Is it 10.7.2 compatible?
Updated: 16 Oct 2011 | 49 comments
This issue has been solved. See solution.
Apple just released two updates to Lion. The Lion Recovery Update 1.0 and Mac OS X Update 10.7.2. Is WDE compatible with these updates, or will it break? If it will break, is there a workaround, and when will Symantec address the issue?
Discussion Filed Under:
Comments
yes it would be nice to know
yes it would be nice to know if it would work..... sigh
Obviously not.. :-( I just
Obviously not.. :-( I just upgraded my mid-2011 MacBook Air to 10.7.2 and it bricked my machine. I did it twice, restoring 10.7.1 and everything is fine, then go to Software Update and choose 10.7.2 and after it reboots, I'm dead in the water. (I get the "no go" symbol.)
When I tried booting up in single-user mode, I saw a few errors from pgpwde that I'm sure were the cause of the problem. I want to be able to mount PGP disks on this machine, but the hard disk itself is not pgpwde-encrypted. So it shouldn't be affecting me at all, but it is, obviously.
pgpwde shouldn't be doing *anything* until I try mounting a USB device. But .. it is somehow keeping my root file system from ever becoming available.. It just hangs waiting for the root device forever, until I hard power-cycle and boot up in recovery mode.
Steve
Lion Recovery Update?
Did you run just the 10.7.2 update or did you also install "Lion Recovery Update" http://support.apple.com/kb/HT4986?
I am sorry about the trouble,
I am sorry about the trouble, but we just recently discovered last week an issue with an EFI firmware version on the Macbook Air and PGP Desktop 10.2 (even with Build 1950) where the disk won't reboot after encryption. Please read this kb article for more information:
http://www.symantec.com/docs/TECH171894
For those that aren't using the Macbook Air, please see below for the accepted answer. most people, the solution is to make sure that you are on the latest build of PGP Desktop that is generally avaiable as of 10/16/2011 which is PGP Desktop 10.2 MP1 (Build 1950)
Steer clear of 10.7.2 update unless you fully un-install PGP..
As per the above its a horrible route to try and get PGP uninstalled from Lion before upgrading to 10.7.2.
I had to download the PGP 10.2MP1 upgrade (faking the URL as per another post), install it so it would actually run on Lion and then 'Un-install' and manually remove all the files as per the instaructions here:
<http://prowiki.isc.upenn.edu/wiki/Removing_PGP_Desktop_on_a_Mac>
Then do a reboot to make sure all traces of PGP have been removed from my MBAir, the run the 10.7.2 installer (or just use Software Update).
My MBAir now boots up into 10.7.2 (with Lion encryption enabled).
FYI - Our release notes
FYI - Our release notes clearly state that you need to decrypt and uninstall PGP for ANY major OS upgrades on Mac
Also, we have a KB article online that states that PGP Desktop 10.2 Build 1672 and older doesn't support Mac OSX Lion.
Ben: I appreciate the abuse
Ben: I appreciate the abuse you put up with here:)
The 10.7.2 update isn't a major upgrade. It's going from 10.7.1 to 10.7.2. This wouldn't seem to meet that criteria.
-Scott
Ben First and foremost,
Ben
First and foremost, and speaking for myself, the frustration I express here isn't directed to you personally or the other support staff; it's directed at Symantec, as a company. So when I say, "you" here, I'm mean Symantec.
Yes, the easy solution is to pass the blame to us, the users, because of a disclaimer you wrote in the release notes.
The reality is that the Applications folder on my Mac contains 170 applications. It would be unreasonable for me, or any user, each time there's a minor OS update or security patch to go back and read through every app's release notes to figure out whether there's something that needs to be done.
In the case of the recent Mac OS update -- not from 10 to 11, or even 10.7 to 10.8, but rather from 10.7.1 to 10.7.2 (!!) -- I received a small number of emails from makers of various apps I own, warning me about known incompatibilities they were having with 10.7.2.
Symantec/PGP has had my email address in their databases for over a decade. And I don't want to hear about PGP to Symantec hiccups again, because in this case I just bought PGP fresh three days ago.
Please explain to me why it is not possible for Symantec to email its customers with warnings about 10.7.2 upgrade incompatibilites, OR AT LEAST reminding us of what's stated in the release notes that we should never upgrade the OS without first removing PGP? The whole *planet* knew in advance that 10.7.2 was going to be released precisely when it was.
Matt
Let me take the opportunity
Let me take the opportunity to rescind my statement. I was more or less stating that any major OS upgrade does require a decrypt and an uninstall of PGP desktop. I must have mistakenly misread one of the previous comments talking about the upgrade as I thought that was what they were discussing.
But also, I have seen people on here reporting that they are still using PGP Desktop 10.2 Build 1672 or older. We have online KB articles and blog postings stating to not encrypt your drive or upgrade to Mac OSX Lion in the first place on this version. By doing so, I guarantee you that you will run into problems.
I am in no way trying to put blame on the end user or tell you that you did something wrong. Just stating factual information.
In short:
Mac OS X 10.7.2 update has been tested and verified to work with PGP Desktop 10.2. MP1 (build 1950) if you are on build version lower than that number. I would recommend upgrading immediately before performing said update, or encrypting a disc that has this version installed as well.
Please don't shoot the messenger, I'm only here to help :)
Ok, thanks for clearing that
Ok, thanks for clearing that up.
However, censorship is not acceptable. I expect you to put my comments back on the board within 48 hours, or I will contact several large computer magazines with excerpts from the saved discussion that I have on file here.
Argh, ...
Argh, I was afraid that was what I'd have to do. I reallllly don't want to have to do that. Does it also mean that I won't even be able to mount pgpwde-encrypted USB drives on my MacBook Air after that point?
Thanks.
Steve
Not sure...
I'm not sure as I never intend to install PGP again, any PGP disk I did have I have decrypted and used an encrypted disk image from Disk Utility instead...
For all of you who got scr....#$% by PGP again on 10.7.2...
See this thread for solution that worked for me (posts by ik8sqi2):
https://discussions.apple.com/message/16333057#163...
Not 48 hours have passed,
Not 48 hours have passed, since I wrote the following article about my insanely bad experience with Symantec and PGP for the Mac.
http://www.thisux.com/2011/10/10/an-awful-experien...
The article ends with my capitulating, and buying a fresh new version of PGP, 10.2.
Can you imagine my face, when I discovered that PGP was to blame for the bricking of my MacBook Air after updating to 10.7.2? And I bought PGP Home, for kids, so that I can simply decrypt some old files from time to time! Why are there kernel extensions being installed?!?
So how long have the Symantec developers had the 10.7.2 betas? You think the good folk at Symantec could have been thoughtful enough to maybe email us with a warning about upgrading?
And about this forum software...
Am I the only person that seems to get prompted for a CAPTCHA only AFTER clicking the post button this forum? Is this also related to the expiration of my "Upgrade Assurance Policy"?
Has happened to me in the
Has happened to me in the past. Not recently
PGP 10.2 MP1 (Build 1950) works with 10.7.2
Hi I've tested 10.7.2 update on three different macs running PGP Desktop 10.2 MP1 (build 1950) and i haven't seen a problem.
Scenarios tested:
Macbook air 3,1 Lion 10.7, WDE encrypted with PGP DT 10.2 MP1
Macbook Pro 6,2 Lion 10.7, WDE encrypted with PGP DT 10.2 MP1
Result: PGP Bootgaurd displayed, successful boot to OS X
Macbook Pro 4,1 Lion 10.7.1, WDE encrypted with PGP DT 10.2 MP1
Result: PGP Bootgaurd displayed, successful boot to OS X
Thanks Sarah, nice to know I
Thanks Sarah, nice to know I am a bit gun shy.
-G
I'm currently running 10.2.0
I'm currently running 10.2.0 1672. Is the 1950 a hotfix to 10.2?
build 1950 = MP1
Build 1950 = 10.2 MP1
it's the only version that is compatible with Lion
http://www.symantec.com/docs/TECH165159
Thanks Sarah, on the phone
Thanks Sarah, on the phone with Symantec now. Weird thing is that I just went through support a week ago to get the 10.2 build and they never mentioned MP1. Just got it. Applying now.
Has anyone running Boot Camp
Has anyone running Boot Camp tested it?
If PGP is slow with these updates it causes a security risk from 0-day exploits that people running FileVault will not be subjected to.
Also, it is a huge problem in enterprises as it's not a given to block people from running Apple's Software Update and if people start doing so on their own in numbers (which they do) data could get lost and IT people have to spend valuable time fixing stuff afterwards.
PS. it would be nice if someone from Symantec told us whether it works or not, and not other users. And what you are doing about it.
Updating Lion now
Just installed the 1950 MP. Running the update now.
Here's hoping:)
Of course I ran a fresh time capsule back up...trust but verify and all.
-Scott
Just installed 10.7.2 and as
Just installed 10.7.2 and as Sarah experienced...everything is fine.
