Dell Data Protection | Endpoint Security Suite Enterprise for Mac

Dell Data Protection | Endpoint Security Suite Enterprise for Mac
Dell Data Protection | Endpoint Security Suite
Enterprise for Mac
Technical Advisories v1.0
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
© 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are
trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective
companies. Registered trademarks and trademarks used in the Dell Data Protection | Encryption, Dell Data Protection | Endpoint Security Suite, Dell Data
Protection | Endpoint Security Suite Enterprise, Dell Data Protection |Security Tools, and Dell Data Protection | Cloud Edition suite of documents: DellTM and
the Dell logo, Dell PrecisionTM, OptiPlexTM, ControlVaultTM, LatitudeTM, XPS®, and KACETM are trademarks of Dell Inc. McAfee® and the McAfee logo are
trademarks or registered trademarks of McAfee, Inc. in the US and other countries. Intel®, Pentium®, Intel Core Inside Duo®, Itanium®, and Xeon® are
registered trademarks of Intel Corporation in the U.S. and other countries. Adobe®, Acrobat®, and Flash® are registered trademarks of Adobe Systems
Incorporated. Authen Tec® and Eikon® are registered trademarks of Authen Tec. AMD® is a registered trademark of Advanced Micro Devices, Inc.
Microsoft®, Windows®, and Windows Server®, Internet Explorer®, MS-DOS®, Windows Vista®, MSN®, ActiveX®, Active Directory®, Access®,
ActiveSync®, BitLocker®, BitLocker To Go®, Excel®, Hyper-V®, Silverlight®, Outlook®, PowerPoint®, OneDrive®, SQL Server®, and Visual C++® are
either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. VMware® is a registered trademark or
trademark of VMware, Inc. in the United States or other countries. Box® is a registered trademark of Box. DropboxSM is a service mark of Dropbox, Inc.
GoogleTM, AndroidTM, GoogleTM ChromeTM, GmailTM, YouTube®, and GoogleTM Play are either trademarks or registered trademarks of Google Inc. in the
United States and other countries. Apple®, Aperture®, App StoreSM, Apple Remote DesktopTM, Apple TV®, Boot CampTM, FileVaultTM, iCloud®SM,
iPad®, iPhone®, iPhoto®, iTunes Music Store®, Macintosh®, Safari®, and Siri® are either servicemarks, trademarks, or registered trademarks of Apple,
Inc. in the United States and/or other countries. GO ID®, RSA®, and SecurID® are registered trademarks of Dell EMC. EnCaseTM and Guidance
Software® are either trademarks or registered trademarks of Guidance Software. Entrust® is a registered trademark of Entrust®, Inc. in the United States
and other countries. InstallShield® is a registered trademark of Flexera Software in the United States, China, European Community, Hong Kong, Japan,
Taiwan, and United Kingdom. Micron® and RealSSD® are registered trademarks of Micron Technology, Inc. in the United States and other countries.
Mozilla® Firefox® is a registered trademark of Mozilla Foundation in the United States and/or other countries. iOS® is a trademark or registered trademark
of Cisco Systems, Inc. in the United States and certain other countries and is used under license. Oracle® and Java® are registered trademarks of Oracle
and/or its affiliates. Other names may be trademarks of their respective owners. SAMSUNGTM is a trademark of SAMSUNG in the United States or other
countries. Seagate® is a registered trademark of Seagate Technology LLC in the United States and/or other countries. Travelstar® is a registered
trademark of HGST, Inc. in the United States and other countries. UNIX® is a registered trademark of The Open Group. VALIDITYTM is a trademark of
Validity Sensors, Inc. in the United States and other countries. VeriSign® and other related marks are the trademarks or registered trademarks of VeriSign,
Inc. or its affiliates or subsidiaries in the U.S. and other countries and licensed to Symantec Corporation. KVM on IP® is a registered trademark of Video
Products. Yahoo!® is a registered trademark of Yahoo! Inc. This product uses parts of the 7-Zip program. The source code can be found at www.7-zip.org.
Licensing is under the GNU LGPL license + unRAR restrictions (www.7-zip.org/license.txt).
Technical Advisories
2016 - 11
Rev. A00
Contents
1 Endpoint Security Suite Enterprise for Mac Technical Advisories.................................................................. 4
Contact Dell ProSupport...................................................................................................................................................4
Technical Advisories and Documentation....................................................................................................................... 4
New Features and Functionality v1.0.............................................................................................................................. 4
Technical Advisories v1.0.................................................................................................................................................. 5
Advanced Threat Prevention v1.0............................................................................................................................. 5
Previous Technical Advisories.......................................................................................................................................... 5
Technical Advisories v8.7............................................................................................................................................5
Technical Advisories v8.6............................................................................................................................................5
Technical Advisories v8.4.0.6247...............................................................................................................................5
Technical Advisories v8.1.3......................................................................................................................................... 5
Technical Advisories v8.1............................................................................................................................................ 6
Technical Advisories v8.0............................................................................................................................................6
Technical Advisories v7.7............................................................................................................................................ 6
2 Workarounds................................................................................................................................................. 7
Endpoint Security Suite Enterprise Technical Advisories
Contents
3
1
Endpoint Security Suite Enterprise for Mac
Technical Advisories
Endpoint Security Suite Enterprise for Mac offers advanced threat prevention at the operating system and memory layers and encryption,
all centrally-managed from the Dell Data Protection Server. With centralized management, consolidated compliance reporting, and console
threat alerts, businesses can easily enforce and prove compliance for all of their endpoints. Security expertise is built in with features such
as pre-defined policy and report templates, to help businesses reduce IT management costs and complexity.
