Endpoint Security Client – Full Disk Encryption 7.0 – Revision Tracking

Revision Tracking Version A
Endpoint Security Client – Full Disk
Encryption 7.0 – Revision Tracking
Copyright © 1997-2008 Check Point Software Technologies, Ltd. All rights reserved
This document contains information on changes and corrections implemented in previous
versions Full Disk Encryption (FDE); these versions were named Pointsec for PC and (from
version 6.2 and later) Pointsec PC.
For new functionality, changes, corrections and the latest information on the current release,
see the Endpoint Security Client R70 Release Notes.
Contents
Pointsec for PC 6 .................................................................................................................................... 4
New in Release 6.3.1 ............................................................................................................. 4
Changes and Corrections in 6.3.1 HFA3 .............................................................................. 4
Changes and Corrections in 6.3.1 HFA2 .............................................................................. 7
Changes and Corrections in 6.3.1 HFA1 .............................................................................. 8
Changes and Corrections in 6.3.1 ...................................................................................... 12
New in Pointsec PC 6.2 ....................................................................................................... 20
Changes and Corrections in 6.2 HotFix Accumulator 1...................................................... 21
Changes and Corrections in 6.2 HF2................................................................................... 23
Changes and Corrections in 6.2 HF1................................................................................... 24
Changes and Corrections in 6.2 .......................................................................................... 24
New in 6.1.3 ......................................................................................................................... 29
Changes and Corrections in 6.1.3 Hotfix 4 .......................................................................... 29
Changes and Corrections in 6.1.3 Hotfix 3 .......................................................................... 30
Changes and Corrections in 6.1.3 Hotfix 2 .......................................................................... 30
Changes and Corrections in 6.1.3 Hotfix 1 .......................................................................... 31
Changes and Corrections in 6.1.3 ....................................................................................... 32
New in 6.1.2 ......................................................................................................................... 47
Changes and Corrections in 6.1.2 ....................................................................................... 47
Changes and Corrections in 6.1.1 ....................................................................................... 47
Changes and Corrections in 6.1.0 ....................................................................................... 51
New in 6.1.0 ......................................................................................................................... 54
Changes and Corrections in 6.0.1 ....................................................................................... 55
New in 6.0.1 ......................................................................................................................... 56
Changes and Corrections in 6.0.0 ....................................................................................... 56
New in 6.0.0 ......................................................................................................................... 58
Pointsec for PC 5 .................................................................................................................................. 58
Changes and Corrections in 5.2.2 ....................................................................................... 58
Changes and Corrections in 5.2. ......................................................................................... 59
Changes and Corrections in 5.1.3 ....................................................................................... 60
Changes and Corrections in 5.1.2 ....................................................................................... 60
New in 5.1.1 ......................................................................................................................... 60
Changes and Corrections in 5.1.1 ....................................................................................... 61
Changes and Corrections in 5.1 .......................................................................................... 61
New in 5.0 ............................................................................................................................ 62
1
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections in 5.0 .......................................................................................... 62
Pointsec for PC 4.1 Releases............................................................................................................... 63
Changes and Corrections in 4.1 SR 2.19.1 ......................................................................... 63
Changes and Corrections in 4.1 SR 2.19 ............................................................................ 63
Changes and Corrections in 4.1 SR 2.18 ............................................................................ 63
Changes and Corrections in 4.1 SR 2.17b .......................................................................... 64
New Functionality in 4.1 SR 2.17......................................................................................... 64
Changes and Corrections in 4.1 SR 2.17 ............................................................................ 64
New Functionality in 4.1 SR 2.16......................................................................................... 64
Changes and Corrections in 4.1 SR 2.16FT ........................................................................ 64
New Functionality in 4.1 SR 2.15......................................................................................... 64
Changes and Corrections in 4.1 SR 2.15 ............................................................................ 64
New Functionality in 4.1 SR 2.14......................................................................................... 65
Changes and Corrections in 4.1 SR 2.14 ............................................................................ 65
Changes and Corrections Made in Release 4.1 SR 2.1 ...................................................... 65
Changes and Corrections Made in Release 4.1 SR 2.0.4 ................................................... 66
Changes and Corrections Made in Release 4.1 SR 2.0.3 ................................................... 66
Changes and Corrections Made in Release 4.1 SR 2.0.1 ................................................... 66
Changes and Corrections Made in Release 4.1 .................................................................. 66
Changes and Corrections Made in Patch 4.0 SR 4.1 .......................................................... 66
Changes and Corrections Made in 4.0 SR 4.1 .................................................................... 66
Changes and Corrections Made in 4.0 SR 4 ....................................................................... 66
Changes and Corrections Made in Patch 4.0 SR 4 ............................................................. 67
Changes and Corrections Made in 4.0 SR 3.5 .................................................................... 67
Changes and Corrections Made in 4.0 SR 3.4 .................................................................... 67
Changes and Corrections Made in 4.0 SR 3.3 .................................................................... 67
Changes and Corrections Made in Patch 4.0 SR 3.3 .......................................................... 67
Changes and Corrections Made in 4.0 SR 3.2 .................................................................... 67
Changes and Corrections Made in Patch 4.0 SR3.1 ........................................................... 68
Changes and Corrections Made in 4.0 SR 3.1 .................................................................... 68
Changes and Corrections Made in 4.0 SR 3 ....................................................................... 68
Changes and Corrections Made in 4.0 SR 2.3 .................................................................... 69
Changes and Corrections Made in 4.0 SR 2.2 .................................................................... 69
Changes and Corrections Made in 4.0 SR 2.1 .................................................................... 69
Changes and Correction in 4.0 SR 1 and SR 2 ................................................................... 69
Features Introduced in Pointsec 4.0 .................................................................................... 70
Pointsec for PC 4.2 Releases............................................................................................................... 71
Changes and Corrections in 4.2 SR 1.8 .............................................................................. 71
Changes and Corrections in 4.2 SR 1.7b ............................................................................ 71
New Functionality in 4.2 SR 1.7........................................................................................... 71
Changes and Corrections in 4.2 SR 1.7 .............................................................................. 71
New Functionality in 4.2 SR 1.6........................................................................................... 71
Changes and Corrections in 4.2 SR 1.6FT .......................................................................... 71
New Functionality in 4.2 SR1.5............................................................................................ 72
Changes and Corrections in 4.2 SR 1.5 .............................................................................. 72
New Functionality in 4.2 SR 1.4........................................................................................... 72
Changes and Corrections in 4.2 SR 1.4 build 193............................................................... 72
Changes and Corrections in 4.2 SR 1.4 .............................................................................. 72
2
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections Made in Release 4.2 SR1.3 ....................................................... 72
Changes and Corrections Made in Release 4.2 SR1.1 ....................................................... 73
Changes and Corrections Made in Release 4.2 SR 1 ......................................................... 73
Changes and Corrections Made in Release 4.2 SR 0.4 ...................................................... 74
Changes and Corrections Made in Release 4.2 SR 0.3 ...................................................... 74
Changes and Corrections Made in Release 4.2 SR 0.1 ...................................................... 74
Changes and Corrections Made in Release 4.2 .................................................................. 74
Changes and Corrections Made in Patch 4.0 SR 4.1 .......................................................... 74
Changes and Corrections Made in 4.0 SR 4.1 .................................................................... 74
Changes and Corrections Made in 4.0 SR 4 ....................................................................... 74
Changes and Corrections Made in Patch 4.0 SR 4 ............................................................. 74
Changes and Corrections Made in 4.0 SR 3.5 .................................................................... 75
Changes and Corrections Made in 4.0 SR 3.4 .................................................................... 75
Changes and Corrections Made in 4.0 SR 3.3 .................................................................... 75
Changes and Corrections Made in Patch 4.0 SR 3.3 .......................................................... 75
Changes and Corrections Made in 4.0 SR 3.2 .................................................................... 75
Changes and Corrections Made in Patch 4.0 SR3.1 ........................................................... 75
Changes and Corrections Made in 4.0 SR 3.1 .................................................................... 76
Changes and Corrections Made in 4.0 SR 3 ....................................................................... 76
Changes and Corrections Made in 4.0 SR 2.3 .................................................................... 77
Changes and Corrections Made in 4.0 SR 2.2 .................................................................... 77
Changes and Corrections Made in 4.0 SR 2.1 .................................................................... 77
Changes and Correction in 4.0 SR 1 and SR 2 ................................................................... 77
Features Introduced in Pointsec 4.0 .................................................................................... 78
3
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Pointsec for PC 6
This section contains information on changes and corrections made in the previous releases
of Pointsec for PC (called Pointsec PC from 6.2 onward).
New in Release 6.3.1
The following new functionality and enhancements are included in Pointsec PC :
• This Release Notes covers both the EW version and the MI version of Pointsec
PC.
• The way Pointsec PC groups and user account groups inherit the values of
settings has changed, and the way specified values, default values, and effective
values work has also changed. See the Administrator’s Guide for more
information.
• How updates to the recovery file are triggered, and how Pointsec PC writes
recovery files locally and to shares has changed. See the Administrator’s Guide
for more information.
Changes and Corrections in 6.3.1 HFA3
The following items were corrected in Pointsec PC 6.3.1 HFA3:
ID
453353
About
Token removal
handling failed
intermittently.
Details
Token removal handling was not consistent. When
unplugging an Aladdin Etoken PRO 32K, the workstation
was not locked if the etoken was ejected within less than a
minute after its insertion.
453083
HP Compaq 6910p
blue screened
intermittently in
preboot.
An unrecoverable error occurred intermittently in preboot
on HP Compaq 6910p Notebook laptops.
452953
Unable to tab the
cursor to ‘Show Log’
in the preboot
environment.
After passing preboot authentication, user was unable to
tab to 'Show Logs'.
452786
Windows Logon
User Interface Host
crashed upon
eToken PRO logon.
An application error occurred, terminating Windows Logon
User Interface Host when using PKI Client v4.55 for
eToken PRO 32k and Aladdin eToken PRO 32K drivers.
452774
A "Missing" error
was displayed in the
single sign-on (SSO)
dialog.
When choosing a language that is not a Legacy language
and logging in with a user (SSO enabled) you would get a
"Missing" error in the SSO dialog instead of the translated
text.
452684
The “slash” special
character (/) on the
numeric keyboard
did not work
properly.
If you used de-DE/sv-SE in PBE and typed the a slash (/)
on the numeric keyboard, you got a dash (-). If you enable
NumLock, you got an underscore (_).
452682
Characters were
missing in the
French keyboard in
preboot.
Various characters were missing from the French keyboard
layout in preboot, and the keys of the virtual keyboard were
empty.
4
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
452675
About
Caps Lock was not
available with
Japanese keyboard
in PBA.
Details
When Japanese keyboard was specified in PBA, the user
could not activate "Caps Lock".
452665
Removing a user
failed to trigger the
writing of a new
recovery file.
Deleting a user would fail to trigger the writing of a new
recovery file even though the user had been deleted from
the machine.
452653
Use of tab key in
WebRH
Challenge/Response
not obvious.
Some customers were confused by the use of the tab key
during the challenge/response interaction when receiving
remote help.
452629
AES algorithm was
used instead of
Blowfish.
The AES algorithm was used for encryption when Blowfish
had been specified in a silent installation profile and an
algorithm-specific license was used..
452563
Error issued when
installing the
MSRC.MSI or
InstallRRU.msi
before the Pointsec
PC installation had
completed.
An error was issued if the MSRC.MSI or InstallRRU.msi
files were installed before the Pointsec PC installation had
completed with a restart of the computer after the Pointsec
PC installation.
452558
Unable to
change/set Windows
XP welcome screen
after Pointsec PC
had been
uninstalled.
After Pointsec PC 6.1.3 was uninstalled, the error
message was displayed while trying to change setting in :
Control Panel -> User Accounts -> Change the way users
log on or off]
452529
License handling Some Pointsec for
PC 4.x license
numbers were not
accepted in 6.x
upgrade profiles.
Customers were prevented from using their Pointsec for
PC 4x license numbers in upgrade profiles.
452360
The ‘Disable expire
date’ checkbox did
not work if the user
account had expired.
Once a user account had expired, it was not possible to
disable the expiration date by selecting the ‘Disable expire
date’ checkbox.
452359
Not possible to
disable expire date
from group level.
It was not possible to remove the expiration date of a user
account at the group level. This would have made it
impossible to manage users created from temp users on
the group level.
452358
An expired account
behaved
inconsistently in
Windows.
If you provided remote help to an expired account, the
account had access to Windows, but after Windows logon
a dialog was displayed saying that the account has expired
and the account was logged out of Windows after a couple
of seconds or after several minutes. In addition, if you
clicked OK on the ‘Your account has expired’ dialog, you
would still be able to logon to the machine to work for
Error Message: ‘A recently installed program has disabled
the welcome screen and fast user switching. To restore
these features, you must uninstall the program. The
Following file name might help you identify the program
that made the change: msgina.dll’.
5
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
several minutes (perhaps hours) before the dialog
appeared again.
452336
An old password was
accepted after the
first authentication.
If case sensitivity was set to 'No' for a user group, and a
new user account was created and the ‘Force change of
password at next logon’ box was selected, the password
that was initially used could be used at the next logon.
452305
PPBE did not
respond immediately
to space key input.
In the preboot authentication when entering a user account
name that contains a space character, PPBE did not
respond immediately to the space keystroke. It seemed as
if nothing occurred. However, when you press another key,
the stored space character was displayed.
452275
'Set Temporary
Lockout Time'
became
'2147483647' in a
converted installation
profile.
When installing Pointsec PC 6.3.1 with a converted
installation profile created in Pointsec PC 6.1.3, even
though 'Set Temporary Lockout Time' was set to 'Disabled'
in the original profile, the temporary lockout time was set to
'2147483647' after conversion.
452268
Slaving of a hard
disk drive was
allowed when the
Allow Hard Drive To
Be Slaved setting
was set to ‘No’.
A hard disk drive encrypted with Blowfish could be slaved
on an AES-encrypted machine and accessed without the
Allow Hard Drive To Be Slaved setting being set to Yes.
452156
An update profile
based on an
installation profile
was not imported.
An update profile based on an installation profile was not
imported from the Work folder. No log entry was produced.
452081
The word
"Credentials" was
misspelled in the
PCMC.
The word "Credentials" was misspelled in the PCMC’s
‘Change credentials’ dialog.
452005
Unable to use the
keyboard or mouse
in PBE on an Acer
TravelMate 6410.
Customers were unable to use the keyboard or mouse in
PBE when turning USB = ON in Pointsec PC. No options
were available in the BIOS for ‘USB legacy support’.
451712
HP 6220 smart card
reader not working.
The smart card reader built into the HP 6220 did not work
when either PCMCIA was enable or when it was disabled.
451701
SSO fails on Vista
when using the ‘@’
character in the Vista
username.
SSO failed on Vista when using the ‘@’character in the
Vista username. The operating system seemed to loop.
451608
The volume
protection
information was
missing from an
installation profile
based on an update
profile.
The volume protection information was missing from an
installation profile based on an update profile. If the profile
was saved, no warning was displayed about volume
protection not being set, and if this profile was used to
install, it failed with the error: 'Disk Configuration not
Supported'.
416025
Centrallog.exe
crashed
intermittently.
The Centrallog.exe crashed intermittently, and the crash
led to corruption of the database after the next reboot.
6
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
408057
About
Windows Integrated
Logon did not shut
down the machine in
a timely manner.
Details
Windows Integrated Logon did not shut down the machine
in a timely manner: after a failed logon, the machine would
hang if the message box was not acknowledged. Nor
would it reboot immediately.
407825
Problem booting
from Bart PE.
When using Bart’s PE with a new filter driver for Pointsec
PC 6.3.1.and booting directly to the Bart disk, the machine
would blue screen.
400068
An unhandled
exception would
occur when creating
a new profile.
An unhandled exception would occur when creating a new
profile, immediately after configuring a new set and clicking
‘Finish’.
399604
The encryption
status text in
Japanese was
confusing when
booting from a
recovery disk.
The encryption status in Japanese was confusing when
booting from a recovery disk. This was an error in the
translation from the English.
399343
An USBSTOR error,
Event ID 6, was
logged in the
Windows event
viewer (system log)
every time a user
inserted a USB
memory stick.
An USBSTOR error, Event ID 6, was logged in the
Windows event viewer (system log) every time the user
inserted a USB memory stick on a Pointsec PC-protected
system.
396303
The Windows event
log settings could not
be changed or saved
due to missing
registry entries.
The Windows event log settings could not be changed or
saved because all the registry entries that are required for
the Windows event log to work properly were not created.
N/A
Deploying Pointsec
PC 6.x with a
software deployment
tool that installs
under the local
machine’s system
context
When deploying Pointsec PC 6.x with a software
deployment tool that installs under the local machine’s
system context, a problem could occur when executing the
CheckProfile custom action. The problem was specific to
XP SP2 because certain changes to DCOM permissions
were introduced with XP SP2. The problem was caused by
an InstallShield InstallDriver account that was set to run as
the interactive user rather than as the launching user.
Changes and Corrections in 6.3.1 HFA2
The following items were corrected in Pointsec PC 6.3.1 HFA2:
ID
452773
About
SSO credentials not
cleared after 4 min.
Details
When using a Windows legal notice functionality or thirdparty application at logon, the SSO session was not
cleared if halted during a process longer than 4 min. This
has now been corrected.
452772
Possible for remote
desktop session to use
SSO session (Vista).
When connecting to a Windows Vista Client with SSO in
progress, you were able to logon with SSO credentials via
remote desktop. This has been corrected so that a remote
desktop must use the normal Windows authentication.
7
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections in 6.3.1 HFA1
The following items were corrected in Pointsec PC 6.3.1 HFA1:
ID
About
Details
452256
Upgrade from Pointsec The following scenario will produce the problem:
5.x to 6.2 HFA1
1. Before applying the upgrade package make sure that
freezes prior to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
completion.
s NT\CurrentVersion\Winlogon -> "GinaDLL" is set to
something other than pssogina.dll, for example, msgina.dll
2. Start the upgrade from Pointsec 5.x to 6.2 HFA1 (set
UpdateSSO=0 in precheck.txt in the 6.2 package).
3. During upgrade, Pointsec PC will freeze.
Customer environment:
- Pointsec PC 5.x
- McAfee HIP (Host Intrusion Prevention). McAfee suite to
prevent access to McAfee registry keys.
452232
Certain special
characters do not work
in the preboot
environment with
Canadian English
language.
When the PC is set to English Canada language, you are
not able to use some of the special characters in preboot.
If you try to type them, it will not show the character you
are typing. The following characters do not work
{}",/<>=?@
If you use the Virtual keyboard with the en-CA setting,
(English Canada) instead of a physical keyboard, the
following characters are available and can be used
",/<>=?
The same issues is found with DE-AU (German Austrian)
keyboards.
452198
Password history is
case insensitive.
Environment: The 'Password History' setting is set to
greater than 1, and password is set to be case sensitive.
When the user changes the password to something which
is only a change of case from the previous password (for
example, 'passWORD' => 'PASSword'), it is not accepted.
It seems to be recognized as an existing password in the
password history. However password is set to be case
sensitive so it should be treated as a brand new password.
The following text has been added to the Administrator’s
Guide: Pointsec PC’s Password History function does not
consider case sensitivity when assessing password
uniqueness. Thus, if you change a password that is
recorded in Password History by changing only the case of
one or more of its letters, it will not be accepted as unique,
and therefore that altered password will not be allowed.
452191
Customer name found
in PTD.INF file.
The customer name is erroneously found in a Pointsec PC
token driver file, PTD.INF.
452173
Installing Pointsec PC
6.3.1 on a Dell XT
Tablet fails.
When installing Pointsec PC 6.3.1 on a Dell XT Tablet, the
installation stalls when installing the system code.
