Known issues and their workarounds:
- Windows 10 RS3 workgroup computers are unable to authenticate at preboot, or single sign-on may not work even when the single sign-on policy is enabled.
Workaround: To resolve this issue, perform either of the following workaround steps before Symantec Endpoint Encryption auto-encryption begins. It is recommended that you perform either of these steps before installing the Symantec Endpoint Encryption product:
- Disable the setting: Windows Settings->Accounts->Sign-in options->Privacy->Use my sign in info to automatically finish setting up my device after an update or restart.
Refer to the following Microsoft article to disable the above setting:
Winlogon Automatic Restart Sign-On (ARSO)
- Or, create the following registry:
Note: If you did not perform either of the workaround steps before encrypting your client computer, then you need to disable the setting: Windows Settings->Accounts->Sign-in options->Privacy->Use my sign in info to automatically finish setting up my device after an update or restart, and restart the client twice.
- Removable Media Encryption is incompatible with Windows Defender Application Guard, which is a feature of Windows 10 RS3.
- On Windows 10 RS3 or later client computers running Removable Media Encryption, when the Controlled Folder Access feature is enabled, Removable Media Encryption does not work as expected.
Workaround: Disable the Controlled Folder Access feature to use Removable Media Encryption.