Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog
Showing posts tagged with Symantec Endpoint Encryption - Device Control
Showing posts in English
Tim_Matthews | 09 Dec 2010 | 14 comments

A U.S. Army intelligence specialist? Walking out with confidential documents on a CD? Impossible.

When I first heard about the exposure of hundreds of diplomatic memos, I was anticipating a sophisticated cloak and dagger tale. But Pfc. Manning walked out the door with a bogus Lady Gaga CD-RW filled with government secrets. While my initial reaction was that this never should have happened, I can see where the dual priorities of a worker-friendly environment and the mission-critical imperative to share information quickly could have led to this situation. The good news is that there is a straightforward regimen to help stop these kinds of risks.

1) Install Device Control

Device control, as its name suggests, controls what devices can be used on a given computer. So if you want to disallow CD burning by a government security analyst with access to secret documents...

Joel Boyd | 30 Sep 2014 | 7 comments

Today, Symantec is proud to announce the availability of our newly consolidated endpoint encryption solution, Symantec Endpoint Encryption v11. This solution blends best-of-breed technologies from our PGP and GuardianEdge acquisitions into a single console that includes strong disk and removable media encryption along with out-of-the-box reporting and enterprise-scale management. Symantec Endpoint Encryption 11 includes the following key features:

  • Built PGP Strong: High performing, strong encryption, built with PGP Hybrid Cryptographic Optimizer (HCO) technology and leveraging AES-NI hardware optimization for even faster encryption speeds
  • Robust Reporting: Administrators can take advantage of out-of-the-box compliance reports or customize their own reports to help ease the burden of proof to auditors and key stakeholders
  • Active Directory...
R Freeman | 06 Jun 2014 | 6 comments

With the recent announcement ( that TrueCrypt is no longer supported and may contain security issues, we in the Symantec Encryption group wanted to reach out to the community and help provide an alternative option for multi-platform drive encryption. On April 14, 2014 TrueCrypt completed a security audit ( and soon thereafter the project was shut down. While there has been great interest in the open source community to continue its support, we believe our Symantec Drive Encryption product powered by PGP technology is the best commercial solution with enterprise class support available today.

Some of the most popular methods of using TrueCrypt is creating an encrypted virtual disk shared in the cloud and protecting an external drive. We have provided a couple of articles below to demonstrate...

Kelvin_Kwan | 17 Sep 2013 | 13 comments

Symantec Encryption Releases 3.3.1/10.3.1
In this release, we support Windows 8, increase our Linux platform support, and as always improve security whenever appropriate.  Here’s a summary of what’s new:

  • Support Windows 8 Pro and Enterprise editions 32- and 64-bit versions, for Symantec Drive Encryption both BIOS and UEFI systems (only 64-bit for UEFI), Desktop Email Encryption, File Share Encryption, and Encryption Desktop utilities (PGP Virtual Disk, ZIP, and Shredder)
  • Desktop Email Encryption compatibility with Microsoft Outlook 2013, both 32- and 64-bit versions
  • Desktop Email Encryption compatibility with Microsoft Office 365 Cloud Server when using a supported email client
  • Mac OS X 10.8.3 and 10.8.4 support for Symantec Drive Encryption and Symantec Desktop Email Encryption
  • Symantec Drive Encryption support for Linux.  This now includes Red Hat Enterprise 5.9, 6.3, and 6.4 (32- and...
Kelvin_Kwan | 10 Jun 2013 | 1 comment

You Have Choices
On July 1, 2013, Symantec will officially announce that all customers with active maintenance for Symantec Endpoint Encryption Full Disk Edition (SEE FDE) will automatically have their licenses migrated to our new FlexChoice Disk Encryption license.

Essentially, we are replacing the current SKU for SEE FDE with a new SKU.  This new SKU entitles customers with the ability to choose which disk encryption product you wish to use. You can simply continue to use your SEE FDE product, or you can use the Symantec Drive Encryption, Powered by PGP Technology (SDE) product.  Or, you can use a combination of the two.  