452163
Invalid Profile causes
exceptions in PCMC.
An install profile causes problems after install.
The following scenario will produce the problem:
1) Install version 6.3.1 with a profile that has an erroneous
8
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
“Set Max Failed Logons” value.
2) In Windows, start PCMC and go to Local.
3) You will receive a error.
4) Press OK and you will get access to the Local settings
but both buttons on bottom right are blank.
452011
It is possible to find the
encryption key in RAM
after system shutdown
(if done within x
minutes.).
Data in DRAM actually fades out gradually over a period of
seconds to minutes after the system shuts down. This
enables an attacker to read the full contents of memory by
cutting off power and then rebooting into a malicious
operating system. When the memory content has been
dumped, it can be analyzed; and by using a known
algorithm it is possible to find the expanded partition key in
memory. When a probable key is found, it could be used to
try to decrypt a sector from the encrypted disk, and since
this can be automated with a tool there is a high risk that
the correct encryption key can be found.
451958
Driver may overrun
memory at startup.
When the system boots (from scratch or from hibernation),
the driver may be interacting with memory which is not
within the driver’s scope. This can cause unexpected
behavior such as a stop error (BSOD).
451815
SideBySide errors are
listed in the event
viewer during
installation.
SideBySide errors appear in the event viewer during
Pointsec PC installation. They are caused by a Microsoft
Visual Studio Manifest bug. Workaround: install the latest
Visual Studio Service Pack on the client machine before
installing Pointsec PC.
451555
If USB is enabled in
Pointsec PC, the
computer will hang
after the Pointsec PC
progress bar is
displayed.
If USB is enabled in Pointsec, the computer will hang after
Pointsec progress bar is displayed. Even if USB legacy
support is disabled in the BIOS, it will still hang with a black
screen after the Pointsec PC progress bar is displayed.
The following scenario will produce the problem:
1. Install Pointsec PC 6.2 HFA1 with smart card drivers
(set USB to Yes).
2. Reboot, then get the Pointsec PC system code
installation, then do a second reboot.
3. The progress bar will appear and load.
4. After it is loaded, it will halt with a black screen.
Environment:
Toshiba Tecra M9, but the problem has also been reported
on other Toshiba models such as the A200 and the A8.
Pointsec PC 6.2 HFA1
451499
Remote Help (RH)
challenge code
becomes <invalid>.
If the name of a Remote Help (RH) helper account is
identical to one of the group names, the challenge code
becomes <invalid>.
Example 1:
System Group :SYSTEM
User account 1 : SYSTEM (helper account)
User account 2 : ADMIN
9
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
User Group: USER
User account 1 : POINTSEC (RH recipient) --> challenge
code becomes <invalid>
Example 2:
System Group :SYSTEM
User account 1 : USER (helper account)
User account 2 : ADMIN
User Group: USER
User account 1 : POINTSEC (RH recipient ) --> challenge
code becomes <invalid>
NOTE: This problem occurs only when the group name is
all in uppercase. If the group name is "System" or "User",
RH works.
451427
Prevent duplicate
GUIDs when saving
profiles.
It is possible to create two (or more) users with the same
GUID when creating profiles. This is now prevented in the
“sanity check” dialog prior to writing the profile to disk.
399939
AcvtivIdentity ActivKey
V2 is not recognized in
PBA.
The following scenario will produce the problem:
1. Install the elements listed below, and ensure that the
smart card is recognized in Windows and in Pointsec PC.
2. Define a smart card user account and choose the
certificate.
3. Reboot with the smart card inserted.
4. There is no PIN dialog; the smart card does not work in
PBA.
Environment:
XPSP2
ActivClient_5.4_bn457
ActivIdentity Device Installer 2.1 x86 (BN 12)
Pointsec PC 6.2.0 HFA1 (1226)
Smart card:
ActivIdentity ActivKey V2
Axalto Cyberflex Access 64K V1 SM 2.1
Pointsec PC drivers installed:
Ac_p11.bin
ActivKey.bin
399707
The “Smart Card
Triggers Windows
SSO logon” setting
fails to work.
The “Smart Card Triggers Windows SSO logon” setting
does not work. Enabling the setting should trigger SSO for
the smart card user account, but it does not.
The following scenario will produce the problem:
1. Install Pointsec PC 6.2 HFA1.
2. Create a smart card account and confirm that it works.
10
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
3. Enable the "Smart Card Triggers Windows SSO logon"
setting for the smart card user account.
4. Reboot the machine. When logging on to Windows, the
user will be asked to enter account/password. SSO does
not work.
399093
Upgrade from Pointsec
for PC 4.x not aborted
when the MSI is
executed manually.
Upgrade from 4.x/5.x is normally performed via the 4.x/5.x
upgrade functionality. In this case the upgrade is triggered
by storing an upgrade package in the work folder/software
update folder on an installation.
It should not be possible to perform an upgrade by
executing the Pointsec PC MSI package (which is part of
upgrade packages) manually. When this is done on a 5.x
installation, the upgrade is aborted with an MSI error
dialogue. However, on a 4.x installation the upgrade
progresses quite far (at least if an upgrade profile is
available), for example, the upgrade fails during the
recovery file handling.
398155
(10341)
398122
USB keyboards do not
work when “Legacy
USB Support” is
enabled on Hewlett
Packard Compaq
dc7700 Small Form
Factor PCs.
When “Legacy USB Support” is active in the BIOS on a
Hewlett Packard Compaq dc7700 Small Form Factor PC,
USB keyboards do not work.
'Record New
Credentials' dialog box
is not displayed when
SSO is re-enabled.
When SSO is disabled and then enabled again, a 'Record
New Credentials' dialog box should be displayed. But
under Windows Vista it is not displayed.
Workaround: (1) Disable USB Legacy Support in the BIOS,
or (2) use a PS/2 keyboard, or (3) connect a USB
keyboard and a PS/2 keyboard (and both will work).
The following scenario will produce the problem:
1. Install P4PC 6.2 on Windows Vista.
2. Enable SSO for a user account.
3. Restart the PC, and login as the user account with SSO
box selected.
4. At Windows startup, the SSO welcome screen is
displayed.
5. After logging onto Windows, restart the PC.
6. Login at PBA as the same user, account but this time
with the SSO box cleared.
7. After logging into Windows, restart the PC.
8. Login as the same user account, selectng the SSO
check box again to re-enable SSO.
9. The 'Record New Credentials' dialog box should be
displayed, but it is not. The- user account is logged onto
Windows directly.
380812
Logs are one hour
behind in PCMC.
When viewing logs in management console (PCMC), the
logs are incorrectly an hour behind the correct time. But if
the logs are exported to a CSV file they are correct.
11
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections in 6.3.1
The following items were corrected in Pointsec PC 6.3.1:
ID
About
Details
399639
SSO chain is lost while When a user attempts to use SSO functionality in offline
logging on in NOVELL mode in NOVELL, the entire SSO chain is lost. First, the
in offline mode.
user receives verification that the SSO chain is working
while connected to NOVELL. But if a user then unplugs the
network cable and tries to log on in offline mode, the SSO
chain is lost for the online mode, and SSO does not work
at all in offline mode.
The scenario that produces the error is:
1. Install Novell 4.90 SP2.
2. Install Pointsec for PC 6.2 HFA1.
3. Enable SSO and set 'Synchronize Windows Password'
to Yes.
4. Verify that you have a working SSO chain when the
network cable is plugged in.
5. While in Windows and connected to Novell, press
Ctrl+Alt+Delete and change the password.
6. Shut down the computer.
7. Unplug the network cable.
8. Start the computer, enter credentials in Pointsec, and
verify that SSO is selected.
9. The system halts at the NOVELL log on; choose to log
on with a local account.
10. A Pointsec message appears prompting for 'Enter
Pointsec password to Sync with Windows password'.
11. Enter the password.
12. Windows loads, and the SSO chain should be saved
(but no message confirming this is displayed).
13. Restart the computer, and log on to Pointsec.
14. The system now halts at the NOVELL log on, thus SSO
is not working. The same is true if you plug in the network
cable and reboot, the SSO chain has been lost.
399570
(see
399566)
The "Don't show this
message again"
checkbox in the PPBE
WIL message dialog
box is active even
when it has not been
checked.
If the user enables the "Bypass PPBE WIL Message"
setting in the PCMC, the PPBE WIL message dialog will
not be displayed during the next PBA even if the user has
not selected the "Don't show this message again"
checkbox in the PPBE WIL message dialog box during the
previous preboot authentication (PBA).
12
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
399566
(see
399570)
About
PPBE Failure WIL
Message continues to
be displayed.
Details
The scenario that produces the error is:
1. Set the following.
Windows Integrated Logon: "Enabled".
Set PPBE Failure WIL Message to: "Test!".
Enable Network Locational Awareness: "Yes".
Set Network Locations: "with an IP".
2. Reboot the PC and see that WIL is working.
3. Disconnect the PC from the network.
4. Reboot the PC --> After Windows authentication, PC
shut down.
6. Reboot the PC
7. PPBE Failure WIL Message is displayed at PBA -->
Login.
8. Check that WIL is disabled and reboot the PC.
9. PPBE Failure WIL Message continues to be displayed.
399565
Intermittent Error code
0x5001400 leading up
to tray-crash.
Intermittently after Windows authentication, the customer
gets an error message, code 0x5001400, and the P95Tray
crashes right after that.
In the Windows Event Viewer, there is only one error
logged:
plantage de P95tray : (French)
> Faulting application P95tray.exe, version 6.0.2.1207
faulting module
> [...] fault address 0x0004F485.
399554
WIL - One-time logon
does not enable WIL.
The "Enable WIL" switch does not work with one-time
logon.
The scenario that produces the error is:
1) Set "Max failed logon attempts" to 5.
2) Fail to login to Windows 5 times (the computer will
shutdown).
3) Boot up machine, PPBA will be enabled.
4) Select the "Enable WIL" switch; then provide one-time
logon remote help to the user.
Outcome: WIL will still be disabled after next reboot.
13
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
399510
About
If changing UVP after
upgrade to HFA1,
profiles are not
accepted.
Details
The scenario that produces the error is:
if you upgrade 2 machines having the same UVP, to HFA1,
open up the PCMC, you are then prompted to set your
UVP.
If you set the UVP to a NEW password, and don't reuse
the old UVP, the profiles created will not be accepted.
Machine A and B are installed with same UVP
Machine A and B are upgraded from 6.1.3 to 6.2 HFA1.
PCMC is opened on machine A.
Admin gets prompted to set a UVP.
If the password is a brand new one, machine B will not
accept the update profiles from machine A.
Machine B will only accept profiles from machine A if the
UVP is set to the 6.1.3 UVP...
399463
Slow keyboard in
PreBoot
Authentication.
Keyboard response is slow in PreBoot Authentication, and
this results in the user entering the wrong credentials.
This problem has been reported as occurring on the
following computers:
- OEM / Manufacturer: Dell
- Model: D620
- Processor: Intel Centrino Duo T2400 @1.83GHz
- Graphics: Nvidia Quadro NVS 110M
- Memory: 2048 MB
- BIOS Version: A08
and
IBM/Lenovo T40.
399409
Pointsec PC
installation failure on
Sony Vaio.
On certain hardware, it has been found that, after
installation of Pointsec PC, the system can crash during
Vista’s start sequence.
The unrecoverable error occurs:
1. On the first reboot after Pointsec PC installation, or
2. After several (less than 10) reboots after Pointsec PC
installation, or
3. On the 6th reboot after Pointsec PC finishes encrypting
the HDD 100%.
Environment:
Hardware model: SONY VGZ-SZ94NS and SONY VGZSZ93NS
Number of disk: 1
14
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
Number of partition: 1
OS: Windows Vista
Timing of error: while Windows is loading.
399307
The Windows Screen
Saver Timeout setting
is enforced although it
is set to “disabled” in
management console
(PCMC).
This issue seems to occur only in Windows XP. It does not
occur in Windows Vista.
The scenario that produces the error is:
1. Install P4PC.
2. Set 'Allow Windows Screen Saver' to Yes in the Local
settings.
3. Check that by default, Set Screen Saver Timeout is set
to 10 minutes for the logged in user.
4. Select 'Disabled' in the check box in the 'Set Screen
Saver Timeout' window, in order to disable the timeout
setting.
5. In Windows, change screen saver to 'Windows XP' and
set the timeout to 9 minutes.
6. Reboot the PC.
7. Even though Set Screen Saver Timeout setting is
disabled, 'Windows XP' screen saver timeout is reset to 10
minutes.
399147
Converting a
temporary user
account to a normal
user account whose
name consists of only
a single space.
When converting a temporary account to a normal
account, the new user account name can consist of only a
single space character, even though a space is not one of
the special characters that is allowed. This user account
that is created is unable to receive remote help.
The scenario that produces the error is:
1. Install 6.2 HFA1 and create a temporary account.
2. Login as the temporary account, and when prompted for
a new username set it as a single space character (space
is not visible on the screen, but it is accepted).
3. From next reboot, logging in as this user is possible if a
single space is entered in the username filed.
399075
Changing 'Name and
Authentication' of an
upgraded legacy
account causes an
unhandled exception.
A customer has P4PC 5.2.3 installed on their client PCs,
and they are trying to upgrade to version 6.2. They want to
control individual legacy user accounts in PCMC after the
upgrade. And they want to deploy an update profile that
changes the authentication method of an upgraded legacy
account.
The scenario that produces the problem is:
1. Create an upgrade profile in 6.2 PCMC.
2. In this upgrade profile, add a legacy account giving it the
same account name as the v5.2.3 user account. Set
upgrade action as 'upgrade'.
3. Create an update profile based on this upgrade profile.
4. Right-click on the legacy account, and choose 'Name
and Authentication' in order to change authentication
15
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
method.
5. Unhandled exception occurs.
6. Therefore it is not possible to change the authentication
method of an upgrade legacy account using an update
profile.
398985
The Management
Console (PCMC)
displays English, even
though "operating
system" is selected on
Japanese OS.
The scenario that produces the error is:
1 Install Pointsec PC 6.2 on a Japanese Windows XP
machine.
2 Select "Operating System" as language (it is selected by
default).
3 Open the Management Console, and all menus are in
English.
Environment info:
VMware workstation 6.0.0
Windows XP SP2 Japanese.
398299
Token removal and
Novell client issue.
Description:
A token user is logged on with SSO from preboot and Lock
computer is selected under Token Removal Handling .
When the token is removed from the computer, two lock
screens appear. Pointsec PC’s and Novell’s. The active
window changes 10 times a second so it is difficult to enter
the token PIN.
The scenario that produces the error is
-Install Pointsec 6.2 and Novell Client 4.91 SP3.
-Setup a token user that uses SSO.
-Enable Token Removal Handling and choose “lock
computer when token is removed”.
-Remove the token.
- Now two lock screens appear.
Environment info:
Windows XP SP2
Alladin E-Token 32
Novell Client 4.91 SP3.
398279
P95tray.exe error
when enable export of
status to file in Install
settings on Win2k.
The scenario that produces the error is:
Enable export of status to file in the Install settings, (the
user has administrator privilege to the log path).
At the next reboot, an application error message is
displayed immediately after desktop is displayed.
The status file is not created.
16
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
(The above scenario works fine with Windows XP and
Vista.)
Environment info:
Pointsec PC 6.2
Windows 2000 SP4 Japanese + UR1.
398269
Memory leak.
The psutil.dll leaks memory when logs are fetched.
398165
PC does not shut
down by WIL
(Windows Integrated
Logon) when a user
exceeds the max failed
logon attempts if this
value is set to 1 or to
255.
When WIL'S Max Failed Logon Attempts is set to the value
1 or to 255, the machine will not shut down when user
exceeds the specified maximum number of logon attempts.
The scenario that produces the error is
1 Enable WIL.
2 Set "Set Max Failed Windows Logon Attempts" to 1.
3 Try to fail 2 times when logging on to Windows.
4 Machine will not shut down.
This issue ONLY occurs when the value is set as 1 or 255.
Environment info:
Windows XP SP2 Japanese version
[Japan support] NEC VERSAPRO VJ17F/RF-X
[Partner's environment] Hitach ILIOS F8000II.
398160
PC does not reboot
when the WIL Max
Windows Logon
Attempts limit is
exceeded after
resuming from
hibernation.
The scenario that produces the error is
1. Install Pointsec PC 6.2
2. Wait until all volumes are fully encrypted.
3. Open the PCMC and enable WIL.
4. Reboot the machine. Confirm that WIL works.
5. Hibernate the machine.
6. Turn on the machine again to resume the OS.
7. Keep trying to fail when logging on Windows. It will not
reboot or shutdown even if it exceeds the limit for Windows
Logon Attempts (default is 5).
Environment info:
Windows XP SP2 Japanese
NEC versapro VF17F/RF-X.
398107
'Helper Challenge' field
is not cleared by
Refresh button.
In the Pointsec PC 6.2 Management Console Remote Help
window:
If the helper uses a dynamic token to authenticate, the
'Helper Challenge' and 'Helper Response' fields are
17
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
displayed in 'Step Three'.
The value in 'Helper Challenge' field is not cleared when
the Refresh button is clicked.
All other fields are correctly cleared when navigating to and
from other tabs and when the Refresh button is clicked.
Environment info:
VMware Workstation 6.0
Windows XP SP2.
398052
Click “Create
Recovery Media” in
the Set Information
window triggers an
unhandled exception
message.
If you click “Create Recovery Media” in the Set Information
window, you will get unhandled exception message. You
can continue or close the application from this dialog.
398028
Japanese characters
in the PPBE WIL
failure message are
not displayed correctly.
Japanese characters in the specified WIL message are not
displayed correctly.
The following scenario reproduces the problem:
1 Open the PCMC.
2 Navigate to Local > System Settings > Windows
Integrated Logon.
3 Edit the Set PPBE Failure WIL message, entering
Japanese characters.
4 Click OK and close PCMC.
5 Open PCMC and navigate to the same setting again.
6 The characters in the Japanese WIL message are not
displayed correctly.
Environment info:
VMware workstation 6.0.0 build-45731
Windows XP SP2 Japanese version.
18
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
397990
About
After updating a
temporary smart card
account with the
relevant smart card
and certificate, the
user cannot log on.
Details
After a temporary smart card user has updated the account
in Windows using his/her smart card and certificate, that
user is no longer able to log on.
The following scenario produced the error:
1. Create temp smart card user.
2. Logon in PPBE using temp smart card user.
3. Change credentials and get the confirmation that the
certificate has been updated.
4. Reboot and try to log on in Pre-boot.
5. Depending on the card you get "invalid logon" or "trouble
accessing the card".
Works fine for normal smart card users.
Environment info:
Pointsec PC 6.2.01108 & 6.3.1.1211 Windows XP SP1
Oberthur 5.2/AuthentIC Manager 2.8.0.0
Aladdin eToken Pro 32-bit/CRT 3.65.
397892
Upgrading from an
Upgrade Path fails
intermittently when
using a service start
account.
When upgrading Pointsec PC 6.2 to Pointsec PC 6.3.1
from a share specified in the Upgrade path, the upgrade
fails intermittently when using a service start account.
397836
Legacy user accounts
with the authority level
Admin are not
removed during
upgrade from 4.x/5.x.
If inline editing is used to set the parameter Upgrade
Action to Remove in the PCMC, legacy user accounts
with the authority level Admin are upgraded instead of
being removed.
The problem is caused by errors in the language files for
the PCMC.
Note: legacy user accounts with the authority levels
Sysadmin and User are not affected by this issue.
The following three workarounds are available:
1. Double click on the parameter Upgrade Action and
select Remove in the dialog that is displayed.
When the dialog is closed, the value will be displayed as
Ignored. However, the actual value set in the profile will
remove the user accounts during upgrade.
2. Use French in the PCMC. This works because the issue
is not present in the French language files.
