ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Drive Encryption 10.3.2/Symantec Endpoint Encryption 11 and systems with NVMe drives.

book

Article ID: 150235

calendar_today

Updated On:

Products

Endpoint Encryption Drive Encryption

Issue/Introduction

 

Resolution

Symantec Drive Encryption 10.3.2 as well as Symantec Endpoint Encryption 11 (SEE 11) supports most typical hardware available in systems and in general, no issues are seen.

Recently, some systems which have NVMe drives have been found to be incompatible with Symantec Drive Encryption 10.3.2 and Symantec Endpoint Encryption 11 and encrypting these systems can result in Blue Screen behavior, as well as potentially unbootable systems.

The following models are known to be affected by this issue:

Dell XPS 13 950 & 9350
Dell XPS 15 9550
Dell Inspiron E7470
HP Z440
HP ZBook
HP Folio G1 EliteBook
Surface Book
Surface Pro 4 (See article TECH233421 for more information on this system).
MSI GS60 6QE Ghost Pro

UPDATE May 6 2016: Symantec has developed a fix for this issue and is available in Symantec Endpoint Encryption 11.1.1, which is available via fileconnect.

UPDATE APRIL 26 2016: Symantec has developed a fix for this issue and is available in 3.3.2/10.3.2 MP13, which is available via fileconnect.

Although this issue is resolved in Symantec Drive Encryption 10.3.2 MP13 and SEE 11.1.1, there are a few considerations to review:

  • If a system has already been installed with a previous version of Symantec Encryption Desktop and encountered issues, it may be necessary to wipe all affected partitions from the system (as Symantec Drive Encryption may leave remnants of the encryption pointers) before attempting to install Symantec Drive Encryption MP13 or SEE 11.1.1.  Once all the partitions have been removed and properly rebuilt from scratch, and the system has been reimaged, installing Symantec Drive Encryption 10.3.2 MP13 or SEE 11.1.1 will then work.
  • UEFI's "Secure Boot" option should be configured as "Microsoft with 3rd Party CA" if available.  This will allow other third-party programs that are properly signed to properly boot with Secure Boot.  Without setting this option, the system may still not boot with Symantec Drive Encryption 10.3.2 MP13 or SEE 11.1.1.
  • Some NVMe systems do not have the option "Microsoft with 3rd Party CA" with Secure Boot, and "Enabled\Disabled" are the only options available.  If Secure Boot is available, the option to Enable can be used.

Once the above considerations have been met, the system should boot properly after it is encrypted with Symantec Drive Encryption 10.3.2 MP13 or SEE 11.1.1.  If the problems persist, please work with Symantec Support to resolve the issue.
 

Etracks:
3875901 - Symantec Endpoint Encryption 11.0.1 on a HP Z440
3885162 - Symantec Endpoint Encryption 11.0.1 and 11.1 on Dell XPS 13 950
3900056 - Symantec Endpoint Encryption 11.1 on MSI GS60 6QE Ghost Pro
 

3883315 - Symantec Drive Encryption 10.3.2MP11 on Dell XPS 13 950, Dell XPS 13 9350, & Dell Precision Tower 3620
3884273 - Symantec Drive Encryption 10.3.2MP11 on HP zBook
3874204 - Symantec Drive Encryption 10.3.2MP11 on Surface Pro 4 and Surface Book
 

 

Symantec Drive Encryption 10.3.2 MP12 was released to includes fixes to the NVMe systems, however this build was pulled due to an issue found.  For more information on this issue, see article ALERT2011 (now fixed in 10.3.2 MP13).