Important Update: System requirements information for Encryption products is now published along with the other product documentation at the Broadcom Tech Docs site. Consequently, this Knowledge Base article is no longer current and will not be updated. For up-to-date system requirements information for Symantec Endpoint Encryption products, please visit our Tech Docs site.

To visit our Tech Docs site, go to techdocs.broadcom.com.  To find Encryption Documentation, click on the Broadcom business, "Symantec Security Software", then select "Information Security", and then select the product you wish to review.

For the current System Requirements for Symantec Endpoint Encryption 11.3.0, click here.

For the current System Requirements for Symantec Endpoint Encryption 11.3.1, click here.

Important Note:
This information in this article is kept for historical reference only and is no longer updated.  See the System Requirements pages above for updated information.

Update history

Supported Microsoft Windows operating systems

The following Microsoft Windows operating systems are supported only with all of the latest hot fixes and security patches from Microsoft.

• Microsoft Windows 10 Enterprise, with the November 2019 Update (version 1909)
• Microsoft Windows 10 Pro, with the November 2019 Update (version 1909)
• Microsoft Windows 10 Enterprise LTSC 2019 (version 1809)
• Microsoft Windows 10 Enterprise, with the May 2019 Update (version 1903)
• Microsoft Windows 10 Pro, with the May 2019 Update (version 1903)
• Microsoft Windows 10 Enterprise, with the October 2018 Update (version 1809)
• Microsoft Windows 10 Pro, with the October 2018 Update (version 1809)
• Microsoft Windows 10 Enterprise, with the April 2018 Update (version 1803)
• Microsoft Windows 10 Pro, with the April 2018 Update (version 1803)
• Microsoft Windows 10 Enterprise, with the Fall Creators Update (version 1709)
• Microsoft Windows 10 Pro, with the Fall Creators Update (version 1709)
• Microsoft Windows 10 Enterprise, with the Creators Update
• Microsoft Windows 10 Pro, with the Creators Update
• Microsoft Windows 10 Enterprise, with the Anniversary Update
• Microsoft Windows 10 Pro, with the Anniversary Update
• Microsoft Windows 10 LTSB 2016 (version 1607)
• Microsoft Windows 10 Enterprise, with the November 2015 update
• Microsoft Windows 10 Pro, with the November 2015 update
• Microsoft Windows 10 Enterprise
• Microsoft Windows 10 Pro
• Microsoft Windows 8.1 Enterprise
• Microsoft Windows 8.1 Pro
• Microsoft Windows 8.1
• Microsoft Windows 8 Enterprise
• Microsoft Windows 8 Pro
• Microsoft Windows Server 2019 Datacenter
• Microsoft Windows Server 2019 Standard
• Microsoft Windows Server 2016 Datacenter
• Microsoft Windows Server 2016 Standard
• Microsoft Windows Server 2012 R2 Datacenter
• Microsoft Windows Server 2012 R2 Standard

Notes:

• To view known issues specific to Windows 10 Fall Creators Update and Symantec Endpoint Encryption version 11.1.3 MP1 or later, see the Symantec Support Center article: Known Issues with Windows 10 Fall Creators Update (version 1709) and Symantec Endpoint Encryption 11.1.3 MP1.
• Starting with Symantec Endpoint Encryption 11.0.1, users are not required to install the Aero Desktop theme on Microsoft Windows Server 2008 R2 or Windows Server 2012 R2.
• Symantec Endpoint Encryption Drive Encryption is not compatible with the Microsoft Windows BitLocker Drive Encryption feature and the Symantec Endpoint Encryption for BitLocker feature. Do not install both Drive Encryption and Symantec Endpoint Encryption for BitLocker on the same computer.
• Symantec Endpoint Encryption does not support a client that you have configured for Dual Boot (when Microsoft Windows and Linux are both installed in BIOS mode).
   