We are NOT discontinuing/end-of-life’ing SEE FDE. I cannot emphasize this enough.  The SEE FDE product will continue to be supported and available for purchase.  We simply are offering more flexibility to our customers to choose whichever product they wish to use for...

Kelvin_Kwan | 20 Dec 2012 | 4 comments

Folks, the holidays are almost once again upon us.  I sit here today trying to clear off my deliverables before I go on vacation.  But you know what? The year simply would not be complete without having to respond to yet another claim of a 3rd party tool being able to decrypt/access a system encrypted by PGP Whole Disk Encryption.

So Here We Go Again…
This morning, I was made aware of a claim made by ElcomSoft that their product could decrypt PGP containers (as well as other Full Disk Encryption competitors).  After reading through their blog and discussing my thoughts with the Symantec Encryption Engineering team, we have come to the conclusion that this claim is false!  There’s truly nothing to see here. 

The Weakness is NOT the Crypto Containers
I would...

phlphrrs | 18 Dec 2012 | 3 comments

There's a growing buzz in the industry about "who" should be responsible for encryption in the cloud from a user perspective.  As usual, the technology to do this is not the hard part – crypto is crypto is crypto, etc.  It's really more of a privacy and legal issue; privacy from the perspective of preventing others from seeing your stuff in the cloud and legal from the perspective of who has control over that data that is secured in the cloud.  
I think we all get the idea of privacy of our data in the cloud.  For example, if you put your personal financial data in the cloud to either be stored and/or used by an application, you want to make sure the data is secure.  If it's just storage, then you can personally encrypt the data before you store it in the cloud using encryption solutions like PGP.  If you're lucky enough to have a cloud provider that encrypts it for you, but gives you complete...

Kelvin_Kwan | 19 Jun 2012 | 30 comments

If you recently purchased a MacBook Air (Model 5,2) or a MacBook Pro (Model 10,1), do NOT encrypt your laptop with the current release of PGP Whole Disk Encryption for Macs (10.2.1 Build 4461).

These are the latest Macs just released by Apple based on the Ivy Bridge Processors from Intel.

Based on our QA testing thus far, we are observing these Macs not booting properly after authenticating the PGP WDE Bootguard screen. Our engineers are aware of the problem and are busily working on a solution to this.

Please check back to this blog for the latest updates.

7/17/2012 @ 1:57 PM PST - Hot off the presses from engineering.  A hotfix to address this issue should be available by the end of July or beginning of August.  I will update this posting with any follow-up information that I have.  Thanks for your patience and understanding. 


Kelvin_Kwan | 30 May 2012 | 1 comment

A few recent headlines (Google translated link) have suggested that PGP encryption can be broken. My first reaction was with a sigh: “Not this again!” Such claims have been made before, and so far not a single one has proven true. Thus far, that seems to be the case here.

Breaking “PGP Crypto” Means Breaking AES
First, remember that PGP products do not use a custom encryption algorithm. They are based on well-studied, standard algorithms such as RSA and AES, at bit lengths that are regarded as best practices for strong...

Kelvin_Kwan | 29 May 2012 | 1 comment

Passware recently blogged about the ability to "instantly decrypt PGP Whole Disk Encryption" with their latest release of Passware Kit 11.7.

Based on deeper investigation from Symantec engineering, it has been concluded that a properly configured PC is not vulnerable to this Passware claim.

A Whole Disk Encrypted machine is not vulnerable to an offline attack. If an attacker was to steal a machine in an offline state (powered off or hibernating state) the first place they would look for the key information is in the hibernation file or crash dumps. The problem, however, is that this is only possible if the PC was not encrypted at the disk block level. You cannot get to the hibernation file or the crash dumps since this information is in an encrypted state, and you would need to authenticate to the disk first to get to those files....