3. Use an update profile to remove the legacy user
accounts that have the authority level Admin after the
upgrade.
19
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
397778
About
Cannot open a 6.0.0
profile in 6.2.
Details
A Pointsec for PC 6.0.0 profile cannot be opened in
Pointsec PC 6.2. But Pointsec for PC 6.1.1, 6.1.2, and
6.1.3 profiles can all be opened in Pointsec PC 6.2.
Workaround: open the 6.0.0 profile in Pointsec for PC
6.1.1, 6.1.2, or 6.1.3, save it; and then open it in Pointsec
6.2.
397766
‘Windows Integrated
Logon’ does not work
together with
‘Hardware Hash’ on
certain machines.
‘Windows Integrated Logon’ does not work together with
‘Hardware Hash’ on IBM T60 or IBM T42 computers.
397325
Pointsec crashes
when installing on a
computer which has
multiple HDDs of
different types.
Pointsec does not support multiple HDDs of different drive
types (ex. IDE + SCSI).
Pointsec for PC crashes (Error code:0x5000d2d) at the
initial reboot after P4PC 6.1.3FH1 installation on a
machine with multiple HDDs of different drive types (for
example,. IDE and SCSI). Without the SCSI, Installation
and Encryption complete without a problem.
Environment:
Machine: Built-in IDE disk and SCSI HDD (connected with
SCSI board)
Drives
C: Boot protect only?@(IDE)
D: Boot protect and Encryption (IDE)
E: Boot protect and Encryption (SCSI)
Machine: Built-in IDE disk and SCSI HDD (connected with
SCSI board).
395533
(7677)
Wake on LAN does
not work on NEC
VersaPro VJ17.
Wake on LAN does not work on NEC VersaPro VJ17.
9364
Only a maximum total
of 10 volumes can be
protected by Pointsec
for PC.
Currently only a maximum of ten volumes can protected
with Pointsec for PC.
7677
(395533)
Wake on LAN does
not work on NEC
VersaPro VJ17.
Wake on LAN does not work on NEC VersaPro VJ17.
New in Pointsec PC 6.2
The following new functionality and enhancements are included in Pointsec PC 6.2. For more
information on the new functionality, please refer to the Administrator’s Guide.
•
Upgrade from Pointsec for PC 4.x & Pointsec for PC 5.x
o It is now possible to upgrade from versions 4.x.x and 5.x.x to Pointsec PC 6.2.0.
•
Extended operating system support. Pointsec PC 6.2.0 supports the following operating
systems:
o Microsoft Vista 32-bit support
20
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
o
o
Microsoft Windows XP tablet edition
Microsoft Windows Server 2003 (on workstation hardware only).
•
Support for virtual keyboard in PPBE
o Authentication to the Pointsec PC preboot environment is now possible by means
of a pointing device.
•
Token removal and re-insertion handling
o It is now possible to configure Pointsec PC actions to be taken if a smart card is
removed by the user.
•
Token and certificate uniqueness handling
o Pointsec PC can differentiate between Aladdin E-tokens even if the certificate on
the tokens is identical.
•
Log protection with authentication
o The option to enforce password authentication to view logs now exists.
•
Pointsec Service account
o It is now possible to configure a Pointsec Service start account from within
PCMC.
•
Password synchronization (both ways)
o Password synchronization now works in both directions.
ƒ Windows to Pointsec PC preboot
ƒ Pointsec PC preboot to Windows.
•
System setting password policy
o Password policy for passwords used on system level (i.e Update Validation
Password) implemented.
•
Group Authority Level
o Group Authority Level allows you to control what settings/permissions are granted
to a group and the users bellowing to that group.
•
Windows Integrated Logon Tampering awareness
o Pointsec PC can now be configured to require preboot authentication if hardware
changes on a system running Windows Integrated Logon are detected.
•
Windows Integrated Logon Localization awareness
o Pointsec PC can now be configured to require preboot authentication based on
available IP addresses.
•
New localized languages
o Polish, Thai, and Hungarian are now available in the Pointsec PC preboot
authentication.
•
Key Import
o It is now possible to import seed for the creation of partition keys.
•
Certificate creation tool
o Pointsec PC self-signed certificate capability is now available.
•
Improved set configuration management
o Improved usability in connection with set configuration.
•
Pointsec PC supports using the Tablet PC pen in preboot on the following systems:
o IBM X41
o HP TC 1100
o HP TC 4200
o Toshiba Portégé M200.
Changes and Corrections in 6.2 HotFix Accumulator 1
The following items were corrected in Pointsec PC 6.2 HotFix Accumulator 1:
21
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
10619
About
P95_tray.exe can
crash in Win 2000
Details
After installing Pointsec PC 6.2 using a profile, the
P95_tray.exe will crash in Windows.
10430
Machine randomly
crashes when PME,
McAfee software,
and Pointsec PC are
installed on the
same system.
When PME, McAfee software, and Pointsec PC are
installed on the same system, the machine randomly
crashes with Blue screen 0x00000024.
10429
Temporary smart
card user is not able
to logon after
associating with a
certificate.
When the setting Token Insertion/Removal Handling is
enabled, the following happens: a temporary smart card
user logs on in PPBE, changes credentials, and receives
confirmation that the certificate has been updated. But
when the user reboots attempts to logon in PPBE,
depending on the smart card used, logon fails; and the user
receives “Invalid logon” or “Trouble accessing the card”
messages.
10428
Double-byte
characters in a
temporary user
default username
cause a crash when
installing.
If P4PC is installed with a user whose Window username
contains double-byte characters characters, Pointsec PC
can crash during the Temporary user conversion process.
10427
Usernames that
contain a space
character cause an
unhandled exception
in the PCMC.
If you upgrade from an earlier P4PC version and have
users whose usernames contain one or more space
characters, an unhandled exception occurs if you try to
editing name and authentication for these users in the
PCMC.
10426
Group settings and
user settings could
be changed even
without the required
permissions being
specified.
A user with Create User Accounts or Create Group
permission could change even other user account and
group settings.
10425
Checkpoint start kit
license was not
working
Start kit license was not working with Pointsec PC 6.2.
10424
Smart card
differentiation does
not work with temp
smart card users
Smart card differentiation does not work when creating
temporary smart card users.
10423
An upgrade from
Pointsec for PC 6.x
to 6.2 fails with
critical system error.
A critical system error occurs and renders the PC
unbootable, when P4PC 6.1.3 HF4 is upgraded to 6.2 in a
Windows 2000 environment.
Now upgrade requirements (for example, UR1 for Windows
2000) are checked before the Windows files are upgraded,
and, if any checks fail, the upgrade is aborted.
10422
Uninstallation is
possible with only
one account and
one eToken
In P4PC 6.2, uninstallation is possible with only one system
administrator's account if a smart card is inserted.
10421
Upgrade from 6.x
version crashes with
27 or more groups
The MSI crashes during upgrade when the PPBE files are
upgraded. This happens only if the sum of all groups and
22
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
10405
and user accounts.
users is or has been larger than 27.
During upgrade to
6.2, PME stops
functioning.
When an upgrade from Pointsec Pc 5.x to 6.2 is performed,
PME stops working.
Changes and Corrections in 6.2 HF2
The following items were corrected in Pointsec PC 6.2 HF2:
ID
399385
About
Pointsec PC
installation failure on
Sony Vaio.
Details
On certain hardware, it has been found that, after
installation of Pointsec PC, the system can crash during
Vista’s start sequence.
The unrecoverable error occurs:
1. On the first reboot after Pointsec PC installation, or
2. After several (less than 10) reboots after Pointsec PC
installation, or
3. On the 6th reboot after Pointsec PC finishes encrypting
the HDD 100%.
Environment:
Hardware model: SONY VGZ-SZ94NS & SONY VGZSZ93NS
Number of disk: 1
Number of partition: 1
OS: Windows Vista
Timing of error: while Windows is loading.
How to Implement This Hotfix
Pointsec PC 6.2 HF2 must be installed on Pointsec PC 6.2 HFA1. You must have local
administrator permission to install Pointsec PC 6.2 HF2.
To implement HF2:
Install Pointsec PC HFA1. To make sure the Pointsec PC HFA1 installation is complete,
check the return code from the Pointsec PC.msi package – if the installation was
successful, the return code will be zero and you should proceed to the next step before
rebooting the machine after the installation of Pointsec PC HFA1.
Deploy and install this hotfix (HF2), see below.
This hotfix can be implemented in the following two ways:
Silent Implementation and Verification of Pointsec PC 6.2.0 HF 2
1. Run the P4PC_620_HF2.exe with the command flag [/s].
2. Restart the machine.
3. Verify the implementation by checking that the DWORD value ‘Hotfix’ in registry key
*HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC’ is
two (2).
23
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Manual Implementation and Verification of Pointsec PC 6.2.0 HF 2
1.
2.
3.
4.
Click the [Apply] button in the window displayed after clicking P4PC_620_HF2.exe.
A message box is displayed.
Restart the machine.
Verify the implementation by checking that the DWORD value ‘Hotfix’ in registry key
*HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC’ is
two (2).
Changes and Corrections in 6.2 HF1
The following items were corrected in Pointsec PC 6.2 HF1:
ID
10430
About
Heavy IO could
cause a machine to
crash with a blue
screen.
Details
This problem has now been addressed by pre-allocating
memory.
Changes and Corrections in 6.2
The following items were corrected in Pointsec PC 6.2:
ID
About
Details
9364
Only a maximum
Currently only a maximum of ten volumes can protected
total of 10 volumes
with Pointsec for PC.
can be protected by
Pointsec for PC.
8429
P95Tray.exe
crashes during
uninstall on multidisk machine on
which the volume on
the first hard disk
has only boot
protection (no
encryption).
The P95Tray.exe crashes during uninstallation when
Pointsec for PC 6.1.3 HF1 has been installed on a multidisk machine and the volume on the first hard disk has only
boot protection (no encryption). When uninstalling, the
P95Tray.exe crashes after the first reboot. The tray icon
displays decryption as 0% before the P95Tray.exe crashes.
Uninstallation will not continue from this point.
Workaround: it is possible to recover the encrypted
volumes using recovery media, and the remaining Pointsec
for PC components can be removed using Windows
Add/Remove programs.
8428
Resuming from
hibernation
malfunctions on a
machine with both
an SATA AHCIenabled hard disk
and a SCSI hard
disk.
Resuming from hibernation malfunctions on a machine with
both an SATA AHCI-enabled hard disk and a SCSI hard
disk. Such a machine was hibernated with text documents
and image files left open on the Windows desktop.
(Hibernation was enabled in Pointsec for PC, and the PC
was rebooted once before hibernation was attempted.) But
when the machine was resumed, Windows booted; and the
files left open on the desktop were closed.
Note: when AHCI is not enabled, hibernating and resuming
work correctly.
8373
Removing a group
by using an update
profile (.upp) causes
the p95tray
application on the
local machine to
crash.
The user account name of the deployed user on the local
system is not known, so the only thing the administrator
wants to do is to remove the group.
The following scenario reproduces the error:
1. Create local group X.
24
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
2. Create the user account in the local group X.
3. Create an update profile that removes group X.
4. Run the profile in the local "Work" folder.
The profile is deployed, and the group together with its
user(s) is deleted; but the P95tray application on the local
system crashes with an error message.
7946
Aladdin eTokens will
not work together
with 2048-bit
certificates.
Aladdin eTokens will not work together with 2048-bit
certificates in Pointsec for PC 6.1.3.
7895
Missing Pointsec for
PC message stating
that hibernation is
not allowed.
If hibernation is enabled in Windows only, not in Pointsec
for PC, you should get a Pointsec for PC message when
trying to hibernate the PC. The message "Hibernation not
allowed" is no longer displayed. Only the Windows
message is displayed.
7860
Logs that are not
deleted after
uninstalling Pointsec
for PC 5.x are not
overwritten.
Logs that are not deleted after uninstalling Pointsec for PC
5.x are not overwritten after installing Pointsec for PC 6.x.,
rather they are appended to the 6.x logs. Note that the 5.x
logs cannot be read in 6.x PCMC.
The following scenario will produce the problem:
1) Install Pointsec for PC 5.x.
2) Logs for version 5.x are written to your recovery share.
3) Uninstall Pointsec for PC version 5 (the logs are left on
the share).
4) Computer name is not changed.
5) Install Pointsec for PC v6.
6) The logs for 6.x are written, but the 5.x logs are
appended.
Workaround: Remove the central log and restart P95tray.
7777
"Ctrl+ALT+Del"
required to reaccess
machine after
installing and waiting
ca. 10 minutes to
reboot.
The following scenario produces this problem:
1) Install Pointsec for PC by running the Pointsec for
PC.msi.
2) Click "No" to the question "Do you want to reboot now?".
3) Wait about 5-10 min.
The error message "Error code: 0x5000d6e" appears, and
when dismissed, an empty screen is displayed.
You must press "Ctrl+ALT+Del" to be able to access the
PC again.
Note that once you have pressed "Ctrl+ALT+Del" and again
can access the machine, there are no problems with the
installation.
7713
Invalid challenge
lengths allowed in
the PCMC for
When adding or changing a dynamic token user account in
the PCMC, the challenge length can be up to 16 characters
long. The PCMC allowed Invalid challenge lengths for
25
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
dynamic token
users.
dynamic token users.
7555
Authentication of
smart card user
account via Remote
Help is inhibited
during uninstallation.
During the uninstallation of P4PC via add/remove
programs, it is not possible to authenticate a smart card
user account via Remote Help. The 'Next'-button is never
activated after the “Second response” has been entered, so
it is not possible to continue the authentication session.
7536
Remote Help:
PCMC one-time
logon does not work
when using an
ActivIdentity V2C
smart card.
Remote Help: when using an SC: ActivIdentidy V2C smart
card, one-time logon to the PCMC does not work because
the OK button is grayed out.
7454
Unable to enter the
desired password
when installing
Pointsec for PC on a
US English
Windows operating
system with the
requisite Regional
settings for Chinese
(Taiwan).
When installing Pointsec for PC on a US English Windows
operating system with the requisite Regional settings for
Chinese (Taiwan), the following problem occurs: when
entering the system administrator’s user account name and
password, the display of the second keystroke in the
password is delayed, and the character entered is not the
character of the key you pressed.
Note: The valid challenge length has been changed to be
from 1-8 characters.
Thus, when you enter these credentials in the PPBE, your
validation fails.
Workaround:
1. Access [Regional and Language Options] setting -[Advanced] tag.
2. Change [Language for non-Unicode programs] to
"English (United states)"
3. Reboot the machine.
7289
The PCMC does not
grey out groups that
are marked for
removal.
If you select a user account for removal in an update
profile, it is grayed out after saving and reopening the
profile. But, if you select a group for removal, it is not
grayed out after saving and reopening the profile although
all user accounts in the group are grayed out. The complete
group is however grayed out when you choose ‘mark for
removal’ before saving the profile, but not after it has been
saved and reopened.
7192
Pointsec for PC field
in Novell login dialog
does not display
Japanese.
The Pointsec for PC authentication field in the Novell login
dialog does not display Japanese even though Japanese
was chosen from the Pointsec for PC tray icon, and menus
and dialogs in Windows were set to display Japanese.
6919
No info in logs about
what kind of Remote
Help is performed
After giving/receiving Remote Help, it is not possible to see
in the client log viewer or in the local logs what kind of
Remote Help that has been given.
6916
Central log contains
strange entries
6912
Sony Vaio hangs
after logon in PPBE
with certain USB
smartcard readers.
The Central log contains entries called "Configuration
setting changed". When examined, they contain the text
"Unknown was set to [number]".
Often several "Configuration setting changed" entries are
logged in a row.
Sony Vaio SZ1 may hang after logon in PPBE with USB
smartcard reader SCR331 and RSA 5200.
26
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
6895
Black screen with
hanging cursor after
logon with SC in
PPBE on certain
machines
6884
Invalid character
using
PSLOGEXP.EXE
6872
The password
length of a user
account can be
reduced to a
length shorter
than the length
specified for the
group to which
the user account
belongs.
6739
A profile installation
fails for clients when
using Windows 2000
and Internet
Explorer 5.x.
6580
P4PC prevents
hibernation on
memory card
adapters.
5604
Certificate view is
not updated when
running Pointsec for
PC (P4PC) in
VMware and the
network is
After logon with a smart card account in PPBE on certain
machines, and a successful authentication, the screen may
turn black with a hanging cursor. The same scenario
occurs after an upgrade or a new installation.
Workaround:
Disable the USB Legacy Support in BIOS. You will then
avoid the black screen.
Same issue occurs on a ”Fujitsu Siemens 7020”
If the log parser tool "pslogexp.exe" is used to export log
events as XML("/xml"), the output may be invalid if any
event contains an XML Entity Reference (e.g. "&amp;",
"&lt;" or "&gt;").
It is possible to reduce the password length of a user
account to a
length shorter than the length specified for the group to
which the
user account belongs.
Scenario to reproduce the problem:
1. Create a new group and create a fixed password
account.
2. Change the minimum length for the user account to be
shorter
than for the length specified for the group (if the minimum
password length for the group is set to six, set the user
account’s
password minimum length to four).
3. Reboot and change the password in preboot.
A profile installation fails for Clients using Windows 2000
and Internet explorer 5.x. An installation error is logged with
following text: "The profile could not be loaded".
In a “pure” Windows 2000 SP4 (with Internet Explorer 5.x)
the required functionality for the installation is missing.
Workaround: install Internet Explorer 6.0 /6.0SP1 and the
msxml3.msi (Sp5) package on the clients. The msxml3.msi
package is available via www.microsoft.com.
The Sony VAIO has a removable Memory Card Adapter
(VGP-MCA20) for xD/SD/MMC compatible cards. This
adapter is interpreted as an HDD by the OS and P4PC.
This will prevent the system from hibernating, since P4PC
6.1.3 does not support hibernation with multiple HDDs in
the system.
Note: The Sony VAIO also has some internal nonremovable memory card readers that are interpreted as
HDDs whether or not the actual memory card is inserted. If
these are enabled, they could prevent hibernation as well.
Workaround: To be able to hibernate the PC, either
physically remove the card adapter from the PC or disable
the device from within the OS. Also disable any other
internal memory card readers that are interpreted as HDDs.
Here is the scenario:
1. Install P4PC in VMware.
2. Create a temporary smart-card user.
3. Disconnect the network cable from the computer (do not
disable the network connection in VMware; rather unplug
27
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
unavailable.
5482
5473
Creating a new
profile with the same
name as an existing
profile overwrites the
existing profile.
Profiles without
names.
5451
Problems unlocking
the recovery file
when authenticating
with a smart card.
5066
When using 3DES,
intermittent errors
occur when
encrypting four or
more volumes on
certain machines.
the physical cable).
4. Insert an Aladdin eToken
5. Reboot, and log on as the temporary user.
6. After logging on to Windows, the certificate selection
window appears; but the eToken is not displayed in the list
for selection.
This behavior occurs very rarely.
See “Error! Reference source not found.” on page Error!
Bookmark not defined., above.
Note that if you create a new profile that has the same
name and type as an existing profile, the existing profile will
be overwritten by the newly created profile.
It is possible to create profiles that do not have profile
names, even though creating such nameless profiles is not
recommended. These profiles are listed under “Profiles” but
the name field is empty, for example, the nameless “Install
Silent” profile above the “install 1” profile shown here:
Nameless profiles can be selected, edited, etc. like any
other profile.
If you use a smart card when using the recovery utility to
unlock a recovery file, the utility will try to use the smart
card used for the first user account authentication for the
second user account authentication. As long as a smart
card is in the reader, the utility will try to use that card for
authentication.
Workaround:
Do the first authentication with a fixed password or dynamic
password user account, and then do the second user
account authentication with the smart card. Or remove the
smart card before the second authentication window is
displayed.
The following errors occurred:
Encrypting four or more volumes using 3DES often results
in the problems described below. They have been
reproduced unpredictably on the PCs below, and the
outcome cannot be predicted.
HP D530c:
Event A) Decryption doesn't start at all. Rebooting doesn't
help.
28
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Event B) Hanging at the "Pointsec... Loading operating
system..." screen after the first reboot following
uninstallation using Add/remove programs.
4750
Abnormal keyboard
behavior on Dell
380.
4983
Assertion error in
recovery on an Acer
Ferrari.
2859
Removing Pointsec
for PC.
Dell Precision 670:
Event A) Decryption stops after four volumes. After a
reboot, the machine hangs. After a second reboot, the PC
could be accessed; but the decryption still does not start.
Event B) After the first reboot following uninstallation using
Add/remove programs, the machine hangs before the
Windows logon dialog is displayed. This also occurs after a
complete decryption.
Abnormal keyboard behavior on Dell 380 in PPBE. If you
press any of the arrow keys on the keyboard, there is a lag
of three key presses.
Workaround:
Press Ctrl-Alt-Del repeatedly until the machine reboots, or
use the mouse to click in another field like the password
field and then return to the first field, and then do not use
the arrow keys when typing.
An assertion error may occur during recovery on the Acer
Ferrari laptop.
Work around: Once the recovery program’s authentication
dialog is displayed, wait approximately 5 seconds before
starting to enter username.
Removing using MSI
In order for Pointsec for PC to be successfully removed
from a user’s workstation, the logged on user account must
be a member of the Administrators local group.
If this is not the case, a number of erroneous dialog boxes
will be displayed and the removal will fail.
However, when a local administrator account is used to log
on, the removal will continue and be successfully
completed.
New in 6.1.3
The following new functionality and enhancements are included in Pointsec for PC 6.1.3:
•
•
Support for slave hard drives
New location for the local log file and for the recovery file
From Pointsec for PC 6.1.3 onwards, the local log and recovery file are stored locally in
the following directory: C:\Documents and Settings\All Users\Application Data\Pointsec. (The
local log and recovery file are no longer stored in the Pointsec program directory.)
Changes and Corrections in 6.1.3 Hotfix 4
The following items were corrected in Pointsec for PC 6.1.3 Hotfix 4:
ID
About
Details
29
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
9322
9283
9135
A delay can occur
after the
"Initializing
Pointsec for PC"
progress bar has
completed.
The Pointsec for
PC system file,
Prot_ins.sys not
protected from
deletion.
After the "Initializing Pointsec for PC" bar has finished
loading, a delay could occur during which only a black
screen is displayed.
This issue has been resolved by introducing “sign-oflife” progress bars during the installation.
PSMAIN
0x50000c7e
during installation
if installation was
aborted.
If the system was shut down during the second part of
the installation a PSMAIN 0x50000c7e error could
occur.
In this release Pointsec for PC will attempt to restart
installation where it was interrupted.
The Pointsec for PC system file, Prot_ins.sys, was not
protected from deletion. A protection has now been
introduced for new installations.
Note: Upgrading the system to 6.1.3 HF4 will require
the protection to be manually inserted by adding
Prot_ins.sys to “Lockfiles” in the Pointsec for PC
registry.
Changes and Corrections in 6.1.3 Hotfix 3
The following items were corrected in Pointsec for PC 6.1.3 Hotfix 3:
ID
9282
About
Inconsistent CRC
error generation
causes Windows
to terminate with a
system error.
Details
Inconsistent internal Pointsec for PC error handling
can cause problems for the NTFS file system driver
and lead to Windows terminating with a system error.
This problem has been resolved.
9172
Windows
terminates
intermittently with
a 0x00000024
system error.
A Pointsec for PC filter driver call fails and causes the
0x00000024 system error.
This issue has been resolved.
Changes and Corrections in 6.1.3 Hotfix 2
The following items were corrected in Pointsec for PC 6.1.3 Hotfix 2:
ID
About
Details
30
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
8492
Issues regarding
alternative boot
media on Lenovo
models T43 and
T60.
The following two issues regarding alternative boot
media on Lenovo models T43 and T60 have been
corrected.
1) The boot process was extremely slow when
booting from CD/DVD media via the Pointsec for PC
alternative boot menu.
2) Access to encrypted volumes when booting via the
alternative boot menu was not possible.
8170
Parity Check error.
These issues have been resolved in this release.
Issues with Parity Check error messages on Lenovo
models T43 and T60 during boot up have now been
corrected.
Changes and Corrections in 6.1.3 Hotfix 1
The following items were corrected in Pointsec for PC 6.1.3 Hotfix 1:
ID
8354
About
Upgrade of smart
card driver does
not work.
8350
Profiles mistakenly
imported again
after upgrade to
6.1.3.
8347
UsersLocation
registry value
shows a faulty
location.
Details
Upgrade of smart card driver does not work. The INF
file is upgraded, but the driver files themselves are
not.
This issue has been resolved in this release.
The profiles located in update folders are imported
even if they where imported before the upgrade.
Workaround: Copy profile.dat and profile2.dat from
\Program Files\Pointsec\Pointsec for pc\ to
Documents and setttings\All Users\Application
Data\Pointsec\.
This issue has been resolved in this release.
The registry value UsersLocation that should point to
C:\documents and settings\All Users\Application
Data\Pointsec mistakenly points to W:\Doc... or
Z:\Doc...
USB hard drive
(HDD) - Boot
record and system
area are installed
on the USB HDD.
This is related to external hard drives; the drive had
this drive letter.
This issue has been resolved in this release.
During installation of Pointsec for PC, you can select
to install the program on your USB hard drive (HDD).
After rebooting, the system code is installed on the
hard drive and a Pointsec for PC boot record is also
put on the HDD.
8331
This issue has been resolved in this release.
31
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
8308
8215
8181
Encryption starts
without a recovery
file being created.
When booting with
bootable
media,"Database
corrupt" messages
are issued and
Windows
terminates with a
system error.
Reinstall fails with
PSMain error
code.
If uninstallation was incomplete, and if the value
"Uninstall" is set to "1" in the Pointsec registry,
encryption starts without a recovery file being created.
This issue has been resolved in this release.
"Database corrupt" messages are issued when
booting with bootable media, and Windows terminates
with a system error.
This issue has been resolved in this release.
Inserting a bootable CD in the CD-ROM drive during
reinstallation causes the reinstall to fail.
This issue has been resolved in this release.
Changes and Corrections in 6.1.3
The following items were corrected in Pointsec for PC 6.1.3:
ID
7889
About
Computers without
PCI BIOS
functionality
terminate with a
severe error.
Details
After installing Pointsec for PC and immediately after
the first reboot, computers without PCI BIOS
functionality terminate with a severe error.
Case ID: 10767.
7551
Obertur smart card
malfunctions.
7481
Rebooting during
encryption causes
the machine to
hang.
7446
A webRH update
profile disables
Windows
Integrated Logon.
7430
Additional
Keyboard layouts
required in PPBE.
Authentication using the ActivIdentity Oberthur
CosmopolIC 32K V4 smart card.
Case ID: 8935.
If you reboot during encryption, the computer hangs at
the "Pointsec loading operating system" message. It
can also occur when Pointsec for PC starts to encrypt
the second partition and you reboot.
Case ID: 10409.
Adding an webRH update profile to a Windows
Integrated Logon (WIL) enabled machine will disable
WIL.
The following scenario produces the error:
1) Enable WIL.
2) Reboot and ensure that WIL works.
3) Import a webRH update profile.
4) When you reboot, you will have to enter credentials
at PPBE.
Case ID: 10054.
The following additional keyboard layouts are required
in the Pointsec Preboot Enviroment (PPBE).
Swiss (French) and Swiss (German).
32
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
7299
Incorrect version
information
displayed for
Pointsec for PC
when using
Add/Remove
programs.
7297
Uninstall settings
for user accounts
are not
recognized.
7218
Error when
unlocking a user
account in PCMC
when using a
Japanese version
of Windows.
7210
Cannot define a
user account that
is prohibited from
logging on to PBE
but is allowed to
logon to PCMC.
7206
Case ID: 10388.
The version information displayed for Pointsec for PC
when using Add/Remove programs is incorrect.
Case ID: 10065.
The following scenario produces the error:
1) Create an installation profile (in this case, a silent
profile).
2) Create a group with Uninstall setting "Specified
Value = -" and "Effective Value = NO".
3) Create three users in that group. Two with the
Uninstall setting "Specified Value = YES" and
"Effective Value = YES". The third should have the
default setting.
When you try to exit from the profile, you will receive
the following warning: "Fewer than two user accounts
have uninstall permission.
Case ID: 9908."
When you right-click on a user account and select
“lock/unlock account” in P4PC 6.1.1 Japanese
console, an “Index was outside the bounds of the
array” error message is displayed.
Case ID: 9537.
It is not possible to prohibit PBE logon when still
allowing PCMC authentication.
The following scenario produces the problem:
1) Install Pointsec for PC 6.1.1.
2) Create user account X with the following
permissions:
- 'Logon Authorized' to 'No',
- 'Management Console Logon' to 'Yes'
3) Reboot.
4) Authenticate in PBE with a Pointsec for PC user
account that has the permissions to logon to Pointsec
for PC.
5) Try to authenticate to PCMC with user X.
6) You will receive: "Invalid login".
Case ID: 8488
A specified second The following scenario produces the error:
publish path is not 1) Create an isp profile with either Pointsec for PC
used.
6.1.0 or 6.1.1.
2 ) Create two entries in the Publish path setting:
The first one is remote and not accessible:
(\\192.168.10.1\publish$)
33
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
7201
Pointsec for PC
version number is
specified
incorrectly in the
support
information.
7195
Enabling and
disabling Wake on
LAN (WOL) using
UPP profiles.
7188
Cannot choose
AES when
creating an install
profile.
7145
Boot problem
when a second
partition is set as
active – Error
code: 0x50012b8.
The second one is accessible (C:\).
3) Now create a update profile that creates a Pointsec
for PC user account.
4) Place the profile in the secondary path (C:\).
5) Reboot.
Verification: check log entries, check PCMC: the
profile is never published in the second directory.
Case ID: 9607.
The following scenario produces the error:
1. Go to "Add or Remove programs" and locate the
Pointsec for PC entry.
2. Click: "Click here for support information."
The version number displayed is "6.0.1", but is should
have been "6.1.0".
Case ID: 10654.
The following scenario produces the error:
1. Publish an UPP that enables (WOL) and set "n"
WOL starts (and specify all the other settings
necessary).
2. Use WOL for "x" boots.
3. Publish an UPP to disable WOL.
4. Publish an UPP exactly like the one in the first step.
The result of this is that WOL is enabled, but WOL
starts are still set to "n"-"x", not reset to "n".
Case ID: 8502.
The following scenario produces the error:
1) Select Danish in regional settings in Windows.
2) Do a master installation with AES as the algorithm.
Use an open license when it comes to language
(Operating System).
3) Select: create a installation profile.
4) Open "Choose encryption".
5) You cannot choose AES as algorithm in the drop
down menu.
Note:
If you leave the setting as they are the installation
profile will install with AES as algorithm.
Case ID: 9550.
It's not possible to install on a system where the
second partition is set as active.
The following scenario produces the error:
1) Setup a partition layout with 2 XP partitions where
the second partition is the active partition.
2) Choose to install Pointsec for PC from the first OS
partition and to install on all partitions (Boot and
encrypt).
3) Reboot.
34
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
7103
7086
PCMC Unhandled
exception occurs.
Invalid data error
after enabling
Hibernation with
the Japanese
language selected.
7080
Novell - User ID
displayed after
reboot.
7097
Novell - Offline
mode problems.
4) The Pointsec for PC system code is installed on all
partitions.
5) Authenticate to Pointsec for PC.
6) Choose to boot into the first OS partition (the
partition from which the installation started).
7) When P95Tray.exe starts, the following dialog
"Error code: 0x50012b8" is displayed.
8) Click OK, and you will get a Windows dialog saying
that the P95Tray.exe will be shut down.
9) Reboot and you will get the same scenario again.
Case ID: 8440.
The following scenario produces the error:
1. Go to Local -> Edit settings:
2. Right click a setting under a user account, for
example, Privileged Permissions and select "Name
and Authentication".
An "Unhandled exception..." occurs.
Case ID: 9338.
An "Invalid Data" error occurs when you change the
hibernation setting in the management console
(PCMC) and you use the Japanese menu.
The following scenario produces the error:
1. Right click the Pointsec for PC icon in the task tray,
then select the Japanese language.
2. Open the Management Console.
3. Go to Local -> Edit Settings -> System Settings ->
Other.
4. Double click "Allow Hibernation", select the
checkbox (or clear it if it is selected already), then
click OK.
5. Click OK to close Local.
Then an "Invalid Data" error occurs.
Case IDs: 9306, 6622.
After installing Pointsec for PC the UserID field shows
the last username used after reboot.
Case IDs: 9249, 6793.
Problem with the Novell client and the offline mode
feature: once it is turned on, you cannot turn it off.
The following scenario produces the error:
1) Install Novell Client 4.91 SP2.
2) Install Pointsec for PC 6.1.1.
3) Reboot and make sure that normal Novell login
process works.
4) Shutdown the machine and unplug the network
cable.
35
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
5) Boot and NwClient is set to "Workstation only"
(OK).
6) Reboot and connect the network cable again
before Windows boots.
7) You will still have: "Workstation only" mode
enabled.
Case ID: 9247.
7065
Windows does not
load if partition 3 is
set to Active (Boot
partition)
7062
Windows freezes
at the Windows
splash screen
7044
On a Chinese
Windows
installation, unable
to input the license
code.
7038
Dynamic
password - Next
button grayed out.
7033
The "Set Minimum
Password Age"
function
The problem occurs in the following configuration:
1. C drive (0:0) - Windows XP installed ACTIVE
PARTITION.
2. D drive (0:1) – User data drive.
3. E drive (0:2) - Recovery partition with Windows PE
installed or Windows XP.
Scenario 1.
1) Set the C volume to Active (Boot partition).
2) Boot the machine and authenticate in PPBA.
3) The machine starts and Windows loads.
The following scenario produces the error:
Scenario 2:
1) Set E volume to Active.
2) Boot the machine and authenticate in PPBA.
3) Get “Pointsec … Loading operating system” and
the system hangs.
Case ID: 9217.
Windows freezes at windows loading screen.
According to the start log, it freezes at driver Mup.sys.
Safe Mode start works without problems.
The problem occurs only when using Checkpoint VPN
client to connect to network.
Case ID: 7117.
On a Chinese Windows installation, you are unable to
insert the first part of the license code (the W60 part).
Only two characters fit in the text field.
Case ID: 7585.
When adding x9.9 token, the user interface will not
activate the Next button if all information is not
entered in exactly the proper order.
The following scenario produces the error:
1) Add a x9.9 token user
2) Enter the key information before the token id, select
the token format etc, the next option will REMAIN
grayed out
Case ID: 9167.
The function "Set Minimum Password Age"
malfunctions.
If you enable this function for a user account or group
36
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
malfunctions.
7013
Automatic
hibernation at low
battery level fails.
6999
CAC smart card
authentication to
PCMC fails.
6998
The Pointsec for
PC screen saver
forced on
installation.
6886
User account is
locked even
though settings
related to account
lockout are set to
“Disabled”.
(e.g. set it to 10 days), when this user account logs in
one or more times, the user account can change the
password each time.
(The user account has "Change Password"
permission set to "Yes", of course).
Also if the setting "Set Maximum Age" is set for a user
account that also has set "Set Minimum Password
Age" to a "max" setting is lower then the "min" setting
the user account can change the password when
prompted (without having the "Change Password"
permission set to "Yes").
Case ID: 10623.
If you set your machine to hibernate automatically via
the Power Options in Control Panel, when it
hibernates the next boot will be a normal boot. Any
data that was not saved will be lost.
The following scenario produces the error:
1. Go to the Control Panel.
2. Open: Power Options.
3. Select the Alarm tab.
4. Select "Activate critical battery alarm when power
level reaches".
5. Set the machine to hibernate at a certain battery
level.
6. Ensure that "Hibernation" is selected as Alarm
Action.
Case IDs: 8946, 9033.
Not possible to logon to PCMC with CAC smart card
authentication.
Case ID: 8913.
The Pointsec screen saver is forced onto any system
on which Pointsec for PC is installed.
Case ID: 8594.
User account is locked even though the settings
related to account lockout have been set to “Disabled”
in local settings for the respective user and group
setting.
The following scenario produces the error:
1. Logon to the Management Console.
2. Under Local settings, disable Set Max Failed
Logons, Set Logon Limit, Attempts Before Temporary
Lockout and Temporary Lockout Time.
3. Confirm the Effective Values are “Disabled” as per
step 2.
4. Logon to the Management Console using a valid
user account but use the wrong password. Make 10
attempts and then restart the PC.
5. The user account (or sometimes the user accounts
37
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
in the group) are locked, with message:
Invalid Logon - Your account is locked, too many
failed Logon attempts.
6972
Pointsec for PC
installation fails if
the Symantec
application
restorebmr.exe is
run prior to the
installation.
6850
Cannot uninstall if
the .REC-file is
unavailable.
6819
Only add one path
at a time.
The only way to unlock the account at this stage is to
right-click the value and select Reset Value for the
settings “Attempts Before Temporary Lockout” and
“Temporary Lockout Time”.
Workaround:
Ensure that the values for Attempts Before Temporary
Lockout and Temporary Lockout Time are reset to the
default values rather than selecting “Disabled” for
them.
Case ID: 8539.
Pointsec for PC will terminate abnormally if the
Symantec application restorebmr.exe is run prior to
the installation of Pointsec for PC.
Case ID: 8640.
The following scenario produces the problem:
1. Install PS 6.1.0 HF1, and add, for example, the
following path: \\path\path\rec to store recovery file.
2. Select at least one volume to encrypt.
3. Let machine encrypt 100%.
4. Change path to something that cannot be
accessed, for example, \\path\path\rec_old.
5. Remove Pointsec for PC using Add/Remove
Programs.
6. Reboot.
7. Wait for decryption to start. It does not start.
8. Change path to correct \\path\path\rec, and reboot.
9. Now decryption will start.
Case ID: 8491.
Only add one path can be added at a time.
The following scenario produces the problem:
1) Open the PCMC.
2) Go to Local and select: Edit settings.
3) Set one new recovery and a profile path.
4) Click OK.
5) Select: Edit Settings.
6 Only one of the paths added at step 3 has been
created.
Only one path can be added at a time, and the last
one specified will be the one that is added when you
click OK (Save the settings).
Case IDs: 7624, 6569.
38
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
6815
Fatal error under
heavy load when
PME and
Symantec
Antivirus 10 are
installed on the
same system
together with
Pointsec for PC.
The fatal error caused under a heavy load when PME,
Symantec Antivirus 10, and Pointsec for PC are all
installed on the same system has been resolved in
this release.
6813
Logs duplicated in
Windows Event
Viewer.
6793
Local Security
Policy Setting not
honored.
6738
No reboot after
multiple failed
logons.
6732
Configuration Set
If you choose to change the computer name while you
have Pointsec 6.1 HF1 installed, you will get
duplicates of the logs that you had before you
changed the computer name.
The following scenario produces the problem:
1) Install Pointsec for PC 6.1 HF1.
2) Check the Windows Event Viewer log and the local
Pointsec log, and you will see that there are just as
many log entries (the local log will probably have one
more log, log for the logon to the PCMC).
3) Reboot.
4 Change computer name.
5) Reboot.
6) Check the Windows Event Viewer and the local log
and you will see that the Windows Event Viewer logs
entries are twice as many.
Case ID: 7622.
Pointsec for PC causes local security settings to be
ignored when used with Novell.