Drive Encryption on Microsoft Windows Servers

Drive Encryption is supported on all of the client versions that are listed above as well as the following Windows Server versions:

• Microsoft Windows Server 2019, Datacenter 64-bit, with update with internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
• Microsoft Windows Server 2019, Standard 64-bit, with update with internal RAID 1, (UEFI boot mode only)
• Microsoft Windows Server 2016, Datacenter 64-bit, with update with internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
• Microsoft Windows Server 2016, Standard 64-bit, with update with internal RAID 1, (UEFI boot mode only)
• Microsoft Windows Server 2012 R2, Datacenter 64-bit, with update with internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
• Microsoft Windows Server 2012 R2, Standard 64-bit, with update with internal RAID 1, (UEFI boot mode only)

Note: Dynamic disks, software RAID, and logical partitions are not supported.

Software Requirements for Microsoft Windows clients

.NET Framework requirements

Depending on the version of Microsoft Windows that you use, the Symantec Endpoint Encryption requires the following versions of .NET Framework:

Supported virtual machines
The Symantec Endpoint Encryption client software for Microsoft Windows supports the following virtual servers:

• VMware ESXi 6.0
• VMware ESXi 5.5
• VMware ESXi 5.1

Note: The Removable Media Encryption feature additionally supports VMware vSphere.

Note: VMware considers boot disk as removable disk. For Symantec Endpoint Encryption Drive Encryption to work correctly, disable the HotPlug capability in VMware. Refer to the following VMware article to disable this capability:
Disabling the HotAdd/HotPlug capability in ESXi 6.x, 5.x and ESXi/ESX 4.x virtual machines (1012225)

Citrix, Terminal Services and Hypervisor compatibility

Symantec Endpoint Encryption supports the Management Agent feature with the following terminal services software:

• Microsoft Windows Server 2012 R2, 64-bit with update
• Citrix XenDesktop 7.1 and 7.6
• Citrix XenServer 6.1 Hypervisor
• VMware vSphere 5.5
   

Note: Symantec Endpoint Encryption does not support Drive Encryption in the Citrix and Terminal Services environments.

Symantec Endpoint Encryption for BitLocker support for Trusted Platform Module (TPM)
Symantec Endpoint Encryption for BitLocker supports TPM version 1.2 and later.

Symantec Data Loss Prevention integration requirements
To integrate Removable Media Encryption with Symantec Data Loss Prevention, the supported versions of Symantec Data Loss Prevention are 14.0.1, 12.5.x, and 11.5.1.

Note: Integration on Microsoft Windows 10 systems requires Symantec Data Loss Prevention 14.0.1 or later. Integration on Microsoft Windows 10 RS3 systems requires Symantec Data Loss Prevention 15.0 or later.

Hardware requirements for Microsoft Windows clients

Supported disk types for Drive Encryption

Following are the supported disk types and file systems for Drive Encryption:

• Desktop or laptop disks, including solid-state drives (either partitions or an entire disk)
• Advanced format drives with 512-byte emulation mode (512e)
• FAT32, and NTFS formatted disks or partitions
• GPT boot disks on Microsoft Windows 8.x and Microsoft Windows Server 2012 (UEFI systems only)
   

Supported Opal v2-compliant drives for Drive Encryption

See the Support Center article, Compatible Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.2 and 11.3.

Unsupported disk types for Drive Encryption
Following are the unsupported disk types and file systems for Drive Encryption:

• Any configuration where the system partition is not on the same disk as the boot partition
• Native mode advanced format drives
• Dynamic disks
• SCSI drives and controllers
• Software RAID disks
• exFAT formatted disks
• Resilient File System (ReFS)

Smart card support for preboot authentication
Symantec Endpoint Encryption supports the following for preboot authentication on both BIOS and UEFI systems:

• Any generic USB CCID-compatible readers that you connect to a USB port.
  Note: To check for updates about newly supported smart card readers, refer to the Symantec Endpoint Encryption Release Notes.
• Personal Identity Verification (PIV) cards
  • G&D SmartCafe Expert v7.0 144K DI
  • G&D [email protected]é Expert 144K DI v3.2
  • G&D [email protected]é Expert 80K DI v3.2
  • Gemalto Cyberflex Access 64K v2c
  • Gemalto ID Prime .NET
  • Gemalto TOP DL GX4 144K FIPS
  • HID Global Crescendo JCOP 21 version 2.4.1 R2 64K
  • Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
  • Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
  • Oberthur 64K CosmopolIC v5.2
  • Oberthur CS PIV End Point v1.08 FIPS201 Certified
  • Oberthur ID-One Cosmo 128 v5.5 Dual
  • Oberthur ID-One Cosmo v7.0

