This article documents the changes and fixes for Symantec Endpoint Encryption Full Disk 7.0.3
Improved Support for High Availability
|Issues preventing the full support of the following Dell models have been remediated: Latitude D531, Latitude D631, OptiPlex 320, OptiPlex 760, and OptiPlex 960.|
|Issues preventing the full support of the Panasonic Toughbook CF-52K and CF-19K have been remediated.|
|Issues preventing the full support of the following Toshiba models have been remediated: Portégé M700-S7005V, Tecra A9, Tecra A10, Tecra M9, and Tecra M10.|
|External keyboards and mice plugged into the docking stations of various Dell, Fujitsu, and Lenovo machines can now be used during Pre-Windows authentication.|
|External keyboards and mice plugged into the docking stations of Dell Latitude D630 laptops no longer prevent the laptop from resuming after going into standby.|
|Dell Latitude D820 and D610 laptops no longer hang if left at the Startup screen for an extended period of time, such as overnight.|
|SEE Full Disk no longer receives double input for each key pressed on external keyboards connected to the left-hand USB slots of HP Compaq nc6120 computers in pre-Windows.|
|USB thumb drives connected to Dell laptops such as Latitude D820, E420, and E6400 or their docking stations no longer prevent the system from loading Windows.|
|Blackberry Curve, Bold, and Pearl models connected by USB at boot time no longer prevent the system from loading Windows.|
|Pressing the NUMLOCK key no longer results in incorrect keyboard input in Pre-Windows.|
|SEE Full Disk no longer interprets SHIFT+0 on the Belgian (Period) keyboard as the numeral 9.|
|The client can now be installed on non–U.S. English operating systems.|
|SEE Full Disk now recognizes PCMCIA card readers on Hewlett Packard machines.|
|Users and Client Administrators no longer receive a fatal error if they remove their card from their PCMCIA reader after entering their PIN and before the validation process has completed.|
|The integrated USB hub option available in the BIOS of Dell D620, D430, and/or D760 machines can now be set to high without causing the Dell D620 embedded card reader as well as a wide range of USB devices to be unrecognized during Pre-Windows authentication.|
|The message “disabling IRQ #10” is no longer occasionally displayed during Pre-Windows authentication.|
|An account that already exists on the database can no longer be specified in the Database Communications page of the SEE Management Server InstallShield wizard.|
|Highlighted computers and/or groups in the Symantec Endpoint Encryption Users and Computers snap-in no longer occasionally display the following incorrect information, “Currently no policy has been assigned to the group.”|
|After turning off synchronization services using the Configuration Manager, the Symantec Endpoint Encryption Native Policy Manager no longer shows that a policy has been applied to a Novell or Active Directory object that does not exist anymore.|
|The Novell SSO panel of the User Client Console no longer occasionally displays absent any check boxes.|
|Third Party Tool||Description||Workaround|
|Client machines will fail to recover after|
going into screensaver mode from
|Perform a hard reboot and disable BIOS power|
management. Windows power management
should be used instead.
|Roxio 6.2||The Framework client package will fail|
to install due to a missing drive letter in
the primary partition.
|Ensure that the following Registry key has the|
|Symantec Endpoint |
|Following the installation of SEE Full|
Disk on the Client Computer, a Network
Threat Protection message may be
displayed, alerting the end user to a
change in the EAFRCliADSI
|Open Symantec Endpoint Protection and click|
Options in the Network Threat Protection area.