Environment used in reproducing the problem:
XP Sp2, Novell Client Version: 4.91 SP1, and
Pointsec for PC Version: 6.1 HF1.
The following scenario produces the problem:
1. Set up a Novell client.
2. Set the Local Security Policy Setting: [Do not
display last username] to Enabled.
3. Novell will honor this setting and the last user name
will not be displayed in Novell logon.
4. Install Pointsec for PC with the default setting
(UpdateSSO=0).
The modifications that Pointsec for PC makes to the
Novell logon screen (Pointsec OCX) will cause the
last user name to be displayed. Basically Pointsec for
PC causes the local security setting to be ignored.
Case ID: 8127
It is possible to make unlimited logon attempts in
PPBE if you use a user account that is not present in
the Pointsec user database.
Case ID: 8356.
The following scenario produces the problem:
39
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
lost in PCMC GUI.
6731
Accounts with
permission to
access both the
Management
Console and Local
can change the
password for any
account.
6729
Recovery Media
Content Differs.
6666
Pointsec for PC
fails to uninstalled
via add/remove.
6665
Authentication
hangs during
uninstallation from
Windows
add/remove
programs.
6664
Hibernation Dynamic token
1) Logon as a "full permission user" (sysadmin).
2) Create a Configuration Set.
3) Exit from the PCMC.
4) Log on as a user with “limited permissions”, that is,
not “full permissions” (with the following permissions
granted: Management Console Logon and Provide
Remote Password Change).
5) Exit from the PCMC.
6) Log on as "full permission user" (sysadmin).
Configuration Set is now lost.
Case ID: 7871.
Accounts with permission to access both the
Management Console and Local can change the
password for any account in certain places in the
Management Console. Customers are therefore
advised not to configure user accounts that have
access to both the Management Console and to
Local.
Case ID 8080.
If a floppy is pre-formatted in Windows XP, the
content differs from a medium that is formatted by the
recovery program. At least the file Datahand.dbh is
missing on the Windows XP pre-formatted medium.
Case ID: 6270.
Using a silent install profile, Pointsec for PC installs
and encrypts. If you try to use the Windows
“add/remove programs” to uninstall, the window loses
focus; and you cannot enter the password of the
authorized user account.
The following scenario produces the problem:
1) Install Pointsec for PC using a silent install profile.
2) Let it encrypt fully.
3) Go to “Add / Remove programs” via the Control
Panel.
4) Instead of entering the user account name, click in
the password field.
Case IDs: 7908, 8091, 9314, 9227.
The following scenario produces the problem:
1. Install using a profile.
2. Let the system encrypt.
3. Do Add/Remove.
4. When the authentication window is displayed;
either click on the password field or tab down, and the
window will emit a sound and then hang.
Case ID: 8018.
When logging on with a dynamic token user while
hibernated with fixed password user, the dynamic
40
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
user accounts
become corrupt.
6654
Datahand.dbh is
not created on
Recovery media.
6633
PCMC - Invalid
data error when
using a Japanese
OS.
6629
Unhandled
exception when
creating a
temporary user.
6580
Pointsec for PC
prevents
hibernation on
token user account is corrupted.
The following scenario produces the problem:
1. Power on the machine.
2. Login PBA/OS using a fixed password user account
(username+password combination).
3. Do hibernation.
4. Power on the machine again.
5. In preboot authentication, try to log on using the
dynamic token account and you'll be rejected because
you need to log in using the fixed password account
(used during step 2).
6. Again in preboot authentication, log on using the
fixed password account (used during step 2), and log
in the OS.
7. Reboot the machine.
8. In preboot authentication, if you try to log in using
the dynamic token account from step 5, you'll have
"Invalid logon".
The dynamic token user account is no longer able to
log on.
Case ID: 5433, 6750.
When creating recovery media, (both floppy and USB)
the file "datahand.dbh" is not written to the media.
Case IDs: 7831, (GER), 7894 (GER), 6801 (JP), 6270
(US), 6881 (JP), 9382 (US), EDS – 11046.
When using a Japanese OS, error messages are
produced when editing in Local -> System settings.
The following scenario produces the problem:
1 Open Management Console -> Local -> Edit
Settings -> System Settings -> Install
2 Enter Set validation Password -> click OK
3 Click OK to close Local
4 "Invalid Data" error is displayed
The same message is displayed when the editing
upgrade and profile path.
Case ID: 6622, 7404.
The following scenario produces the problem:
1. Create user group - Users
2. Create a temporary smart card user - Temp
3. Go to Account Settings
4. Go to Logon
5. Change "Attempts before temporary lockout"
6. Click OK
An unhandled exception causes an error message.
Case ID: 7754.
The Sony VAIO has a removable Memory Card
Adapter (VGP-MCA20) for xD/SD/MMC compatible
cards. This adapter is interpreted as an HDD by the
41
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
memory card
adapters.
6573
precheck.txt file is
not read when
installing from a
network path.
6517
Change of user
account name not
applied in an
interactive profile.
OS and P4PC. This will prevent the system from
hibernating, since P4PC 6.1.3 does not support
hibernation with multiple HDDs in the system.
Note: The Sony VAIO also has some internal nonremovable memory card readers that are interpreted
as HDDs whether or not the actual memory card is
inserted. If these are enabled, they could prevent
hibernation as well.
Workaround: To be able to hibernate the PC, either
physically remove the card adapter from the PC or
disable the device from within the OS. Also disable
any other internal memory card readers that are
interpreted as HDDs.
The following scenario produces the problem:
1. Place the install package on a network drive.
2. Change something in precheck.txt (for example,
UpdateSSO=4).
3. Change permission on all install files in the
Pointsec folder. Give "Full Access" to the user
account you intend to use as the installer account.
Remove all other user accounts in the permission list,
including "Everyone".
4. Login with the user account that has Full Access to
the files and click your way to the msi. Double click it
to start the installation.
5. Check the registry after the installation. The
precheck changes have not been made.
Case IDs: 6223, 6912, 7208, 9292.
The problem occurs in the following scenario:
1. Create an interactive installation profile that is
based on local settings.
2. Right click one of the users, and select “Name
and Authentication”.
3. Under “Type of User” select “Install”, and
Under “Install Interaction” select “Change
Logon Name” and “Change Authentication
Details”.
4. During installation, change both logon name
and password.
The new logon name is not applied, only the
password change is applied.
Workaround:
6486
The OK button is
active prior to the
completion of
Remote Help.
Use a temporary user for installation instead and then
make the changes.
When entering the Remote Help dialog in preboot
authentication, the OK button is active and can be
pressed even though the procedure is not yet
finished. If pressed, an “invalid login” error message is
displayed. Ok button should be inactive until final
input is completed.
42
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
6485
“Change Single
Sign-On setting”
malfunctions.
6464
Unable to read
encrypted data on
hard drive via
Pointsec
alternative boot
menu (Ctrl + F10
or Ctrl + F9).
6421
Possibility of
problems when
installing via
profiles on
machines that
have hidden
volumes.
6406
Log entry of type
1010 lacks
meaningful text.
6378
Limitation when
unregistering
drivers with
pscontrol.exe.
6362
After the first
authentication
following
installation,
stressing the disk
causes the system
to freeze.
6319
Moving the mouse
during PPBE
produces: Error
code "***** Internal
CSDSES error ***
Case ID: 5895.
Even though the "Change Single Sign-On" setting is
set to No, the user can disable single sign-on in PBA,
and the SSO chain will thereby be broken.
Case ID: 7226.
In order to read encrypted data on the first volume of
a hard disk drive, the following conditions must be
met:
- The first volume may not be hidden
- There may be only one volume
- There may be only one hard drive.
If the above conditions are not met, you will not be
able to read the data via the alternative boot menu.
Note that if you attempt to install with a profile that
specifies only Volume 0 in “Select Volume Protection”,
and the machine on which this profile is meant to
install Pointsec for PC has a hidden volume, the
installation will fail because Pointsec for PC always
counts the hidden volume as Volume 0. So in this
case, no code will be installed because the only
volume specified is a hidden volume.
If you start the PCMC, select Local, select Edit
Settings, and click OK without having made any
changes in Edit Settings, two entries are written to the
log file, each with type 1010. If you look at these
entries under Log Entry Details, you will see that
instead of meaningful text in the entry, one says
“Unknown was set to 0” and the other says “Unknown
was set to 60”.
Case ID: 8653.
It is not possible to unregister all drivers that have
previously been registered using pscontrol.exe.
The following scenario causes the system to freeze:
1. Install 6.0.1 HF2 with encryption.
2. After the first authentication following installation,
stress the disk with defragmentation and file
searches.
3. The system freezes after a while, the problem is
intermittent.
- Has been reproduced on HP dc5100.
Case ID: 6126.
If you move the mouse during "Pointsec for PC ...
loading operating system ...", the following error
message is displayed "***** Internal CSDSES error ***
". Pressing the Power button reset was required to get
the system to boot properly. The problem was found
on the Dell D410 and D610 machines.
43
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
6311
"
Case ID: 6765.
Windows logon
dialog fails after
uninstalling
Pointsec for PC.
If you do the following:
1. Install Pointsec for PC selecting boot
protection only.
2. Perform recovery on the system volume.
3. In Windows, run Add/remove Programs and
uninstall Pointsec for PC.
4. Reboot the PC.
The PC stops when it should display the Windows
logon dialog, and the following message is displayed:
“User interface failure: The logon user interface DLL
pssogina.dll failed to load…”.
6290
Preboot logon
does not appear
after recovering a
non-encrypted
volume.
6262
Known issues
using RSA
together with
Schlumberger.
6259
Two smart card
user accounts can
be assigned the
same certificate.
6101
Help feature
malfunctions in
“Create Recovery
Disk”.
6093
Uninformative
message
displayed after
Workaround: Boot into safe mode and manually set
the registry setting: “GinaDLL” to msgina.dll. The path
is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Win
dows NT\CurrentVersion\Winlogon.
If you do the following:
1. Install Pointsec for PC and only boot protect
the system volume and fully protect (boot
protection and encryption) a second volume.
2. Recover the system volume.
3. Boot the PC.
A fatal error (error code 5001344) occurs during the
boot or shortly after Windows authentication. Note
that the scenario above ignores the best practice,
which is to perform recovery of all volumes; and, as a
second choice, perform recovery starting with the last
volume protected first.
The RSA 5200 Smart Card is not detected in PPBE at
all when the reader USB reflex v2 is used, with or
without a hub. The same occurs if the reader USB
reflex v1 is being used.
Two smart-card user accounts cannot be assigned
the same certificate in the Pointsec for PC
Management Console. But two smart-card user
accounts can be associated with the same certificate
when using a temporary user account or when
selecting “Change Credentials” in the tray. However,
an administrator should never assign the same
certificate to two users.
When using a question mark ("?") to get help during
Create Recovery Disk, the following error message is
displayed: "Can not find the C:\Program
Files\Pointsec for PC\UserRec.HLP file. Do you want
to try to find this file yourself"
Case ID: 6323.
If you enter the wrong encryption key for a Pointsec
for PC IMP file, you receive the following
uninformative error message: “Attempted to read or
44
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
5943
entering the wrong
encryption key for
a Pointsec for PC
IMP file.
write protected memory.
Case ID: 6220.
Reaching the
logon limit for a
user account
makes it
impossible to
disable the logon
limit for that
account.
If you set logon limit to 5 and then perform 5
successful logons you will not be able to unlock this
user any more.
5802
Hibernation - Not
able to logon in at
PBE
5772
Importing tokens Not possible to
have more then 11
tokens in IMP file.
5451
Problems
unlocking the
recovery file when
authenticating with
a smart card.
5254
EncryptionState
remains “1”
1) Set Logon Limit to 5
2) Reboot and do 5 logons (Account is
locked/exceeded)
3) Enter PCMC and disable Logon limit
4) Reboot
5) You will not be able to logon with this account
anyway.
Case ID: 5979.
The result of the following scenario was that no user
could logon to Pointsec for PC on this machine
(unless they used Remote Help or Recovery).
1. Enable hibernation via PCMC and on the machine
through control panel.
2. Set the machine to hibernate.
3. Restart the machine. Fail logon as the user 3 to 5
times so account will lock.
4. Totally power off the machine and try to log on as
any other user account, for example, as system admin
etc. Pointsec for PC will not allow you to logon using
any other account.
Case ID: 5654.
If you import an IMP file containing 25 tokens, only 11
are visible when trying to import them in PCMC.
Case ID: 5585.
If you use a smart card when using the recovery utility
to unlock a recovery file, the utility will try to use the
smart card used for the first user account
authentication for the second user account
authentication. As long as a smart card is in the
reader, the utility will try to use that card for
authentication.
Workaround:
Do the first authentication with a fixed password or
dynamic password user account, and then do the
second user account authentication with the smart
card. Or remove the smart card before the second
authentication window is displayed.
The value of EncryptionState remains “1” in spite of
the fact that encryption has completed successfully.
45
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
despite successful
encryption.
5251
Risk of exceeding
“Set max failed
logons” value
specified in PCMC
when using
password
synchronization.
5246
eTokens are not
supported on the
Hewlett
Packard/Compaq
Evo N800c.
5124
Problem viewing
the central log
4786
PIN dialog
sometimes hidden
by Extend
Authority dialog.
4638
Possible Problems
When
After encryption completes successfully, the value
should be set to “2”. The values that EncryptionState
can have are:
0 = Unencrypted
1 = Encrypting
2 = Encryption completed
That the value is never set to “2” is an error.
Work around: examine the central log file or the local
event viewer to check the status of the encryption.
Case IDs: 4609 and 10000.
When password synchronization is enabled, Pointsec
for PC can generate spurious failed logon attempts
when the user logs on to Windows. If the maximum
number of failed logons set in the PCMC under Local
Æ Group Settings/Account Settings Æ Logon Æ “Set
max failed logons” is too low, the user account logging
on might be locked because this number has been
exceeded by the generation of these spurious failed
logon attempts.
Workaround:
Ensure that the value specified for “Set max failed
logons” is large enough to compensate for the
spurious logons that are generated.
Case ID: 10340.
Use of eTokens on the Hewlett Packard/Compaq Evo
N800c is not supported.
Currently the log files for the client PCs are stored
together with the recovery files. When you create a
new set you specify a "Publish" path and a "Storage"
path. A recovery path under Local/System
Settings/Install/Set Recovery Path has also been
specified. The log files are stored in this Recovery
path, and erroneously do not appear in the set’s logs.
To be able to view logs for the clients in a set, follow
the work around below.
Workaround:
Set the “Storage Path” for the set to the same path as
the Recovery Path set in: Local/System
Settings/Install/Set Recovery Path.
Occasionally when authenticating with a smart card,
the PIN dialog is hidden behind the Pointsec for PC
Extend Authority dialog.
Work around: Use the mouse to move the “Extend
Authority” dialog to that you can access the PIN
dialog. Then enter the PIN.
On certain PCs, you can experience problems if you
use USB devices at the same time as you use USB a
46
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Authenticating with
USB Smart Cards
When USB
Devices Are Used
for Recovery
smart card reader. Problems have occurred on the
following machines: NEC VersaPro, Dell D600, IBM
A51, and Dell D370. There may be other machines on
which problems occur.
Work around: use a non-USB device for recovery if
you authenticate using USB smart cards.
Case ID: 6579.
New in 6.1.2
The following new functionality and enhancements are included in Pointsec for PC 6.1.2:
•
Enhanced support for smart cards.
Aladdin eToken users!
Before upgrading to Pointsec for PC 6.1.2, read the following document:
Pointsec_for_PC_EW_6.1.2_Aladdin_eToken_B.pdf, which is on the product CD
ROM.
Changes and Corrections in 6.1.2
ID
7028
6972
6815
About
Details
Pointsec for PC will terminate abnormally if the
Pointsec for PC
installation fails if Symantec application restorebmr.exe is run prior to the
the Symantec
application
restorebmr.exe is
run prior to the
installation
installation of Pointsec for PC.
This issue has been resolved in this release.
Fatal error under
heavy load when
PME and
Symantec
Antivirus 10 are
installed on the
same system
together with
Pointsec for PC.
The fatal error caused under a heavy load when
PME, Symantec Antivirus 10, and Pointsec for PC
are all installed on the same system has been
resolved in this release..
Changes and Corrections in 6.1.1
ID
6792
About
The local logfile
grows too
quickly.
6791
Identical log
entries are
created in the
central log.
Details
The local logfile grows too fast and becomes very
large. In cases where the logfile is delivered to a
network share, there is a noticeable loss of
performance.
This issue has been resolved in this release.
In random cases identical log events were created
in the central log file.
This issue has been resolved in this release.
47
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
6780
About
Not possible to
view or export
logs in PCMC.
6767
Unable to
remove a newly
created
Temporary user
account and
attempts to
remove this
account result in
the removal of
the user account
created from the
temporary user
account.
6655
CentralLog.exe
Error on
Upgrade.
6626
Database corrupt
– Database can
become corrupt
when Smart Card
is used.
6622
PCMC – Error
message in “Edit
settings” in
Japanese
language.
Details
When attempting to open or export logs in PCMC
you get the following error message: "Failed to
load resources from resource file. Please check
your setup."
This issue has been resolved in this release.
The problem occurs in the following scenario:
- Install PS4PC 6.1 HF1 with one temporary user
in a Users group
- Logon as the temporary user and rename the
account
- Apply an update profile based on the original
installation profile that includes the Users group
and the temporary user.
- The Users group now has two accounts. The
user that was created from the original temporary
account and the newly added temporary account.
- With management console attempt to remove
the newly added temporary account. Nothing
happens; it can’t be removed.
- With an update profile attempt to remove the
newly added temporary account. The user that
was created from the original temporary account
is removed and not the temporary account.
This issue has been resolved in this release.
The message “CentralLog.exe has encountered a
problem and needs to close” is displayed on
several systems after upgrade from 6.0.1 to 6.1.
This issue has been resolved in this release.
The database can become corrupt when
petoken.bin is used. Scenario:
1. Add petoken.bin to precheck.txt.
2. Install with installation profile.
3. Encrypt volumes.
4. Reboot and press CTRL-ALT-DEL during
PBA.
5. Shut machine down using power button.
6. Start machine up using power button.
7. Authenticate and boot machine up.
If you repeat this procedure, you will eventually
receive the message “Database corrupt. PsMain:
51cc”.
This issue has been resolved in this release.
Error message “Index was outside the bounds of
the array.” appears when the following setting is
accessed in P4PC MC:
Group > System > UserID > System > Account >
Permission
This issue has been resolved in this release.
48
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
6575
About
Index outside
bounds of array
in MC.
6574
Keyboard
unresponsive
during Windows
startup.
6571
Profile paths not
saved correctly.
6545
Characters < > &
not allowed in
user account or
group names
6531
Unable to view
logs after
disabling
Autologon.
Details
To reproduce (Found only in German & Slovakian
languages):
1. Open MC.
2. Go Local.
3. Create new group.
4. Open new group.
5. Open “Permission” folder of that group.
This issue has been resolved in this release.
If your keyboard does not respond after Pointsec
preboot authentication and before Windows
startup, disable Pointsec PBA mouse support.
This issue has been resolved in this release.
The following scenario will reproduce this
problem:
1. Create a silent install profile.
2. Specify one path for all three settings
(Recovery, Update and Upgrade).
3. Complete the profile and save it – you are
now back at the PCMC main display.
Note: Issue has also been reproduced
when only saving the profile “halfcompleted”.
4. Open the profile again to either verify
settings or continue creating the profile.
The search paths, as specified in Step 2 above,
were not saved correctly. In tests performed to
date, one of three paths is correctly saved.
Notes:
• If the procedure is repeated a second time
(correct paths and the profile saved), two
of three paths will be saved correctly.
• If the procedure is repeated a third time
(correct paths and the profile saved), all
three paths will be saved correctly and the
profile paths will be as they should.