On BIOS and UEFI systems, Symantec Endpoint Encryption supports the following PIV CAC v2 smart cards:

• G&D SmartCafe Expert v7.0 144K DI
  ATR: 3B F9 96 00 00 80 31 FE 45 53 43 45 37 20 03 00 20 46 42
• Giesecke & Devrient SmartCafe Expert 144K DI v3.2
  ATR: 3b 7a 18 00 00 73 66 74 65 20 63 64 31 34 34
• Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
  ATR: 3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 52 21 19 48
• Oberthur C128K v5.5 Dual
  ATR: 3b db 96 00 80 1f 03 00 31 c0 64 b0 f3 10 00 07 90 00 80
• Gemalto TOP DL GX4 144K FIPS
  ATR: 3b 7d 96 00 00 80 31 80 65 b0 83 11 17 d6 83 00 90 00
• Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
  3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 5X XX 1A XX, where X = mask

On UEFI systems, Symantec Endpoint Encryption requires the following smart card firmware:

• AMI
• HPQ

Note: If you have issues with any of the cards listed, see the Support Center article Symantec Endpoint Encryption Smart Card Support for preboot authentication.

Supported media types for Removable Media Encryption

• USB flash drives
• USB external hard drives
• FireWire external hard drives
• eSATA external hard drives
• Secure Digital (SD) cards and memory cards
• CompactFlash cards
• NTFS drives that are compressed
• CD-RW and DVD-RW Blu-Ray

Unsupported media types for Removable Media Encryption

• Music devices and digital cameras
• Diskettes

Microsoft BitLocker hardware encryption on self-encrypting drives
Symantec Endpoint Encryption for BitLocker supports hardware encryption for Microsoft eDrives.

Tablet support
Symantec Endpoint Encryption supports Microsoft Surface Pro 3, 4, and 5 systems that have an external Type or Touch keyboard.

Symantec provides a utility to test whether your devices' Touch keyboards are compatible with Symantec Endpoint Encryption. For more information, see TECH237200.

Notes:

• The external Type or Touch keyboard is required for preboot authentication on the tablet. The keyboard can be detached once the user authenticates.
• You must disable BitLocker to use the Drive Encryption functionality on tablet computers. Alternatively, you can use the Symantec Endpoint Encryption for BitLocker feature instead of the Drive Encryption feature.

Operating system requirements for Mac client computers

Requirements for Symantec Endpoint Encryption for FileVault

You can install Symantec Endpoint Encryption for FileVault on the Mac systems running any of the following:

• macOS 10.15.1 (Catalina)
  Note: The users can allow or deny access for specific applications like Symantec Endpoint Encryption for FileVault, you can bypass end-user prompts for allowing disk access by deploying an MDM device profile to users in your organization. For details, see the Support Center article:
  Configuring MDM profiles for Full Disk Access for macOS 10.15.1, and Symantec Endpoint Encryption for FileVault and Removable Media Access Utility
• macOS 10.14.x (Mojave)
• macOS 10.13.x (High Sierra)
• macOS 10.12.x (Sierra)

Requirements for the Removable Media Access Utility
The Removable Media Access Utility is supported on the following macOS X platforms:

• macOS 10.15.1 (Catalina)
  Note: The users can allow or deny access for specific applications like Removable Media Access Utility, you can bypass end-user prompts for allowing disk access by deploying an MDM device profile to users in your organization. For details, see the Support Center article:
  Configuring MDM profiles for Full Disk Access for macOS 10.15.1, and Symantec Endpoint Encryption for FileVault and Removable Media Access Utility
• macOS 10.14.x (Mojave)
• macOS 10.13.x (High Sierra)
• macOS 10.12.x (Sierra)