 2008.
MA16623Deploying an Active Directory policy that contains a change to the Client Administrator settings from a 6.1.0 or later Manager to 6.0.0 or earlier clients will result in a failure of the new Client Administrator policy to be applied, a deletion of all existing Client Administrator policies, and a return to the Client Administrators specified in the original installation settings.When deploying an Active Directory policy from a 6.0.0 or earlier Manager, add the following WMI filter: Select * FROM Win32_Product WHERE (name="Symantec Endpoint Encryption Framework Client") AND (version <= "6.0.0")
When deploying an Active Directory policy from a 6.1.0 or later Manager, add the following WMI filter: Select * FROM Win32_Product WHERE name = “Symantec Endpoint Encryption Framework Client” ANDversion > "6.1.0"

Microsoft Office Files
NumberDescriptionWorkaround
MA21207After a user opens and attempts to save a previously encrypted Microsoft Office 2003 or 2007 file residing on removable media other than CD/DVD when an Encrypt to CD/DVD only policy is in place, a “permission denied” error will occur.The user should select Save As instead of Save.

Removable Storage Access Utility
NumberDescriptionWorkaround
MA21504
MA21508
If more than one removable device or CD/DVD
containing the Removable Storage Access Utility is simultaneously inserted into a Mac anomalous display of device contents will occur.
Remove all media containing the Removable Storage Access Utility. Reinsert only the medium that you wish to access. Ensure that only one medium containing the Removable Storage Access Utility is inserted at any given time.
MA21347The device must have free space equivalent to twice the size of each file to be encrypted to accomplish encryption using the Removable Storage Access Utility on a Mac.
MA21392If a Mac user adds a file or folder to the device, declines to encrypt it, then chooses to encrypt it later, the file may show a status of No in the Encrypted column and be inaccessible.Remove and reinsert the device.
MA21252Users will be unable to launch the Removable Storage Access Utility from Mac computers if the RSMacAccessUtility.dmg file or the Mac Access Utility folder was renamed.Rename the folder to Mac Access Utility. Rename the file to RSMacAccessUtility.dmg. Try again.
MA18663The Removable Storage Access Utility will not be copied automatically to CompactFlash cards inserted into multi-card readers after Windows has loaded.Power down, insert the card, and power on.
MA17816
MA17526
Upon closing the Removable Storage Access Utility on a PC, users will not be prompted to encrypt unencrypted files if the files were added to the device using Windows Explorer or using the Send to right-click menu option.Users should use the Removable Storage Access Utility to add files to their
removable storage devices, not Windows Explorer.
MA18337Users may be able to copy two files or folders of the same name to a removable storage device using Windows Explorer or the Send to right-click menu option on a PC.Users should use the Removable Storage Access Utility to add files to their
removable storage devices, not Windows Explorer.
MA17454
MA18230
When an Encrypt all policy is enforced in conjunction with the writing of the Removable Storage Access Utility to all devices, users may receive a Write Failed message after clicking Continue or Limited Access on the pre-existing files warning message and a 0 byte
Autorun.inf file will be copied to their device.
Users should be instructed to ignore these messages and occurrences.

File Decryption/Encryption
NumberDescriptionWorkaround
MA20076
MA21512
Users may be unable to decrypt files encrypted by the Removable Storage Access Utility from an SEE Removable Storage–protected machine—if the device is of a sector size other than 512 bytes.If the file was encrypted on a PC, you can use the Removable Storage Access Utility on a PC to decrypt the files.
MA16902Browsing the contents of removable storage devices using Windows Explorer, users may receive repeated decryption prompts for thumbs.db and image files when Thumbnails or Filmstrip is selected from the Windows Explorer View menu.The user should set a Default Password or Default Certificate(s) or else avoid viewing removable storage device files in these modes.
MA2061864-bit Vista machines protected by SEE Removable Storage may blue screen after overwriting multimedia files on a removable storage device when multimedia exemptions are not enabled and either an Encrypt all or Encrypt new policy is in place.
iTunes Synchronization
NumberDescriptionWorkaround
MA20798Users who have synchronized photos from a machine not protected by SEE Removable Storage may experience encryption of the photos upon inserting the iPod Classic or Nano into an SEE Removable Storage– protected machine when an Encrypt all policy is in place.The user must resynchronize the iPod from the machine not protected by SEE Removable Storage.
MA20803
MA20804
If an Encrypt all or Encrypt new policy is in place and the user places files in the Calendar, Contacts, Notes, Recordings, or Photos directories of their iPod Classic or Nano using iTunes, these files will be encrypted by SEE Removable Storage. Encrypted files will not be visible once the iPod is detached from the SEE Removable Storage–protected machine.Users must return to the SEE Removable Storage–protected machine to view the content.
MA20895
MA20893
MA20902
If the user does not have iTunes closed when they plug in their iPod, synchronization may fail.Restore the iPod to its factory settings from a machine not protected by SEE Removable Storage. Ensure that users remember to close iTunes before plugging in their iPod.

File Icons
NumberDescriptionWorkaround
MA16932If the key for an encrypted EXE file is not available, the file may bear the icon of an unassociated file.Ignore the incorrect icon display.

Safely Remove Hardware
NumberDescriptionWorkaround
MA15648Under an Encrypt all policy, if Continue is selected on the limited access message and the device contains both encrypted and unencrypted files, selection of Safely Remove Hardware from the system tray may occasionally produce a message that the device cannot be removed.
MA20831iPod Classic, Nano, and Shuffle devices cannot be safely removed.
CD/DVD
NumberDescriptionWorkaround
MA15003If a CD or DVD is in the drive when the user registers, the user will be unable to read the CD/DVD following registration.Log off Windows or reboot.

Novell Logon
NumberDescriptionWorkaround
MA19876Users will have to log on to Novell and Windows
separately following the installation of SEE Removable Storage, if SEE Full Disk is not also installed.
Section 508
NumberDescriptionWorkaround
MA16937JAWS does not always announce all of the information displayed within the Registration wizard and User Client consoles.Users should follow these steps:
1. Press INSERT+F9.
2. Select the frame that is of interest from the
resultant Frames List dialog.
3. Click OK.
4. Press P.
If this doesn’t work, restart JAWS and
try the steps again.








Legacy ID



2010071316194048


Article URL http://www.symantec.com/docs/TECH134874


Terms of use for this information are found in Legal Notices