This issue has been resolved in this release.
The characters for greater than (<), less than (>),
and the ampersand (&) may not be used in user
account names.
In Pointsec for PC 6.1.1 you are able to use < > &
in usernames and in group names, so this issue
has been resolved in this release..
If Autologon is used and then disabled, you will
be unable to view the logs after reboot. The
scenario is as follows:
1. Start PC with Autologon.
49
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
6469
The crerec
process starts
every two
seconds after an
update profile is
imported into the
work directory.
Sony VAIO SZ1
hangs after
preboot
authentication.
6446
6440
5989
Problems
experienced after
preboot
authentication
when USB
hardware device
support is
enabled on an
NEC VersaPro
VJ17F/RF-U.
PPBE – not able
to use USB
keyboard/mouse.
5730
No Help on Help
toolbar.
5226
eToken driver
inhibits the
functioning of all
other installed
smart card
Details
2. Disable Autologon.
3. Accept the user account being removed
when queried.
4. Reboot and log on manually.
5. Try to view the local log or logfile using
PCMC or pslogexp.
Note: This problem does NOT occur with normal
user accounts or when a Wake-on-LAN-enabled
user account is disabled because of a manual
logon to PCMC.
This issue has been resolved in this release.
This issue has been resolved in this release.
The Sony VAIO SZ1 hangs after preboot
authentication. The PC boots to the Windows safe
mode menu, where it hangs. When the menu
times out, nothing happens, and you are not able
to choose any of the safe mode boot options.
Workaround: Disable mouse support through the
double-shift menu, and you will be able to boot
into Windows. Alternatively, unplug any external
USB mouse.
This issue has been resolved in this release.
Immediately after preboot authentication, an NEC
VersaPro VJ17F/RF-U can shut down with a fatal
error when USB hardware device support is
enabled. Removing and/or disabling the mouse
does not solve this problem.
Workaround: Restart the machine, and, prior to
preboot, use the double-shift menu to disable
USB hardware support.
This issue has been resolved in this release.
On some machines with USB Smart Card enabled,
it is not possible to use USB keyboard or mouse
in Pointsec PBE.
This issue has been resolved in this release.
The Help option has been removed from the menu
bar in PCMC.
This issue has been resolved in this release.
Installing the eToken driver inhibits the
functioning of all other smart card drivers and
smart card reader drivers.
Work around: Uninstall the eToken drivers to be
50
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
5232
4471
and
4472
About
drivers and
smart card
reader drivers.
Keyboard locks
on a Hewlett
Packard/Compaq
Evo N800c PC
when using a
USB mouse.
Aladdin eTokens.
Details
able to use any of the other installed drivers.
This issue has been resolved
If you use a USB mouse on a Hewlett
Packard/Compaq Evo N800c PC, moving the
mouse in the preboot logon dialog will lock the
keyboard.
Workaround: Disable mouse support in the EXC
menu.
This issue has been resolved in this release.
When registering an eToken, and selecting a
certificate, select “eToken user” under “Issued
to”. Do not select anything under “Issued to”
whose location is “Personal store”.
Changes and Corrections in 6.1.0
ID
5678
About
Authenticate to
PCMC
5601
Behavior of the
“Allow
Embedded Space
Characters”
setting in
preboot.
5596
Log entries in
Windows (PCMC)
are time stamped
with GMT time.
5520
In certain cases,
a mixed case
password is
required for
authentication.
Details
Authenticate to PCMC with a nonexistent user
account may crash the PC with a blue screen.
This issue has been resolved.
In preboot, the “Allow Embedded Space
Characters” setting takes on the opposite value
from that set in PCMC. So if “Allow Embedded
Space Characters” is enabled in the PCMC,
embedded space characters are not allowed in
passwords in preboot; if “Allow Embedded Space
Characters” is disabled in the PCMC, embedded
space characters are allowed in passwords in
preboot.
The “Allow Embedded Space Characters” setting
is found under Group/Account Settings Æ
Authentication Settings Æ Fixed Password.
This issue has been resolved.
Events logged in Windows, PCMC events, are
time stamped with Greenwich Mean Time (GMT)
regardless of which time zone you are in.
However, events from preboot are stamped with
the BIOS date and time, which is usually the local
time.
This issue has been resolved.
If you select “User Accounts” in the folder tree
under Local, the existing user accounts are
displayed in the right-hand pane of the Local
window. If you right click a user account in that
pane and select “Name and Authentication” to
change the password of that user account, you
must enter a password that contains both upperand lower-case letters for the password to be
accepted. If you enter a password that contains
51
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
5468
Must specify
which volumes
to protect when
using an
installation
profile based on
local settings.
Limitations in
Pointsec for PC’s
interoperability
with earlier
versions of PME.
5457
5448
5396
Need to disable
“Allow Special
Characters”
setting for Group
in order to
disable “Allow
Special
Characters” for
existing user
accounts.
Limitation when
using
Add/Remove
Programs to
remove Pointsec
for PC and
authenticating
with a dynamic
token.
5386
Autologon can
be inadvertently
disabled.
5254
EncryptionState
remains “1”
Details
only upper or only lower case letters, the “Invalid
Password” text will always be displayed, and you
will not be able to select “Next”.
This issue has been resolved.
When you create an installation profile that is
based on local settings, you must specify which
volumes you want to be protected. If you do not
specify which volumes are to be protected, the
installation will fail.
This issue has been resolved.
PME 2.3.x must be installed before Pointsec for
PC is installed. If you attempt to install PME after
Pointsec for PC has been installed, the
installation of PME will fail.
This issue has been resolved.
To disable the “Allow Special Characters” setting
for an existing user account, this setting must be
disabled for the Group the existing user account
belongs to. Disabling the “Allow Special
Characters” setting for individual existing user
accounts at the User Account level currently does
not work; it must be disabled at the Group level.
This issue has been resolved.
When uninstalling Pointsec for PC using
Windows Add/Remove Programs, authentication
of the second user account required for installing
fails if the user account verifies using a dynamic
token.
Work around: Use PCMC to redefine the second
user account as a fixed password account and
then proceed to uninstall using Add/Remove
Programs Another solution is to uninstall using
an uninstall profile that contains two dynamic
token user accounts.
This issue has been resolved.
On a machine with autologon enabled, each
successful logon to the PCMC disables autologon
on that machine.
Workaround: While in PCMC, go to Local, select
“Edit Settings” (make sure autologon is in fact
enabled) and click OK. Autologon will then be reenabled. But if someone logs on after setting
Autologon to enabled, autologon will again be
disabled; and then the setting must be enabled
again.
This issue has been resolved.
The value of EncryptionState remains “1” in spite
of the fact that encryption has completed
52
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
despite
successful
encryption.
4978
Fatal error
occurs during
recovery when
screen saver is
activated.
4859
Copy/paste does
not work when
creating a new
account
Not possible to
use remote help
when
uninstalling via
adding/remove
programs.
Windows icon
assigned to
silent installation
profiles in
Windows
Explorer.
4835
4687
4683
No warning when
folders are not
created.
4420
Limitation to
disabling log
transfer.
4316
Difficulties
recovering
selected volumes
Details
successfully. After encryption completes
successfully, the value should be set to “2”. The
values that EncryptionState can have are:
0 = Unencrypted
1 = Encrypting
2 = Encryption completed
That the value is never set to “2” is an error.
Work around: examine the central log file or the
local event viewer to check the status of the
encryption.
This issue has been resolved.
A fatal error occurs after recovery when screen
saver is activated in Windows.
Removal through Add/Remove programs should
be performed after deactivating the screen saver
or before the screensaver activates.
This issue has been resolved.
Pasting via mouse and keyboard is not currently
supported in password fields.
This issue has been resolved.
Release 6.0.1 of Pointsec for PC does not support
the use of remote help when uninstalling via
adding/remove programs.
This issue has been resolved.
Pointsec for PC does not set an icon for profiles
when they are viewed in a file explorer. Note,
however, that if you view your profiles in
Windows Explorer, Windows assigns silent
installation profiles the icon and file type for
Internet Communication Settings. Interactive
installation profiles, update profiles, and uninstall
profiles are not assigned this icon and file type.
This issue has been resolved.
When you are creating a profile and you specify
the Storage path and the Publish paths that do
not exist on the client, no warning is given that
these folders are not created.
This issue has been resolved.
The logs in Pointsec are transferred to the
windows Event viewer, but the possibility to
disable the log transfer (by choosing 0 in the
precheck.txt) before installing PS malfunctions.
This issue has been resolved.
It can be difficult to identify volumes when you
run the Recovery program because the volumes
are called, for example,
53
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
when running the
Recovery
program
4294
Unable to change
banner in
Installshield
dialogs
Details
"VOL_E034D92369D9F2FE".
Work around: recover all volumes rather than
selected volumes.
This issue has been resolved.
Minor malfunctioning in OEMVar feature.
1) Create the "OEMVar" folder in the root of the
PS installation folder. Replace "Banner.bmp",
"Lic_oem.rtf" and "Ssbg.bmp".
2) Add the files "Banner.jpg", "Desktop.jpg" and
"Scrsvr.jpg" to the root of the PS installation
folder.
3) Install PS.
The first dialogs of the installation are shown
correctly; in this case the banner and the license
agreement are replaced by the customized ones.
But the original Pointsec banner is redisplayed in
the last MSI-installation dialog window.
This issue has been resolved.
New in 6.1.0
The following new functionality and enhancements are included in Pointsec for PC 6.1.0:
•
Enhanced PPBE hardware interface, which now supports OHCI for MFAE Readers.
•
Support for multiple hard disks.
•
A new type of user account has been added, the Service user account. Service user
accounts must use Remote Help to gain access to the system the first time. After
access is granted via Remote Help, the service user can reboot the system and log
on without requiring Remote Help. When another user logs on, the service user
account is locked, and the service user will need Remote Help to log on again.
•
A new log export utility pslogexp.exe is now available.
•
Context-sensitive print functionality for PCMC tree node. This allows a user to right
click a node and print the information in that node and the sub-nodes under that
node. Clicking Print will print all nodes and sub-nodes and their information.
•
Under Local, the Pointsec for PC Management Console (PCMC) provides dynamic
status and configuration information, which includes: the encryption status by drive
and volume, the user status of local users (Locked Out / OK, Last Successful
Authentication, Last Failed Authentication, User Type, and Limited Logon Time
status: OFF / ON & Time), Wake On LAN (WOL) status, last configuration update,
last Update Profile processed, last recovery file created, last successful delivery of a
recovery file, last update of the log file, and the last successful delivery of the log file.
•
Pointsec for PC Preboot Environment now provides the ability for loadable modules
using USB bus interface to access their readers. This ability ensures the
interoperability with UHCI and OHCI controllers on the range of commercially
available PC Class hardware.
•
Users can now change credentials (password, dynamic token, and smart card) in the
Pointsec tray applet.
54
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
•
Extensive log export functionality that enables log content to be exported in the
following formats that support import into other management and data systems:
Comma Separated Values (CSV), Tab Separated Values (TSV or TXT), or XML. This
includes logs from Local Settings, or from a configuration set. Export can be done on
the basis of selectable criteria.
•
The Pointsec for PC installation program installs Pointsec Token Drivers and Reader
Drivers in the target Pointsec for PC machine.
•
User accounts can be locked in Local settings and profiles via the PCMC.
•
User-account information is displayed by selecting the user account icon in the tree.
•
Support for Novell Netware single sign on.
•
Support for Novell Netware password synchronization.
•
A new user account setting: minimum password age. If set, minimum password age
specifies the minimum number of days the password must exist before being
changed.
•
Multi-step authentication for the unlocking of recovery files. This enables the different
administrators to be in different locations and still unlock a recovery file.
•
After each boot operation Pointsec for PC provides a dump of important information
about the Pointsec for PC installation and status to the Pointsec for PC log. This
information is useful to support organizations that want detailed system status data
without direct access to the device but with updated log files available. The
information dump includes the following items: software version, host ID (computer
ID), volume status (encrypt/decrypt state), groups, and users with respect to their
groups, including user status (for example, LOCKED, EXPIRED, TempUser).
•
Improved log entries, for example, encrypt/decrypt processes are logged including
drive, volume, and encryption/decryption status.
•
Pointsec for PC log entries include information about changes to the configuration
and changes to local settings and to profiles. The information indicates what was
changed and who changed it.
•
Pointsec for PC log now includes information regarding the execution, and success or
failure, of the update profile execution operations that have been performed.
•
Pointsec for PC log includes information about Remote Help operations indicating
what was done and who executed it. Each entry combination has its own Log Entry
ID to differentiate between the type of Remote Help provided (One-Time Logon or
Remote Password Change) and its success or failure.
•
Pointsec for PC log includes information regarding the execution and success or
failure of upgrade operations performed.
•
Pointsec for PC log includes information regarding the execution and success or
failure of update operations that have been performed.
•
Pointsec branding is retained (with an “Encrypted by Pointsec” icon) in OEMVAR and
customer configuration.
•
Pointsec for PC Remote Help now supports alphanumeric challenge and response.
Changes and Corrections in 6.0.1
ID
5167
5115
About
Permissions
required
when
creating
recovery
floppy disk
“Full
Control”
Details
To create the recovery floppy disk, users must have both
"Create recovery media" and "uninstall" permissions.
The following is the scenario: an uninstall profile is
deployed to a client PC to uninstall Pointsec for PC 6.0
55
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
required
when
uninstalling
as a
Windows
Restricted
User
account.
5089
Wake on
LAN not
disabled
following
manual
logon.
Details
EW. The user is logged on in Windows (on the client) as a
Windows Restricted User. The uninstall profile is pulled
as it should be, and the user receives the "standard"
message that the PC has been decrypted and a reboot is
required to continue the uninstallation. The PC is
rebooted and, immediately after logging on to Windows
again, the following error message is issued: “Assertion
“len” failed:…” A few seconds after clicking "OK" a fatal
error occurs.
Work around: Before uninstallation, give the Windows
Restricted User account "Full control" to the following
Windows registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon.
Note that running the Pointsec Service Start as a local
administrator will not solve the problem.
Wake on LAN is enabled as long as the maximum
number of logons or the expiration date has not been
reached.
New in 6.0.1
•
•
Improved localization: translations into more than 20 languages are available in this
release, and keyboard layout switching allows a larger range of characters to be input
during pre-boot authentication.
The Pointsec multi-factor authentication engine enables pre-boot authentication via smart
cards and USB tokens.
•
General availability of hibernation for all supported operating systems and hard disk
types.
•
A new user account architecture. Accounts are organized into groups that can be
managed freely by administrators. Pointsec for PC ensures that an individual user account
setting does not violate the security policies mandated by the group that it belongs to.
A new PC Management Console (PCMC) for configuration and administration tasks. This
console provides a structured view of the configuration in an interface that is consistent
with the Microsoft Management Console look and feel. The new solution is expected to
significantly reduce the learning time for administrators who are accustomed to the
Microsoft management model.
A 32-bit pre-boot environment. The move to a 32-bit environment facilitates mouse
support, high-fidelity graphics, support for multiple display and input languages, and the
multi-factor authentication engine described above.
Support for Unicode characters in user account names and passwords.
•
•
•
Changes and Corrections in 6.0.0
ID
5177
About
Users
without
proper
permission
can remove
user
Details
User accounts without the P4PC 6.0 EW privileged
permission "Remove User Accounts" are allowed to
remove user accounts. This occurs if you set this
permission on group or user level in PCMC.
56
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
5167
5115
5094
5089
4978
4316
and
4298
About
accounts.
Permissions
required
when
creating
recovery
floppy disk
“Full
Control”
required
when
uninstalling
as a
Windows
Restricted
User
account.
Pointsec
driver errors
formatted
incorrectly
in Event
viewer
Wake on
LAN not
disabled
following
manual
logon.
Fatal error
occurs
during
recovery
when screen
saver is
activated.
Difficulties
recovering
selected
volumes
when
running the
Recovery
Details
To create the recovery floppy disk, users must have both
"Create recovery media" and "uninstall" permissions.
The following is the problem scenario: an uninstall
profile is deployed to a client PC to uninstall Pointsec for
PC 6.0 EW. The user is logged on in Windows (on the
client) as a Windows Restricted User. The uninstall
profile is pulled as it should be, and the user receives the
"standard" message that the PC has been decrypted and
a reboot is required to continue the uninstallation. The
PC is rebooted and, immediately after logging on to
Windows again, the following error message is issued:
“Assertion “len” failed:…” A few seconds after clicking
"OK" a fatal error occurs.
Work around: Before uninstallation, give the Windows
Restricted User account "Full control" to the following
Windows registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon.
Note that running the Pointsec Service Start as a local
administrator will not solve the problem.
Driver errors are listed in the Event viewer. The errors
come in pairs in the log. These log events are normal, but
they are formatted incorrectly.
Wake on LAN is enabled as long as the maximum
number of logons or the expiration date has not been
reached.
A fatal error occurs after recovery when screen saver is
activated in Windows.
Removal through Add/Remove programs should be
performed after deactivating the screen saver or before
the screensaver activates.
It can be difficult to identify volumes when you run the
Recovery program because the volumes are called, for
example, "VOL_E034D92369D9F2FE". Similarly, if you
lose mouse functionality when running the recovery
program individual volumes cannot be selected.
Work around: recover all volumes rather than selected
volumes.
57
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
program
Details
New in 6.0.0
•
•
•
A new PC Management Console (PCMC) for configuration and administration tasks.
This console not only looks fresher than our existing console, it is organized around
the Microsoft Management Console look and feel so any administrator who is used to
operating in a Microsoft admin environment will be able to quickly get up the learning
curve on Pointsec.
An advanced pre-boot graphics environment.
Significant improvements have been made here in the form of mouse support,
improved graphics that you will see in startup and login screens, and multi-language
support that streamlines our ability to localize the product for different countries
around the world. The product will support many more languages out-of-the-box.
Support for Unicode characters in user account names and passwords.
Characters on Pointsec for PC-supported keyboard layouts broaden the range of
characters that can be used in user account names and passwords. See the
Administrator’s Guide for details on the keyboards (locale codes) that are supported.
Pointsec for PC 5
Changes and Corrections in 5.2.2
ID
4900
About
Support
encryption of
AHCI-enabled
SATA hard drive
systems.
Details
Earlier versions of Pointsec 5.2 froze while loading
Windows XP if AHCI was enabled in the BIOS
settings on AHCI-enabled systems that have SATA
hard drives. This issue has been resolved.
Note: Pointsec still does not support hibernation on
AHCI-enabled systems. If AHCI is detected in the
registry, Pointsec disables hibernation. To force the
system to hibernate anyway you can set the
following registry
key=HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec
Mobile Tech\Pointsec\ForceHiber=1
4902
Earlier versions
of Pointsec
could crash
during
hibernation.
The 5.2 version
of Pointsec
could issue a
general
protection fault
if you pressed
ctrl-alt-del while
in the preboot
logon
environment.
The 5.2 version
of Pointsec
This issue has been resolved.
4903
4904
This issue has been resolved.
This issue has been resolved.
58
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
4905
About
could hang
during a chkdsk
/r.
Erroneous
preboot text in
Spanish
translation
corrected.
Details
This issue has been resolved.
Changes and Corrections in 5.2.
ID
3323
About
Removing with an
uninstall profile
3252
Failed system
launch on systems
with multiple
partitions / volumes
and first partition is
hidden system
support partition /
volume
Graphics problem
when providing
Remote Help.
2261
1764
1762
1758
1740
Details
Previously, when removing Pointsec for PC
using an uninstall profile, the administrator had
to ensure that the profile was only distributed
to workstations that were running the version
he or she wanted to remove. Otherwise, the
uninstall profile may have removed the wrong
version.
This issue has been resolved.
In the case where the system was installed with
multiple partitions/volumes and the hidden
system support partition was the first
partition/volume, the failure to encrypt/bootprotected all un-hidden volumes could
previously result in a failed system launch.
This issue has been resolved.
During a Remote Help procedure, at the
Verifying Integrity stage, the computer screen
may appear to cease functioning.
This issue has been resolved.
Updating Software
When updating from previous releases of
– Smart Card User
Pointsec for PC, smart card users are not be
Accounts
able to log-in because their smart cards need to
be reinitiated.
This issue has been resolved.
Log Can Cause a
The internal log function, under certain
Computer to
circumstances, may cause the PC to become
Become Unstable
unstable and return: KMODE_EXCEPTION_NOT
_HANDLED.
This issue has been resolved.
Authentication/User When Single Sign-On (SSO) is temporarily
Identification
disabled in Pre-Boot Authentication login
mode, the first authentication attempt will fail
when being authenticated using a Pointsec for
PC user account with a dynamic password.
This issue has been resolved.
Open Log button
Given that all users have Open Log privileges,
not available
(on the Privileges-tab under System Settings) 59
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
ID
About
Details
when users and administrators with limited
authority log on, the Open Log button is not
available, nor is it available from the drop down
menu.
This issue has been resolved.
Changes and Corrections in 5.1.3
ID
N/A
3591
3639
About
Installing EPSL
versions
Issue with local
user accounts.
Details
The problem installing EPSL versions with AES
has been corrected.
Previously, local user accounts needed local
system administrator permissions for an update
profile to be correctly deployed. This has been
corrected.
Note When adding Pointsec user accounts using
an update profile you must set a password for
each account included in the profile. Only
accounts with passwords will be added.
Changes and Corrections in 5.1.2
ID
3591
About
Issue with local
user accounts.
Details
Local user accounts needed local system
administrator permissions for an update profile
to be correctly deployed.
This has been corrected.
Note When adding Pointsec user accounts using
an update profile you must set a password for
each account included in the profile. Only
accounts with passwords will be added.
New in 5.1.1
Alternative media for Pointsec for PC recovery –
Recovery operations using CD-ROM, USB memory, or floppy disks. The following machine
types have successfully booted from USB recovery disks:
•
IBM T42
•
IBM T42 (Fingerprint reader)
•
Dell Latitude D400
•
Dell Latitude D505
•
Dell 370
•
HP/Compaq D230MT
•
HP/Compaq Nx7010
Other machines may also work.
The following machines have failed to boot from USB recovery disks:
•
Acer Ferrari 3200
•
IBM T20
•
IBM T21
60
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
•
Interaq (
•
HP/Compaq Deskpro workstation D30
•
HP/Compaq 1015v
•
HP/Compaq Armada M700
•
HP/Compaq dx2000M
•
HP/Compaq Deskpro EP
Support IBM Rescue & Recovery Ultra (RRU) installation on client system
Pointsec installer support
“Re-Installation” operation to existing system where C:\ (Root) volume was re-imaged, but
other volumes with encrypted data exist, without loss of the existing encrypted volumes.
Provided that the installation profile used has same (most) users configured with same
credentials.
Implementation of “RecoverServiceUser” concept
Users with “RecoverServiceUser” suffix in user name are added to recovery media, even if
the account is locked.
Support for additional characters (symbols) in Pointsec user name
Pointsec Username now supports the following characters: “-“ [dash], “_” [underscore], “@” [at
symbol], “ ” [space], and “.” [period] characters.
Changes and Corrections in 5.1.1
ID
N/A
N/A
N/A
About
EPSL
installation
OEM support
Incompatibility
2785
IBM MBR
Details
The EPSL installation problem has been
corrected.
OEMVAR feature is completed
Fixed hardware incompatibility with HP-Compaq
D51S, HP-Compaq nx9110 and Dell Insprion 8000.
A previous issue has been fixed.
Changes and Corrections in 5.1
ID
N/A
2893
2873
2272
2253,
2254
About
Operating
systems
supported
Problems
upgrading EPL
installations
No Pointsec for
PC entry in
Windows
Add/Remove
Programs
Problem when
importing a
profile.
Problems when
booting with
USB memory
sticks inserted.
Details
This release is only supported on workstations
running Windows 2000 or Windows XP (SP1 and
SP2).
These issues have been corrected.
Pointsec for PC is now listed in the Add/Remove
Programs list.
There was a possible problem due to
incompatibility when importing a profile. This
problem has been solved.
These problems were related to one specific
workstation and were never reproduced on any
other workstation.
These issues are now considered closed.
61
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
New in 5.0
•
Support for multi-processor and hyper-threading systems
•
Microsoft Installer (MSI) based installation package
•
Upgrade support for previous versions of Pointsec for PC 4.1 and 4.2
•
Single product for all encryption methods supported, instead of two separate product
versions
•
Improved Pre-Boot Authentication memory handling for better hardware support and
future enhancement
•
Support for IBM Rescue & Recovery Master Boot Record (MBR), delivered with all
IBM systems as of this year
•
Improved password synchronization operation
Changes and Corrections in 5.0
•
Serial numbers – a company can update Pointsec for PC to this release using their
old 4.X serial number.
62
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Pointsec for PC 4.1 Releases
Changes and Corrections in 4.1 SR 2.19.1
• The Administrator’s Guide no longer contains documentation regarding removing Pointsec
for PC manually. This documentation is available internally now. Contact the
documentation department for more information.
• How Pointsec for PC handled the last user login in the WOL state was fixed.
• The problem with view log privileges was fixed.
• An issue when updating software from 4.2 SR 1.8 was resolved.
• It became possible to add up to four search paths to the recovery folders in installation
profiles.
• Users with normal PowerUser access rights in Windows are now able to get update
profiles.
• The Password tab is no longer missing from the Add User dialog box in Pointsec Admin.
• An issue with SSO was fixed and SSO now cleans up entirely after execution.
• WOL now works correctly when search path and “allow windows login” are set.
Changes and Corrections in 4.1 SR 2.19
Using periods/full stops in user and group account names became possible in this release.
Changes and Corrections in 4.1 SR 2.18
•
•
•
•
•
•
•
•
Issue with USB memory – The issue with USB memory was corrected.
Pointsec Admin – A problem, which occurred when starting Pointsec Admin, was solved.
A compatibility issue with profiles created in the previous 3 service releases was resolved.
Suspected h/w incompatibility with IBM R31 was a BIOS problem. Ensure you have the
latest BIOS available installed.
Remote Help – A problem if incorrectly entering a user name was solved.
Installing on local drive Z is now possible.
Pointsec for PC Icons in Taskbar – the issue has been corrected.
Single Sign-On
An issue with changing passwords was corrected.
Members of a Novell or Microsoft network with Pointsec for PC Single Sign-On no longer
have to log-in to both accounts twice before SSO becomes fully functional.
Changing screen resolution no longer disables SSO.
• Update Profiles
Update profiles now import correctly via Pointsec for PC when Pointsec for PC is installed
on a Windows 2000 computer that does not have the drive letters labeled in alphabetical
order.
Computers that have a zip drive with disk ID 0 now import profiles correctly.
• Enhanced software update
Software update performance has been enhanced and updates now complete faster.
63
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections in 4.1 SR 2.17b
• The language loading issue with Pssogina.dll solved.
• The problem with install.exe was corrected. Note, this fix is not supported on systems
running Windows 9x.
New Functionality in 4.1 SR 2.17
• New temporary lockout settings
• New SSO setting
Changes and Corrections in 4.1 SR 2.17
• Viewing and size of central log files
Only logs from the same installation are listed.
30,000 byte limit removed. The memory needed is allocated.
New Functionality in 4.1 SR 2.16
• New Pointsec Service
• Synchronizing Windows and Pointsec Passwords
• Integration of Pointsec File Encryption and Pointsec for PC
Changes and Corrections in 4.1 SR 2.16FT
• WOL User Locked-out
You cannot extend authority after a WakeOnLAN start without being locked out after a
short period. This is now documented as a condition of using WOL functionality.
• Remote Help
Compatibility issues in Remote Help are now handled.
New Functionality in 4.1 SR 2.15
• New WOL Setting
A new WOL setting, Allow Windows logon, has been added. See the Administrator’s Guide
for more information.
• Smart Card Authentication Supports Domain Authentication (ID 738)
Re-authenticating to Windows (with password) in lock screen is now possible for smart
card users.
Changes and Corrections in 4.1 SR 2.15
• Updating Serial Numbers Using Profiles (ID 736)
Previous possible problems updating serial numbers using profiles have been corrected.
• Keyboard Handling (IDs 472, 740)
Keyboard issues have been fixed.
• Tracking Install.exe (ID 734)
You can now review the install.exe process to see when the installation is finished (e.g.
silent install to track when a reboot is needed).
• Installing with Slovakian License Number (ID 735)
Previous problems when installing with a Slovakian license number have been resolved.
• Log Problem Solved (ID 739)
A problem associated with the length of lines in the log has been resolved.
64
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
New Functionality in 4.1 SR 2.14
• Converting webRH Profiles for Use at EPL Installations
• Stricter Control over Change System Settings Authority
Changes and Corrections in 4.1 SR 2.14
• Starting an Approved Software Update
In some cases, when updating from 4.2 SR 1.3, approved software updates did not always
start to run because of settings in the user policy. This has now been corrected.
• Navigating in the Uninstall Dialog Box
Previously, it was not possible to use the mouse to navigate in Uninstall dialog box fields.
This has been corrected.
• Unlocking Screensaver as System Administrator
Windows 98 – Previously, it was not possible to unlock a screensaver as system
administrator even if that option had been set. This has been corrected.
• User Password Requirement and Profiles
Previously, it was not possible to create a profile when logged on using a user account that
had the password requirement ‘Upper and lower case’. This has been corrected.
Changes and Corrections Made in Release 4.1 SR 2.1
• SSO and Forced Password Change
Previously, when NT forced a change of password, Single Sign On (SSO) did not work
again until after you deselected the SSO option, rebooted, selected SSO and then
rebooted again. This has now been corrected.
• Spanish-Mexican Keyboard Layout
The issue with unwanted characters shown when using Spanish-Mexican keyboard layout
corrected.
• Installing Pointsec on System Drives with Unit Letter Other than C
• It is now possible to install Pointsec on system drives that have unit letter other than those
named C. Files Removed
The following files that were included in previous versions of Pointsec are no longer
included: ACSMC.dll, P95Serv.exe, SetupSSO.exe
• Changing User Names in 16-bit Mode
A correction has been made for when a user name is changed in 16-bit login. SSO
settings were shown incorrectly for a new user. SSO was not active even if setting was
shown. This has now been corrected.
• The Tray Program
A correction has been made for how the tray program checks for files. This corrects issues
with Norton Antivirus.
A correction has been made to the tray program regarding CPU usage. Pointsec´s tray
icon did not release CPU after having started other Pointsec programs internally. This is
now corrected.
Encryption status in the tray could show an incorrect value if more than 23 GB was
encrypted. This has now been corrected.
• Upper- and Lowercase Letters in User Name Fields
The Pointsec login screen now displays upper- and lowercase letters in the user name
field.
• Corrections to the Pointsec Driver
The following issues have been corrected:
Plug-and-play issues
ZIP drive lost
Encryption stopping on NT after 3 volumes
System failures occurring due to incorrect handling of IO requests
65
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• The Pointsec Readme File
The Readme file is now read from the root of the installation folder. This makes
translations easier to implement.
• Updating Profile Passwords
The update profile password issue has been corrected.
• Upgrading
The check for versions before upgrade starts has been improved.
Changes and Corrections Made in Release 4.1 SR 2.0.4
• Interrupted Login of Temporary User
Interrupting a logon with a temporary user on a system with multiple volumes could cause
the encryption process and user access to partitions to not work correctly. This is now
corrected.
• MO Drives
The issue with MO drives has been corrected.
Changes and Corrections Made in Release 4.1 SR 2.0.3
• Bad Sectors
Pointsec normally handles bad sectors. However, in previous versions of Pointsec, if a
disk contained many bad sectors, the encryption could stop without giving any notice to
the user about this. Pointsec now informs the user with an information dialog if this
scenario occurs and also creates a log entry.
• Boot Time on Windows XP
The issue with increased boot time for Windows XP systems when Pointsec was installed
is corrected.
Changes and Corrections Made in Release 4.1 SR 2.0.1
• Encryption Process and Heavy Workloads
Issue with encryption not starting due to service startup failure on machines with a heavy
workload during startup corrected.
Changes and Corrections Made in Release 4.1
• Windows XP Restore Points
Better handling of Windows XP restore points implemented.
• Single Sign On and Novell clients
Single Sign On improvements in regard to Novell clients with synchronized passwords.
Changes and Corrections Made in Patch 4.0 SR 4.1
• Change path for update profiles during patch - Correction
If a fifth path was added in the “path.txt” file Pointsec administration would cause an illegal
action in the OS. This is now handled, if a fifth path is added it will be ignored.
Changes and Corrections Made in 4.0 SR 4.1
• LS120 drive correction
Machines with LS120 drives would blue screen when the LS120 drive was accessed. This
is now corrected.
Changes and Corrections Made in 4.0 SR 4
• Screensaver corrections
The “Allow windows screensaver”-function did not work properly on upgraded systems.
This is now corrected.
• SSO function improvements
Pointsec SSO handling of third party GINAs is improved.
66
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• SetupSSO.exe
SetupSSO.exe included on the install CD and replaces program SSOReg.exe
Changes and Corrections Made in Patch 4.0 SR 4
• Change path for update profiles during patch.
New functionality added to enable change of path for update profiles during patch process.
See Pointsec 4.1 SR 2.1 Addendum for more information regarding this feature.
Changes and Corrections Made in 4.0 SR 3.5
• Cisco Aironet and Cisco VPN support implemented
Support for Cisco Aironet and Cisco VPN implemented.
Please refer to Release notes for more information.
• Allow Windows screensaver function corrected
There was an error in previous versions that caused Pointsec screensaver to be used
even if the setting “Allow window screensaver” was set. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.4
• Temporary users and multiple volumes
Temporary users, with access to multiple volumes were only granted access to C: volume
after password change. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.3
• Pointsec Event Viewer corrected
Pointsec Event viewer could show computer names incorrectly. This is now
corrected.
• Novell username missing
The username of the logged on user was not presented in the Novell login window when
unlocking the workstation. This is now corrected.
Changes and Corrections Made in Patch 4.0 SR 3.3
• Smart card user and rollback
Smart card components prevented rollback to function correctly. This is now corrected.
• Remote help during upgrade process
It was not possible to provide remote help during the upgrade process. This is now
corrected.
Remote help will function as One-time-login during upgrade process.
• Expiring passwords during upgrade
If a password would expire during the upgrade process the user would not be able to gain
access to the machine. This is now fixed; passwords will not expire during the upgrade
process.
Changes and Corrections Made in 4.0 SR 3.2
• Missing search path to recovery file
If no search path to recovery file was set on the local system this prevented update profiles
to be imported. This is now corrected.
• Esc-key caused search paths in profile to be removed
Using the Esc-key to navigate in the Profile settings window could under certain conditions
cause the search path to Update profiles and Software update to be removed from the
profile.
67
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections Made in Patch 4.0 SR3.1
• Conversion of profiles
License number used is now automatically reflected in profiles after conversion to 4.0
format.
• License number
The destination and compatible license numbers may now contain hexadecimal digits in
the second field.
• Deadlocks
The upgrade could sometimes cause a deadlock during startup of Windows 2000 or NT.
• Installation problems
The upgrade was sensitive if there were errors encountered during the upgrade. It could
back out without any obvious cause, sometimes without informing about the situation. The
upgrade is now much less sensitive to interruptions and there is always information in the
log file if the upgrade backs out.
• Forced patch backout
If the upgrade is entering an impossible state and never completes, there is a possibility to
force a backout. This is made by creating the file ”C:\PATCH_COMMAND_BACKOUT”
without extension and then rebooting the machine.
• Programs could be started before the patch was completed
It was possible to start the admin program and also the uninstall program before the patch
was completed.
This could sometimes cause strange behavior or strange information to be displayed.
• Language in screen saver text corrected
The screen saver text is now installed in the correct language.
• Uninstallation could leave programs and/or registry items
The programs PROT_SRV.EXE, PAGENTS.EXE and the driver PROT_??.SYS could
sometimes be left after uninstallation. This is now fixed.
• Converting silent 3.1 SR 1 installation profiles
A silent profile created in Protect 3.1 SR 1 became interactive when converted into 4.0
format. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.1
• Improved internal queue management
The queue management of internal program communications has been improved.
• Correction of Blue Screen 0X040014422
The problem with the blue screen 0x04001422 is fixed. This was caused when Windows
NT reported a second hard disk that was disabled at start-up, which was actually a
removable disk, i.e. Jaz, Zip that was not available.
• Correction of Screen saver activation in Windows 2000
In SR 3 there was a problem when activating the screen saver using the Pointsec tray
icon. This sometimes caused the
PC to stop when shutting down and sometimes it was impossible to reactivate the screen
saver.
Those problems are now fixed.
Changes and Corrections Made in 4.0 SR 3
• Support for the PKCS11 standard is implemented
The PKCS11 standard is now supported when using smart card authentication together
with Pointsec.
• Support for Telia ID is implemented
In version 4.0 SR 3 support for the Telia ID smart card is implemented.
• Wildcards” in Event Viewer
The use of “wildcards” in Event Viewer is now supported.
68
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• Pre-check functionality extended
The pre-check functionality is extended to detect unusual system configurations and abort
installation of Pointsec.
Please contact Pointsec support for latest documentation regarding pre-check.
• Problem with internal zip drives corrected
In versions prior to 4.0 SR 3 there was a problem with the handling of internal zip drives.
This is now corrected.
• User settings for allowing windows screensaver
In versions prior to 4.0 SR 3 the user settings for windows screensaver did not work
correctly. This is now corrected.
Changes and Corrections Made in 4.0 SR 2.3
• Novell integration error corrected
Under certain circumstances the Novell login window would lose the username and
password fields after Pointsec installation. This is now corrected.
• Novell client version requirements changed
Installation check now accepts Novell client version 4.70.
Changes and Corrections Made in 4.0 SR 2.2
• Transfer to central log
To reduce network traffic the routines that control transfer from local log to central log has
changed. Events that occur frequently and usually not considered important will not trigger
a transfer to central log; events that are considered important and do not occur very
frequently will trigger a transfer of logged events.
• Novell client version checked during installation
In version 4.0 SR 2.1 the installation check of Novell clients would abort installation of
Pointsec if the Novell client installed on the system did not support Pointsec Single SignOn (SSO). This feature is now changed. If the installation check detects a Novell client on
the system that does not meet the Pointsec requirements Pointsec will still install, but
some components will not be installed. It will not be possible to enable SSO on those
machines.
Error log files for each machine that has not had all the components installed due to this
installation check of Novell clients will be created in the installation directory.
The required Novell clients are:
Win200 and WinNT:
Novell 4.70
Win95, Win98 and WinME:
Novell 3.30
• Single Sign-On (SSO) changes
Checkbox “Record new credentials” is only shown after a temporary login with SSO
disabled.
• Tray program - NT
It is now possible to activate Lock-Workstation via the Pointsec tray program on systems
running NT
Changes and Corrections Made in 4.0 SR 2.1
• Novell login loop corrected
Pointsec 4.0 SR 2 installed on a machine that contains the Novell client would loop in the
Novell login if a recovery were performed on the machine. This is now corrected.
Changes and Correction in 4.0 SR 1 and SR 2
• Temporary users on machines using hardware profiles
It was not possible to choose hardware profiles when logging on with a temporary user.
• Slovakian language
Handling of errors, caused by selecting Slovakian language in the Pointsec administration
program.