Select Configure Firewall Rules from the popup
menu. Highlight Block IPv6 over IPv4 and
click Edit. Select the Allow this traffic option
button on the General tab. Open the Ports and
Protocols tab. Select All IP Protocols from the
Protocol drop-down list box.
|RSA SecurID® 800||If a second certificate is added to the|
token and the first certificate is deleted,
the user will be unable to register with
|Remove all certificates from the token and add|
the certificate again.
|If an encrypted hard disk is|
defragmented, the Full Disk panels of
the User and Administrator Client
Consoles will no longer be displayed.
|Defragment with this tool before encrypting the|
|When uninstalling the SEE Full Disk client, the following error may be|
displayed, “Error 25027. Stop EAFRCliManager service –failed.”
|Manually stop the service and try again.|
|If power is lost during an upgrade of the client machine, a blue screen|
may occur and the machine may loop continuously in an effort to boot
|Run Recover /d. If Recover /d fails, try|
Recover /b. If the Recover Program
completes successfully, back up
important files, then reinstall SEE Full
Disk. If this fails, you will need to
reinstall Windows or reimage the
|If password authentication is selected during the installation of SEE|
Framework Manager console, but token authentication is specified by
policy, users will be unable to register.
|On certain machines, such as the Compaq nc6320, Optiplex GX280,|
Lifebook T5010, EliteBook 8730w, and ThinkPad T400, errors ranging
from inconvenient to fatal may occur if the machine goes into
hibernation following the registration of the first user and before
|Disable hibernation or ensure that the|
machine reboots following registration of
the first user.
|When users attempt to authenticate in Pre-Windows using the Aladdin|
eToken, they may receive the following incorrect message, “A
certificate validation error has occurred. The current token needs to be
replaced or modified by an administrator. Please call the help Desk for
|If expired certificates are allowed or the|
certificate is not expired, check the PIN.
The PIN may have expired according to
Aladdin eToken software settings.
|Tokens cannot be used for Pre-Windows authentication on the Acer|
|Users may be unable to combine the ^ (Circumflex), ¨ (Diaeresis), `|
(Grave) and ´ (Acute) dead keys with l (0131), I (0049), Shift+i (0069)
or Shift+I (0130) from the Turkish Q keyboard.
|The Turkish Q character İ; (0130) may display as I in pre-Windows.|
|Users will be unable to enter the following characters from Canadian|
French keyboards in Pre-Windows: á ç
|Users will be unable to enter the following character from German|
keyboards in Pre-Windows: μ
|Users will be unable to toggle keyboards after launching logon|
|If users need to toggle keyboards, they|
should do so before launching logon
|The name of the Last Logon Time column of the Associated Users|
dialog refers to the last time/date that the user or Client Administrator
logged on to the User or Administrator Client Console.
|A single quote character in the Enter User Names field of the|
Computers with Specified Users report (e.g., Ryan O’Neil) causes a
database access error to be displayed repeatedly.
|Deploying an Active Directory policy that contains a change to the|
Client Administrator settings from a 6.1.0 or later Manager to 6.0.0 or
earlier clients will result in a failure of the new Client Administrator
policy to be applied, a deletion of all existing Client Administrator
policies, and a return to the Client Administrators specified in the
original installation settings.
|When deploying an Active Directory|
policy from a 6.0.0 or earlier Manager,
add the following WMI filter:
Select * FROM Win32_Product
WHERE (name="Symantec Endpoint
Encryption Framework Client") AND
(version <= "6.0.0")
When deploying an Active Directory
policy from a 6.1.0 or later Manager, add
the following WMI filter:
Select * FROM Win32_Product
WHERE name = “Symantec Endpoint
Encryption Framework Client” AND
version > "6.1.0"
|If a user presses CRTL+ALT+DEL in Windows Vista, clicks Change|
Password, provides the incorrect old password causing an error or is
prevented from changing their password due to Windows policies, and
then cancels out, that user will be unregistered from SEE.
Obtain and apply the hotfix
|Password synchronization problems in Windows Vista could occur if|
users specify blank passwords.
|Set the Windows policy to prevent users|
from specifying blank passwords.
|JAWS does not always announce all of the information displayed|
within the Registration wizard and User Client consoles.
|Users should follow these steps:|
1. Press INSERT+F9.
2. Select the frame that is of interest
from the resultant Frames List
3. Click OK.
4. Press P.
If this doesn’t work, restart JAWS and
try the steps again.