•
Endpoint Security Suite Enterprise - client software that provides Advanced Threat Prevention and Encryption
•
Policy Proxy - used to distribute policies
•
Dell Device Server - used for client activations
•
Dell Data Protection Server - provides centralized security policy administration, integrates with existing enterprise directories and
creates audit logs and reports
These Dell components interoperate seamlessly to provide a secure mobile environment without detracting from the user experience.
Contact Dell ProSupport
Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell Data Protection product.
Additionally, online support for Dell Data Protection products is available at dell.com/support. Online support includes drivers, manuals,
technical advisories, FAQs, and emerging issues.
For phone numbers outside of the United States, check Dell ProSupport International Phone Numbers.
Technical Advisories and Documentation
These Technical Advisories provide information about new client features and changes in each major release, any issues resolved from a
prior release, and any Technical Advisories in the current release.
Should you need additional assistance administering this product, contact Dell ProSupport.
New Features and Functionality v1.0
Endpoint Security Suite Enterprise for Mac includes the following components:
•
Advanced Threat Prevention provides real-time threat detection by analyzing potential file executions for malware in both the
operating system and memory layers, to prevent the delivery of malicious payloads. Control of execution at the endpoint allows for
accurate and effective detection of malicious threats - even those that have never been seen before. Advanced Threat Prevention
uses machine learning techniques that allow detection of new malware, viruses, bots and unknown future variants, where signatures
and sandboxes fail. Memory protection strengthens basic operating system protection features by providing an additional layer to
detect and deny certain behaviors that are commonly used by exploits.
Advanced Threat Prevention is supported with Mac OS X Mavericks 10.9.5, Mac OS X Yosemite 10.10.5, and Mac OS X El Capitan
10.11.6.
4
Endpoint Security Suite Enterprise Technical Advisories
Endpoint Security Suite Enterprise for Mac Technical Advisories
•
The Encryption client provides data-centric, policy-based protection of data on any device or external media, allowing enterprises to
manage encryption policies for multiple endpoints and operating systems from the Dell Server.
Technical Advisories v1.0
Advanced Threat Prevention v1.0
•
The Advanced Threat Prevention client installer does not prevent installation or inform the user of a conflict when other vendors'
antivirus, antimalware, and antispyware applications are installed. However, Advanced Threat Prevention is not supported with other
antivirus, antimalware, and antispyware applications. Uninstall other vendors' antivirus, antimalware, and antispyware applications
before installing the Advanced Threat Prevention client to prevent installation failures. [DDPMS-1295]
Previous Technical Advisories
This section includes previous Technical Advisories for the Encryption client v7.7 - v8.11. Depending on the Endpoint Security Suite
Enterprise deployment and operating systems of client computers, some issues are not applicable.
Technical Advisories v8.7
•
Dell Encryption is not supported with System Integrity Protection (SIP), which Apple has introduced in Mac OS X El Capitan v10.11.0.
To use Dell Encryption, SIP must be disabled. For instructions on how to disable SIP, see http://www.dell.com/support/
Article/us/en/19/SLN299063.
Technical Advisories v8.6
•
Following FileVault decryption of more than one volume, the System Volumes tab displays their decrypted status with pending restart,
but the restart dialog does not display. To work around this issue, manually restart the computer. After reboot, the System Volumes
tab status is updated as expected. [DDPMS-707]
Technical Advisories v8.4.0.6247
•
Recovery of a FileVault-encrypted volume on Mac OS X Mavericks and later requires that Apple's procedure is followed to create and
deploy recovery keys before FileVault is enabled on client computers. For more information, see http://support.apple.com/kb/
HT5077?viewlocale=en_US&locale=en_US. [DDPMS-249]
•
With FileVault encryption through the Encryption client on Mac OS X Yosemite 10.10 with an internal Apple SSD, the Security &
Privacy - FileVault Tab may not display optimization progress although the Encryption client System Volumes Tab does display
progress. To verify that optimization is in progress, enter the following command:
diskutil cs list
Technical Advisories v8.1.3
•
Amended 03/2014 - Since clients that encrypt using proprietary FDE will not function with hibernation enabled, Dell Data Protection
turns off hibernation prior to encrypting the system drive. Starting with the Encryption client for Mac v8.1.1, the original hibernation
setting is restored when the drive is decrypted, but the initial setting was not persisted in versions prior to v8.1.1. If this setting was
turned off by a client prior to v8.1.1, Dell Data Protection cannot restore the setting when it decrypts the drive. [DDPMS-83, 14942]
Endpoint Security Suite Enterprise Technical Advisories
Endpoint Security Suite Enterprise for Mac Technical
Advisories
5
Technical Advisories v8.1
•
It has been observed on some Mac computers that setting the Workstation Scan Priority policy to Normal increases boot time. To
work around this issue change the Workstation Scan Priority policy to Highest. [4585203]
Technical Advisories v8.0
•
There are no Technical Advisories to report.