Love the product, just not the way it's being supported.
-Scott
what mac do you have ?
what mac do you have ?
It works fine! Why not just say so?
It works fine! Installed 10.7.2 Combo and the Recovery update from .dmg's downloaded from Apple. No problem, even with Boot Camp installed.
Criticism of Symantec has been censored from this comment.
Okay, this is getting to be a
Okay, this is getting to be a long thread. So I will try to summarize the issue:
People that are on Mac OS X Lion 10.7 and upgrading to 10.7.2 from a previous build may see an issue after the upgrade with not being able to boot.
PGP Whole Disk Encryption 10.2 did not support Mac OS X Lion (10.7) as has been tested and found to be incompatible and very problematic on builds prior to 1950 of PGP Desktop 10.2. This means that if you have installed the GA release for PGP Desktop 10.1.2 or 10.2 this is not supported on a machine with Mac OS X Lion. You will need to upgrade to version 10.2 Build 1950 for your mac to be supported.
We have tested the 10.7.2 update in conjunction with PGP Desktop 10.2 MP1 (Build 1950) installed and the machine appears to be functioning correctly.
I hope this helps
One thing of note though...
If you have a brand new Macbook Air that was made since August of 2011. DO NOT ENCRYPT YOUR DISK without readin this article first to see if there any updates on the problem. If you have already encrypted, the article explains what you need to do for recovery.
http://www.symantec.com/docs/TECH171894
Thanks.
Censorship
You have blatantly deleted many of my messages here. Worse still, you have actually EDITED some of them to remove parts you don't like. Without asking me first, and without informing anyone that my posts have been edited. This is clearly a violation of my integrity.
Do you think it is helpful to Symantec's reputation that you just censor sensible criticism and constructive and important questions?
If you do not put my posts back up again, I will start blogging about my experience with your censorship, and make sure those blog posts get high Google rankings. The country I live in has absolute freedom of expression in regards to corporate criticism, so there will be no legal means for you to have those blog posts deleted.
Haven't you learened the elementary wisdom about the Streisand effect? Are you really such Internet amateurs that you think censorship will do anything but make things worse?
Bad, Symantec. Very bad.
I'm not aware of any such
I'm not aware of any such editing or deleting occuring on this forum. I'll ask around and see if I can find anything out about this.
If/when you consider your issue resolved, please click Mark As Solution on the post that best provided the solution.
Search the Knowledge Base
One of my posts was also
One of my posts was also deleted, though, admittedly, it was one that consisted of nothing more than frustrated sarcasm (so I didn't feel to bad about it being deleted.) I'd be upset too, though, if a post that was simply critical of Symantec was edited or deleted without my knowledge.
A bold, honest and well-intentioned response goes farther
I disagree.
I believe that only trolls and offensive comments with foul language deserve being censored.
Even if a post contains frustrated sarcasm, the best way Symantec can handle that is to clear up things and get upright about the issues, NOT censoring anything at all. Furthermore, along with frustrated sarcasm one can frequently find constructive criticism which should be listened to.
Symantec finally did clear things up, somewhat.
They have cleared up the fact that this seems to be an issue with certain Air models rather than all machines that are upgraded to 10.7.2. But the first response was, as I said earlier, lazy and irresponsible in that it just waived responsibility and blamed the users, citing bureaucratic lawspeak. It was a very arrogant and half-hearted response on the part of Symantec, and I am sure they regret it now.
The reasoning behind the censorship might have been to avoid confusion as users started believing it was not 10.7.2 compatible while in reality it was an issue with specific computer models. However, such misunderstandings are best handled by clearing things up in boldly visible responses, not by editing or deleting comments. Furthermore, it seems like much more than this misunderstanding has been edited out. In fact, everything that is slightly uncomfortable has been removed, including criticism of the way Symantec's employees first handled this question.
It wouldn't surprise me if the Symantec employee who is behind the censorship has also "changed" his or her own comments, and the motivation might be protecting him/herself from criticism from his/her superiors as much as anything else.
Here's what really bothers
Here's what really bothers me:
1. If you go to Symantec.com, and try to find out whether PGP for Mac is compatible with OS X 10.7.2, it's practically impossible. You have to go to Google, and find this thread.
2. If you go to Symantec.com, and try to simply find a PGP for Mac downloadable update, it's practically impossible. You have to go through licensing portals, and request a patch to be added to your account, blah blah blah. It's bloody rediculous.
3. Every three-man company on the planet these days has access to simply mailing systems like Campaign Monitor and Mail Chimp, and regularly email their customer base with news. It is inexcusable that Symantec doesn't communicate with its user base about these issues. Why don't they warn us about OS updates? Why don't they announce the availability of software updates?
Right now, the version of PGP that I bought a week ago doesn't run on my updated MacBook Air 10.7.2, and I have no idea what to do about it. And that sucks.
We will have a patch (hotfix)
We will have a patch (hotfix) available by the end of the month. But we will also have this fix included in our next maintenance pack (MP2) by sometime early part of December. If this is more urgent (ie you MUST encrypt that macbook air and have no workaround) then you will probably want to update to the hotfix as soon as it's made avaiable. if you can wait till the maintenance pack, that is ideal since it includes many other fixes that are tested and verified rolled up into the update.
How to get the patch?
Ben,
Thanks for this. Two questions:
1) Will you please email owners of PGP when the hotfix is available, or when the MP2 pack is out?
2) Can you please make the patch/MP2 updates accessible via a simple download somewhere, and NOT make us figure out which of the (at least) four portals that Symantec operates we have to log into, and submit a request, etc. etc.?
Thanks again,
-- Matt
If you suscribe to this KB
If you suscribe to this KB aricle. you will receive a notification when we update it about the hotfix being available.
Go here:
http://www.symantec.com/docs/TECH171894
Click Subscribe via email on the right next to the heading of the article.
You can also subscribe to our encryption blog here:
https://www-secure.symantec.com/connect/comments-r...
Editing or Deleting Threads
Hi folks,
Eric here, I'm the admin for the security area. As a general rule, we allow complete transparency on the forums - so whether the comment is flattering or negative, we generally will leave it and appreciate the constructive criticism.
That being said, posts will be edited (and generally you'll see the following notation) [Edited], when a user is using profane language, or "calling out" another user as if to initiate a "virtual confrontation." In these scenarios, I will edit the post. We are all professionals in our respective industries - and we expect our users to act professionally while on the community - and 99.9% of the time, there's no issue.
Deleting a post almost never occurs. It will occur when we find a user "gaming the system" for points, providing a comment that is a "me too" (with no substantive value), or may have so much profanity, that deleting the comment and banning the user is the most appropriate action. However, when we delete a post, we do alert the user with an explanation. But, we're talking extremes on a professional end user forum such as this. Those examples rarely occur.
If you find it happens again, let me know.
Best,
Eric
Subscribe to the upcoming Security Newsletter - Log in, visit your profile, and click on "Newsletter Subscriptions!"
You did delete one of my posts here.
Eric,
For the record, you did delete one of my posts here. It was a post written in frustration, and only contained sarcasm, so I'm not upset that you removed it. But it didn't contain profanity, and I wasn't alerted to the removal.
-- Matt
External drives now hosed?
After upgrading to Lion 10.7.2, I am no longer able to mount two external drives. During my first attempt to open the drives after the upgrade, my password was accepted then I received an error message telling me that the drive was "unreadable" One of the drives had previously been encrypted with PGP but decrypted before being encrypted by Lion. The other drive had never been encrypted with PGP but did have a PGP disk as part of the content. I uninstalled all PGP files from my laptop before connecting the dives. I had been using the latest release of PGP.
Please tell me how to resolve the problem.
Are you sure that it's PGP
Are you sure that it's PGP causing the problem in this case then? If you don't have PGP installed on your mac. You don't have the drives WDE encrypted (they have may have been at one point, but are now decrypted by PGP). Then it doesn't sound like PGP is causing your problem. Am I understanding what yo uare saying correctly?
Yes, you are understanding
Yes, you are understanding me. Both drives worked fine before the upgrade and neither will boot now. The same problem has been reported to Apple and is being discussed in their support forums here: https://discussions.apple.com/message/16369229#16369229
No support for trail-version!
As our company is thinking about to shift our equipment partly towards MACs we tried the downloadable version (build 1950) of the Product on MAC Book Air (OS X 10.7.2) with the same result.
To step forward we asked the Support-Line , how to get the MP1 patch. The answer was, that they do not support trail-versions!
Very good job guys! How can we decide, if it is just waste of money to buy your product or not, without any chance to test it?
My suggestion for my boss will be – not to by use any Symantec products as long as customer are treated like this.
I think the best thing to do
I think the best thing to do in this case would be to work with your sales team that sold you the product to see where you can go to from here. They should be able to work internally with support to help find you a solution.
We are not enterprise customers!
Ben,
Don't you understand that most of us are not "enterprise" customers? We don't "work with sales teams" to buy software. I don't want to monitor my "upgrade assurance plans".
In my company, we're 35 people. I'm the owner, and I'm coding software and managing projects. When I need software, I want to go to a website and download it. When it needs upgrading, I want to go to the Support section of the website, and download it. When a new version comes out, I want to enter my serial number on a web page, and get an upgrade discount, and then download the software. When an OS version update is around the corner, I want to get an email advising me if there's an issue. I want to follow your Twitter account, and interact there, too.
Look at the size of this thread. Apart from you and Tom, nobody with any authority at all from PGP has even chimed in here. It is becoming obvious to me that Symantec is company that exists to market 600+ products and corresponding maintenance contracts to middle managers in insurance companies, who have budgets they have to spend, and feel good to be able to tell their boss they've bought some "endpoint security".
Why doesn't Symantec just come out and say that. Just say, "we're not interested in the individuals and small companies, who are accustomed to a simple and more responsible relationship with software providers"?
Would you mind responding to these points?
-- Matt
Hi Ben, You didn’t get the
Hi Ben,
You didn’t get the point. There is no sales team yet. We used the trail version downloadable here:
http://www.symantec.com/business/whole-disk-encryption
My suggestion would be to update your page with the current version or provide the fix on the same place.
It makes a very stupid image from your company, if a customer tests your downloadable trail-version and the first reaction of the test-machine is not to come back after installation and disk-encryption!
Tell me, why should we contact any sales person from your company at this stage?
I am truly sorry, but I
I am truly sorry, but I can't change Symantec policies.
To respond to your points:
You may be correct in that Symantec is more focused on larger business' that purchase Enterprise Support contracts. We do also have our Norton products for consumers/small business. Furthemore, customer who pay for maintenance agreements, get priority support through the phone.
It is not that we are not interested in having more business. No matter the size of the company. it's that we are always going to service our paying customers first, over those that are not paying for support. Every large software based company follows this model. Microsoft, Oracle, Siebel, Vmware, IBM, I could go on and on).
To answer your last question
Because you are at a phase in your deployment that most companies would consider a "pre-sales engagement" meaning that you haven't officially bought the product yet. You haven't officially paid for support yet either. Therefore, sales acts as the intermediary for support on your behalf. You don't have to have a "dedicated sales guy" to call up our sales team and let them know that you are running into problem and that it's keeping you from deploying the product of buying from us. They can take action from there. I would highly encourage you to contact them here:
http://www.symantec.com/business/contact_sales.jsp
Ben, Thanks for the reply.
Ben,
Thanks for the reply. I'd like to take issue with something you said:
We *are* paying customers. We bought the product. That should entitle us to some *minimum* level of reasonable support.
And "support" in the context of an insurance company that has 1000 users on an Oracle DB is a little different than the support a three-person company needs with a simple desktop encryption product like PGP. All we ask for is:
The first four things I've listed above can be automated, it just requires at least one person with authority in the organization to have some empathy for small customers that aren't in the Fortune 500. And communicating with us doesn't have to be costly either. Make announcements in Twitter. We can all follow a twitter account.
Kind regards,
-- Matt
....in addition: what about privat users?
first I fully agree with the points makalu mentioned. Nothing against the forum here, especially the support by Tom McCune (whose impact into the forum I am appreciating since years when I started years ago using PGP 9 under previous owner) and PGP_Ben.
I am just a single user of PGP 10.2 (private), it was really not easy at all to purchase a "Maintenance upgrade" (or called similar) few months ago via a "Symantec reseller" company to receive upgrades/updates of PGP further for one year (I found this company online):
After many phonecalls they politely dealed with my case although they "usual deal only with buisness customers and not with single users" and I had to pay the bill via bank transfer after it came by snail mail to my home address, nothing online, nothing with credit card...
Nowadays this should be made much easier. Why PGP/Symantec customers are not able to buy these assurances/maintenance upgrades just at the Symantec online store?
What about private users? We also payed for the software (and it is not really cheap besides the unpayable value of security).
Purchasing of upgrades/assurances should be improved. I like PGP and hope that the new owner will keep it alive (including the philosophie of P.Zimmermann: published source code, no backdoors).
kind regards, Stork
I was with lion and before
I was with lion and before the last mac os patch.... I use bootcamp and vmware fusion... after the pgp install i could no longer boot windows... it was odd as vmware could bring up the bootcamp windows as a vm for awhile then that stopped... I removed pgp to update to the lastest mac os update.... and when i did that windows worked again.... so there seems to be some problems.
s
Would you like to reply?
Login or Register to post your comment.