69
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• ActivCard 1.2 with Microsoft network login module installed
Network resources and domain login were lost when installing Pointsec 4.0 on
Win98/Win95/WinME, and if ActivCard 1.2 or 1.3 were previously installed with the
Microsoft network login module.
• Handling of limited permissions on root folder
When the root folder was set up with limited permissions, a problem occurred with the
creation of recovery files.
• -2 message
Less notification when working off-line, -2 message
• User with “upper case and lower case letters” password rule set
A user that had the password rule “upper case and lower case letters” set could not create
update profiles.
• Handling of unknown-unformatted partitions
There was a problem with installing Pointsec on machines that contained an unknown and
unformatted volume placed before the boot volume on the disk.
Initializing smart cards at next login on NT machines
It was not possible to initialize a smart card at next login on NT machines. This is now
partially fixed; see known issues regarding this fix.
• Adjacent volumes
A problem could occur if Pointsec was installed on a machine with adjacent volumes. A
system failure error message 4004D023 would be displayed. This kind of volume layout is
now handled.
• Profile import procedure
If a profile had been changed on an odd second the profile would be imported over and
over again by the system. This has now been corrected.
• Handling of missing Registry entry
If the registry key of a device is missing the “class” key value, the Pointsec installation
might not work properly and could cause a system failure error message “Inaccessible
boot device”. This has now been corrected.
• Event Viewer and Search User Utilities
In 4.0 SR 1 the utilities Event viewer and Search did not handle UNC search paths. This is
now corrected.
Features Introduced in Pointsec 4.0
• Windows NT/2000 log integration
Integration with the NT/2000 log is implemented with new event codes.
• Support for Microsoft Windows 2000
Pointsec now fully supports Windows 2000 except dynamic disks.
• Single Sign On (SSO)
Pointsec 4.0 offers SSO for Microsoft, Novell and Entrust clients.
• Multiple search path
Multiple search paths for update profiles, software updates and recovery files are
implemented in Pointsec 4.0.
• Uninstallation profiles
It is now possible to uninstall Pointsec 4.0 by means of an uninstallation profile.
• Event viewer utility
Pointsec 4.0 offers the possibility to view logs from a central location. This feature is only
available to Pointsec administrators and system administrators.
• Search user utility
It is possible to search recovery files stored on a central location for specific users on the
computers.
• Smart Card support
Pointsec supports the use of Smart Cards for authentication. ActivCard and Telia ID
support is implemented as well as the PKCS11 standard.
70
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• Entrust Integration
Pointsec 4.0 features a Single Sign-On and revocation check functionality to Entrust.
• Handling of incorrect BIOS disk information
User option to correct incorrect disk information from BIOS.
Pointsec for PC 4.2 Releases
Changes and Corrections in 4.2 SR 1.8
• Issue with USB memory
The issue with USB memory was corrected.
• Pointsec Admin
A problem, which occurred when starting Pointsec Admin, was solved.
• Compatibility
There was a compatibility issue with profiles created in the previous 3 service releases.
This was resolved.
• Suspected hardware incompatibility with IBM R31
This was a BIOS problem. Ensure you have the latest BIOS available installed.
• Remote Help
A problem with Remote Help when incorrectly entering a user name was solved.
• Enhanced software update
Software updates performance was enhanced and updates now complete faster. When
running a Pointsec for PC software update on a computer, the update will succeed even if
Ppupdate.log cannot immediately be stored centrally. Ppupdate.log will be stored centrally
when the PC rejoins the network.
Ppupdate.log is now stored in the Pointsec program directory, not in the root.
See Logging During Software Update in the Administrator’s Guide for more information.
Changes and Corrections in 4.2 SR 1.7b
• The language loading issue with Pssogina.dll was solved.
• The problem with install.exe was corrected. Note, this fix is not supported on systems
running Windows 9x.
New Functionality in 4.2 SR 1.7
• New temporary lockout settings
• New SSO setting
Changes and Corrections in 4.2 SR 1.7
• Viewing and size of central log files
Only logs from the same installation are listed.
30,000 byte limit removed. The memory needed is allocated.
New Functionality in 4.2 SR 1.6
• New Pointsec Service
• Synchronizing Windows and Pointsec Passwords
• Integration of Pointsec File Encryption and Pointsec for PC
Changes and Corrections in 4.2 SR 1.6FT
• WOL User Locked-out
You cannot extend authority after a WakeOnLAN start without being locked out after a
short period. This is now documented as a condition of using WOL functionality.
71
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• Remote Help
Compatibility issues in Remote Help are now handled.
New Functionality in 4.2 SR1.5
• New WOL Setting
A new WOL setting, Allow Windows logon, has been added. See the Administrator’s Guide
for more information.
• Smart Card Authentication Supports Domain Authentication (ID 738)
Re-authenticating to Windows (with password) in lock screen is now possible for smart
card users.
Changes and Corrections in 4.2 SR 1.5
• Updating Serial Numbers Using Profiles (ID 736)
Previous possible problems updating serial numbers using profiles have been corrected.
• Keyboard Handling (IDs 472, 740)
Keyboard issues have been fixed.
• Tracking Install.exe (ID 734)
You can now review the install.exe process to see when the installation is finished (e.g.
silent install to track when a reboot is needed).
• Installing with Slovakian License Number (ID 735)
Previous problems when installing with a Slovakian license number have been resolved.
• Log Problem Solved (ID 739)
A problem associated with the length of lines in the log has been resolved.
New Functionality in 4.2 SR 1.4
• Converting webRH Profiles for Use at EPL Installations
• Stricter Control over Change System Settings Authority
Changes and Corrections in 4.2 SR 1.4 build 193
• Special Characters and Scan Codes
Due to incorrect scan code use after upgrading to 4.2 SR 1.4, users with special
characters in their passwords could experience problems when logging in. This is
corrected.
Changes and Corrections in 4.2 SR 1.4
• Starting an Approved Software Update
In some cases, when updating from 4.2 SR 1.3, approved software updates did not always
start to run because of settings in the user policy. This is corrected.
• Navigating in the Uninstall Dialog Box
Previously, it was not possible to use the mouse to navigate in Uninstall dialog box fields.
This is corrected.
• Unlocking Screensaver as System Administrator
Windows 98 – Previously, it was not possible to unlock a screensaver as system
administrator even if that option had been set. This is corrected.
• User Password Requirement and Profiles
Previously, it was not possible to create a profile when logged on using a user account that
had the password requirement ‘Upper and lower case’. This is corrected.
Changes and Corrections Made in Release 4.2 SR1.3
• Support for French and Spanish
• Changing Languages
The language used in the Admin and tray programs and the 16-bit login dialog box
• Advanced Repair Options were moved To access the advanced repair options, press [F8]
72
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
when the system boots from the recovery disk
• Keyboard Scancode Check Changed
• On-line Help moved to Help directory
• Maintenance Accounts fixed
Changes and Corrections Made in Release 4.2 SR1.1
• WOL
Improvements have been made to WakeOnLAN function to handle third party GINAs as
the active GINA.
• Works-folder Functionality
Updates will now be imported even when the user is not logged-in to the system.
Changes and Corrections Made in Release 4.2 SR 1
• SSO and Forced Password Change
Previously, when NT forced a change of password, Single Sign On (SSO) did not work
again until after you deselected the SSO option, rebooted, selected SSO and then
rebooted again. This has now been corrected.
• Spanish-Mexican Keyboard Layout
The issue with unwanted characters shown when using Spanish-Mexican keyboard layout
corrected.
• Installing Pointsec for PC on System Drives with Unit Letter Other than C
It is now possible to install Pointsec for PC on system drives that have unit letter other than
those named C.
• Files Removed
The following files that were included in previous versions of Pointsec for PC are no longer
included: ACSMC.dll, P95Serv.exe, SetupSSO.exe
• Changing User Names in 16-bit Mode
A correction has been made for when a user name is changed in 16-bit login. SSO
settings were shown incorrectly for a new user. SSO was not active even if setting was
shown. This has now been corrected.
• The Tray Program
A correction has been made for how the tray program checks for files. This corrects issues
with Norton Antivirus.
A correction has been made to the tray program regarding CPU usage. Pointsec for PC´s
tray icon did not release CPU after having started other Pointsec for PC programs
internally. This is now corrected.
Encryption status in the tray could show an incorrect value if more than 23 GB was
encrypted. This has now been corrected.
• Upper- and Lowercase Letters in User Name Fields
The Pointsec for PC login screen now displays upper- and lowercase letters in the user
name field.
• Corrections to the Pointsec for PC Driver
The following issues have been corrected:
Plug-and-play issues
ZIP drive lost
Encryption stopping on NT after 3 volumes
System failures occurring due to incorrect handling of IO requests
• The Pointsec for PC Readme File
The Readme file is now read from the root of the installation folder. This makes
translations easier to implement.
• Updating Profile Passwords
The update profile password issue has been corrected.
• Upgrading
The check for versions before upgrade starts has been improved.
73
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections Made in Release 4.2 SR 0.4
• Interrupted Login of Temporary User
Interrupting a logon with a temporary user on a system with multiple volumes could cause
the encryption process and user access to partitions to not work correctly. This is now
corrected.
• MO Drives
The issue with MO drives has been corrected.
Changes and Corrections Made in Release 4.2 SR 0.3
• Bad Sectors
Pointsec for PC normally handles bad sectors. However, in previous versions of Pointsec
for PC, if a disk contained many bad sectors, the encryption could stop without giving any
notice to the user about this. Pointsec for PC now informs the user with an information
dialog if this scenario occurs and also creates a log entry.
• Boot Time on Windows XP
The issue with increased boot time for Windows XP systems when Pointsec for PC was
installed is corrected.
Changes and Corrections Made in Release 4.2 SR 0.1
• Encryption Process and Heavy Workloads
Issue with encryption not starting due to service startup failure on machines with a heavy
workload during startup corrected.
Changes and Corrections Made in Release 4.2
• Windows XP Restore Points
Better handling of Windows XP restore points implemented.
• Single Sign On and Novell clients
Single Sign On improvements in regard to Novell clients with synchronized passwords.
Changes and Corrections Made in Patch 4.0 SR 4.1
• Change path for update profiles during patch - Correction
If a fifth path was added in the “path.txt” file Pointsec administration would cause an illegal
action in the OS. This is now handled, if a fifth path is added it will be ignored.
Changes and Corrections Made in 4.0 SR 4.1
• LS120 drive correction
Machines with LS120 drives would blue screen when the LS120 drive was accessed. This
is now corrected.
Changes and Corrections Made in 4.0 SR 4
• Screensaver corrections
The “Allow windows screensaver”-function did not work properly on upgraded systems.
This is now corrected.
• SSO function improvements
Pointsec for PC SSO handling of third party GINAs is improved.
• SetupSSO.exe
SetupSSO.exe included on the install CD and replaces program SSOReg.exe
Changes and Corrections Made in Patch 4.0 SR 4
• Change path for update profiles during patch.
New functionality added to enable change of path for update profiles during patch process.
See Pointsec for PC 4.2 SR 1 Addendum for more information regarding this feature.
74
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections Made in 4.0 SR 3.5
• Cisco Aironet and Cisco VPN support implemented
Support for Cisco Aironet and Cisco VPN implemented.
Please refer to Release notes for more information.
• Allow Windows screensaver function corrected
There was an error in previous versions that caused Pointsec for PC screensaver to be
used even if the setting “Allow window screensaver” was set. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.4
• Temporary users and multiple volumes
Temporary users, with access to multiple volumes were only granted access to C: volume
after password change. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.3
• Pointsec for PC Event Viewer corrected
Pointsec for PC Event viewer could show computer names incorrectly. This is now
corrected.
• Novell username missing
The username of the logged on user was not presented in the Novell login window when
unlocking the workstation. This is now corrected.
Changes and Corrections Made in Patch 4.0 SR 3.3
• Smart card user and rollback
Smart card components prevented rollback to function correctly. This is now corrected.
• Remote help during upgrade process
It was not possible to provide remote help during the upgrade process. This is now
corrected.
Remote help will function as One-time-login during upgrade process.
• Expiring passwords during upgrade
If a password would expire during the upgrade process the user would not be able to gain
access to the machine. This is now fixed; passwords will not expire during the upgrade
process.
Changes and Corrections Made in 4.0 SR 3.2
• Missing search path to recovery file
If no search path to recovery file was set on the local system this prevented update profiles
to be imported. This is now corrected.
• Esc-key caused search paths in profile to be removed
Using the Esc-key to navigate in the Profile settings window could under certain conditions
cause the search path to Update profiles and Software update to be removed from the
profile.
Changes and Corrections Made in Patch 4.0 SR3.1
• Conversion of profiles
License number used is now automatically reflected in profiles after conversion to 4.0
format.
• License number
The destination and compatible license numbers may now contain hexadecimal digits in
the second field.
• Deadlocks
The upgrade could sometimes cause a deadlock during startup of Windows 2000 or NT.
75
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• Installation problems
The upgrade was sensitive if there were errors encountered during the upgrade. It could
back out without any obvious cause, sometimes without informing about the situation. The
upgrade is now much less sensitive to interruptions and there is always information in the
log file if the upgrade backs out.
• Forced patch backout
If the upgrade is entering an impossible state and never completes, there is a possibility to
force a backout. This is made by creating the file ”C:\PATCH_COMMAND_BACKOUT”
without extension and then rebooting the machine.
• Programs could be started before the patch was completed
It was possible to start the admin program and also the uninstall program before the patch
was completed.
This could sometimes cause strange behavior or strange information to be displayed.
• Language in screen saver text corrected
The screen saver text is now installed in the correct language.
• Uninstallation could leave programs and/or registry items
The programs PROT_SRV.EXE, PAGENTS.EXE and the driver PROT_??.SYS could
sometimes be left after uninstallation. This is now fixed.
• Converting silent 3.1 SR 1 installation profiles
A silent profile created in Protect 3.1 SR 1 became interactive when converted into 4.0
format. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.1
• Improved internal queue management
The queue management of internal program communications has been improved.
• Correction of Blue Screen 0X040014422
The problem with the blue screen 0x04001422 is fixed. This was caused when Windows
NT reported a second hard disk that was disabled at start-up, which was actually a
removable disk, i.e. Jaz, Zip that was not available.
• Correction of Screen saver activation in Windows 2000
In SR 3 there was a problem when activating the screen saver using the Pointsec for PC
tray icon. This sometimes caused the
PC to stop when shutting down and sometimes it was impossible to reactivate the screen
saver.
Those problems are now fixed.
Changes and Corrections Made in 4.0 SR 3
• Support for the PKCS11 standard is implemented
The PKCS11 standard is now supported when using smart card authentication together
with Pointsec for PC.
• Support for Telia ID is implemented
In version 4.0 SR 3 support for the Telia ID smart card is implemented.
• Wildcards” in Event Viewer
The use of “wildcards” in Event Viewer is now supported.
• Pre-check functionality extended
The pre-check functionality is extended to detect unusual system configurations and abort
installation of Pointsec.
Please contact Pointsec support for latest documentation regarding pre-check.
• Problem with internal zip drives corrected
In versions prior to 4.0 SR 3 there was a problem with the handling of internal zip drives.
This is now corrected.
• User settings for allowing windows screensaver
In versions prior to 4.0 SR 3 the user settings for windows screensaver did not work
correctly. This is now corrected.
76
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
Changes and Corrections Made in 4.0 SR 2.3
• Novell integration error corrected
Under certain circumstances the Novell login window would lose the username and
password fields after Pointsec installation. This is now corrected.
• Novell client version requirements changed
Installation check described in section 14.2 now accept Novell client version 4.70.
Changes and Corrections Made in 4.0 SR 2.2
• Transfer to central log
To reduce network traffic the routines that control transfer from local log to central log has
changed. Events that occur frequently and usually not considered important will not trigger
a transfer to central log; events that are considered important and do not occur very
frequently will trigger a transfer of logged events.
• Novell client version checked during installation
In version 4.0 SR 2.1 the installation check of Novell clients would abort installation of
Pointsec if the Novell client installed on the system did not support Pointsec Single SignOn (SSO). This feature is now changed. If the installation check detects a Novell client on
the system that does not meet the Pointsec requirements Pointsec will still install, but
some components will not be installed. It will not be possible to enable SSO on those
machines.
Error log files for each machine that has not had all the components installed due to this
installation check of Novell clients will be created in the installation directory.
The required Novell clients are:
Win200 and WinNT:
Novell 4.70
Win95, Win98 and WinME:
Novell 3.30
• Single Sign-On (SSO) changes
Checkbox “Record new credentials” is only shown after a temporary login with SSO
disabled.
• Tray program - NT
It is now possible to activate Lock-Workstation via the Pointsec tray program on systems
running NT
Changes and Corrections Made in 4.0 SR 2.1
• Novell login loop corrected
Pointsec 4.0 SR 2 installed on a machine that contains the Novell client would loop in the
Novell login if a recovery were performed on the machine. This is now corrected.
Changes and Correction in 4.0 SR 1 and SR 2
• Temporary users on machines using hardware profiles
It was not possible to choose hardware profiles when logging on with a temporary user.
• Slovakian language
Handling of errors, caused by selecting Slovakian language in the Pointsec administration
program.
• ActivCard 1.2 with Microsoft network login module installed
Network resources and domain login were lost when installing Pointsec 4.0 on
Win98/Win95/WinME, and if ActivCard 1.2 or 1.3 were previously installed with the
Microsoft network login module.
• Handling of limited permissions on root folder
When the root folder was set up with limited permissions, a problem occurred with the
creation of recovery files.
• -2 message
Less notification when working off-line, -2 message
77
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Revision Tracking Version A
• User with “upper case and lower case letters” password rule set
A user that had the password rule “upper case and lower case letters” set could not create
update profiles.
• Handling of unknown-unformatted partitions
There was a problem with installing Pointsec on machines that contained an unknown and
unformatted volume placed before the boot volume on the disk.
Initializing smart cards at next login on NT machines
It was not possible to initialize a smart card at next login on NT machines. This is now
partially fixed; see known issues regarding this fix.
• Adjacent volumes
A problem could occur if Pointsec was installed on a machine with adjacent volumes. A
system failure error message 4004D023 would be displayed. This kind of volume layout is
now handled.
• Profile import procedure
If a profile had been changed on an odd second the profile would be imported over and
over again by the system. This has now been corrected.
• Handling of missing Registry entry
If the registry key of a device is missing the “class” key value, the Pointsec installation
might not work properly and could cause a system failure error message “Inaccessible
boot device”. This has now been corrected.
• Event Viewer and Search User Utilities
In 4.0 SR 1 the utilities Event viewer and Search did not handle UNC search paths. This is
now corrected.
Features Introduced in Pointsec 4.0
• Windows NT/2000 log integration
Integration with the NT/2000 log is implemented with new event codes.
• Support for Microsoft Windows 2000
Pointsec now fully supports Windows 2000 except dynamic disks.
• Single Sign On (SSO)
Pointsec 4.0 offers SSO for Microsoft, Novell and Entrust clients.
• Multiple search path
Multiple search paths for update profiles, software updates and recovery files are
implemented in Pointsec 4.0.
• Uninstallation profiles
It is now possible to uninstall Pointsec 4.0 by means of an uninstallation profile.
• Event viewer utility
Pointsec 4.0 offers the possibility to view logs from a central location. This feature is only
available to Pointsec administrators and system administrators.
• Search user utility
It is possible to search recovery files stored on a central location for specific users on the
computers.
• Smart Card support
Pointsec supports the use of Smart Cards for authentication. ActivCard and Telia ID
support is implemented as well as the PKCS11 standard.
• Entrust Integration
Pointsec 4.0 features a Single Sign-On and revocation check functionality to Entrust.
• Handling of incorrect BIOS disk information
User option to correct incorrect disk information from BIOS.
78
Endpoint Security Client – Full Disk Encryption 7.0, August 2008
Open as PDF
Similar pages