Technical Advisories v7.7
•
Recovering a multi-volume system encrypted by FDE for Mac, requires that all encrypted volumes be recovered at the same time.
[26056]
•
When running v7.7 and Mac OS X Lion 10.7.5, ejecting EMS-provisioned external media without safely ejecting it causes kernel panic
and possible loss of data. EMS-provisioned external media must be safely ejected to allow the EMS processes to complete. [26026]
•
Hard drives with 4k block size (standard block size is 512 bytes) are not supported on Mac OS X Snow Leopard or earlier, due to a
defect in the OS partition resize command. This defect has been fixed in Mac OS X Lion and later. [24726]
•
Using Mac OS X Lion (32- or 64-bit/Standard or Admin User) and performing a copy operation of a large number of files (about 2000
in our tests) via Finder using EMS Service causes Finder to crash. [23752]
•
On Mac hardware released prior to 2011, decrypting a drive that was encrypted by FDE for Mac will clear the firmware password, even
if it was previously set by the user. [23673]
•
Removable media inserted before authentication does not prompt for password. [22924]
•
A Windows Blue Screen error may occur if you boot to a Windows Boot Camp partition while the client is decrypting a Mac partition.
To work around this issue, wait until the decryption process is complete before booting to Windows. [21132]
•
After a decryption sweep completes, if a computer restart is not performed or if the restart prompt is ignored prior to attempting to
re-encrypt, the Encryption tab in the System Preferences Pane continues to display Preparing volume for encryption (even after
multiple restarts). To correct the problem, issue a decryption policy, allow the sweep to complete, and restart the computer. After the
computer restarts, re-initiate encryption. Note that the user is prompted to restart the computer after the decryption sweep. If the
user delays the restart multiple times, a mandatory restart is performed, as specified in their policy settings. [21185]
•
The Hostname field in the Compliance Reporter Device Detail report lists the encrypted Mac computer's Unique ID value instead of its
hostname. [21134]
•
At times, the Policy view in Dell Data Protection Preferences may become unresponsive when the client is configured to communicate
with multiple Policy Proxies. To work around this issue, configure the client to communicate with only one Policy Proxy, as specified in
the installer plist file, and leave the client policy entry for Policy Proxy hosts blank, as specified in the Dell Remote Management
Console. [20624]
•
The Dell Recovery Utility displays all visible volumes attached to the system when the All button is clicked. Volumes excluded from
management will incorrectly show up as two volumes, one nested in the other, rather than a single volume. [15802]
•
On rare occasions, the Dell Recovery Utility may become unresponsive when applying the Accept New Configuration recovery option.
If this occurs, restart the Mac and re-attempt the recovery operation. [15947]
•
On rare occasions, the Accept New Configuration recovery process may not complete after restart and the Mac may become
unresponsive. If the login screen is not displayed after several minutes, restart the Mac. The client will automatically retry the recovery
operation. [15947]
•
Recovery operations can only be applied to one encrypted volume at a time. If a disk targeted for recovery contains multiple encrypted
volumes, repeat the Dell Recovery Utility steps for each volume. [15325]
•
The client uninstaller displays an incorrect error dialog if the user presses the Cancel button when prompted for their password.
[15597]
•
The Dell Data Protection System Preferences pane may show incorrect encryption status for another encrypted system volume
attached to the computer. This occurs only if the other system volume was encrypted using a different computer. [15611]
6
Endpoint Security Suite Enterprise Technical Advisories
Endpoint Security Suite Enterprise for Mac Technical Advisories
2
Workarounds
Before you begin, be aware of the following workarounds that have been identified during testing.
•
Modifying the system RAM configuration will invalidate the security protection profile of an encrypted volume. This will prevent the
computer from booting on the following restart. To validate the new configuration and restore the bootability of the encrypted system
volume, apply the Accept new system configuration operation in the Dell Recovery Utility. See the Online Help for instructions. [15665]
•
When using Boot Camp on an encrypted Mac computer, and the computer is booted to Windows, the Mac OS X system volume is
displayed as a separate drive letter in Windows Explorer. Since this volume is encrypted, Windows displays a dialog indicating it cannot
open this volume.
Endpoint Security Suite Enterprise Technical Advisories
Workarounds
7
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising