Video Screencast Help
Encryption Blog
Showing posts tagged with Symantec Endpoint Encryption - Device Control
Showing posts in English
Kelvin_Kwan | 10 Jan 2012 | 23 comments

It has come to Symantec's attention that an OS X 10.7.3 update release is imminent from Apple.

Based on past experiences, we do NOT recommend users currently encrypted with PGP WDE or SEE FDE for Macs upgrade to OS X 10.7.3 when made available by Apple.

Symantec is actively testing PGP WDE and SEE FDE against the 10.7.3 developers build from Apple. We will continue testing against all developers code from Apple and also against the official release from Apple.

Please check this blog for updates as they become available.

Kelvin_Kwan | 15 Oct 2011 | 0 comments

Apple released a new generation of MacBook Air notebooks and Mac mini desktops in mid-2011.  These latest releases of MacBook Air notebooks and Mac mini desktops have a known issue with Symantec PGP Whole Disk Encryption. Symantec Engineering has isolated this issue down to specifically the latest version of Mac Book Air notebooks 4.2 with the Intel Core i5 and i7 processors and the mid 2011 versions of the Mac mini desktops 5.1, 5.2, and 5.3 with the Intel Core i5 and i7 processors.

We have successfully tested and verified that PGP Whole Disk Encryption 10.2MP1 works with all MacBook Air notebooks and Mac mini desktops and the Lion OS X operating system prior to the latest releases of these MacBook Air notebooks and Mac mini desktops.

An easy way to distinguish the latest generation of Mac Book Air notebooks and Mac mini desktops are to look for the presence of a ...

Kelvin_Kwan | 19 Aug 2011 | 4 comments

 

As many of you know, the Trusted Computing Group (TCG) was an initiative started by some well-known technology companies to help standardize and implement Trusted Computing.  One of the first “products” to come from this was the Trusted Platform Module (TPM).  There are various vendors that take advantage of the TPM chip for security related functions.  (Full disclosure:  Symantec is a member of the Trusted Computing Group.)

The next significant “product” to come from TCG is the Opal standards for Self Encrypting Drives (SED).  The Opal standard is an industry standard for any hard disk drive (HDD) manufacture to sell SEDs that would comply with these standards.  Now what this means, is that these HDDs will have encryption already built into the hardware.

“Great!  We won’t need to evaluate any of the software encryption vendors out there.  We can simply just buy SEDs from the...

Kelvin_Kwan | 20 Jul 2011 | 14 comments

 

Now before I begin “The Chicken or the Egg” portion of the blog, I want to address an issue that many people are asking or wondering.  “Why must I first decrypt before upgrading to Lion?”  Well there are many reasons.  However, one of the biggest reasons is that in Lion, Apple has added Recovery Partition Support.  This Recovery Partition allows you to perform repairs and recovery to your Mac without having to find the DVD that came with your Mac.  This is important, because whenever your system is encrypted, it is NOT advisable to create, resize, or move partitions.  This is regardless if you’re running OS X, Windows, or Linux.  Bad things (e.g.  Data integrity issues) tend to happen when encrypted and you do partition modifications.  So,...

Kelvin_Kwan | 19 Jul 2011 | 2 comments

As you might have seen or heard, Symantec recently announced new features to our encryption products.   I’ll give you a quick run down of some of the highlights of this latest release.

One of the most exciting features is the introduction of Symantec PGP Viewer for iOS.  This has been one of the most asked for feature by customers who need a solution to  “My CxO wants to be able to read encrypted emails on their iPad or iPhone.”  Well, it can now be done with the PGP Viewer for iOS.  You can decrypt your emails locally on your iPad, iPhone, and iPod Touch devices now.  Best of all, the PGP Viewer is free from the Apple App Store (expected to be in the App Store by late summer.) It does require PGP Universal Server for key management, so wait until you get information from your mail administrator before you install it.

Another really cool feature is the ability of Symantec Endpoint Encryption Full Disk Edition (SEE FDE)...

Kelvin_Kwan | 11 Jul 2011 | 0 comments

 

We are once again writing to follow-up on our early post related to a similar issue from January.  This time, it’s for Mac OS X upgrades to Apple’s just released 10.6.8 update and PGP Whole Disk Encryption for Macs. 

Much like the previous post, Apple’s automated Mac OS X 10.6.8 Software Update mechanism bypasses the protections of PGP Corporation had put around a critical file needed for normal system startup.  This time however, users who are running 10.1.1-Build 10 and newer had no problems with the Apple 10.6.8 update as expected.  Users running older versions, however, ran into problems.

As communicated previously, the PGP Engineering team discovered that the Apple automated Software Update mechanism bypassed the protections PGP built-in to protect the boot.efi file.  This...

Kelvin_Kwan | 02 Mar 2011 | 0 comments

Most recently, we have had enterprise and individual customers complain to Symantec about BSODs pertaining to PGP Whole Disk Encryption.  Initial signs were pointing to the pgpwded.sys driver as the culprit.  Symantec’s engineering team has analyzed dozens of submitted crash dump files and has come to the following conclusion. 

Symantec believes that the BSOD is being caused by a stack space resource issue.  The reason the pgpwded.sys driver is being seen in crash dumps first is that the pgpwded.sys driver is the last to be loaded.  Thus, the pgpwded.sys driver seems to be the tipping point for the BSOD.  But it is not, in fact, the cause.  Here’s why.

Caution:  Geek material ahead!  A quick summary on stack space. 
Stack space is limited and is a shared resource between the Windows kernel runtime and device...

Brian Tokuyoshi | 25 Feb 2011 | 1 comment

In a recent press release, the British Information Commissioner’s Office commented about a recent data loss incident experienced by the Cambridgeshire County Council.  In a roundabout manner, it turns out that an encrypted memory stick triggered a course of events that led to the loss of sensitive personal information.

The council attempted to do the right thing, by providing an encrypted memory stick to its employees, free of charge. However, due to issues with the device, a frustrated employee stopped using the encrypted device provided to him and replaced it with an unapproved, unencrypted one. The unencrypted device contained sensitive information, and unfortunately it was lost, thus resulting in a data loss incident.

This incident brings up an important issue – it’s not enough to have an...

Brian Tokuyoshi | 19 Jan 2011 | 0 comments

Blog Entry – Prioritizing Key Management When Considering the Cloud

One of the trends that I’ve noted when talking with customers is the desire to get cryptographic keys under better central management in anticipation of the cloud. At face value, one might wonder what the connection might be. Why build a key management plan before rolling out a cloud computing strategy?

It turns out that there are several good reasons:

  1. There’s no better time to build out a strategy for managing keys. Once an IT organization evaluates where their data exists and where the encryption lives, the more important better management tools become. It makes a lot of sense to get the existing key management issues under control as a precursory step before moving applications and data to the cloud.
  2. There’s a lot of concerns about cloud security models, especially with respect to who holds the keys. One of encryption’s central use cases is being...
Tim_Matthews | 17 Jan 2011 | 1 comment

We're writing to follow up on our post on this issue last November.  Since then, Symantec has provided both a workaround and hotfix to address the client problem encountered with PGP Whole Disk Encryption when updating Mac OS X.  A maintenance release that will proactively address this issue is now available.

In case you missed our earlier communication, in Mac OS X 10.6.5, Apple's automated Software Update mechanism bypasses the protections PGP Corporation had put around a critical file needed for normal system startup.

Prior to the release of the Mac OS X 10.6.5 update, the PGP Engineering team tested every version of the early developer release of the update provided to PGP by Apple and no conflicts were found. However, we identified after the release of the update that Apple's automated Software Update mechanism bypasses...