This article documents the changes and fixes for Symantec Endpoint Encryption Full Disk 7.0.4

What’s New
Improved Support for Token Deployments

• SEE Full Disk now supports policy for provisioning users with both token and password credentials, as well as token-only or password-only. This is especially useful within environments transitioning from single-factor (password-only) to multi-factor (token-only) authentication.
• The Authenti-Check self-service recovery feature has been extended to token users.
• Token users can now securely update their own existing registration records with new tokens and certificates. This permits users whose tokens have expired and been replaced to update their own endpoint authentication credentials without requiring a physical IT touch.

New Ad-Hoc Report Query Tool
A new Query Tool provides a graphical user interface for quickly creating, saving and generating your own custom tabular reports within the SEE Manager Console. Report definitions can be named, edited, and grouped within named folders. All of the data fields reported by the Framework, Full Disk, and Removable Storage clients are supported as search criteria within the Query Tool.

New Administrative Event Logging and Reporting
New administrative logging and reporting for server-side events has been added to the SEE Manager Console and SEE database. A broad range of administrative actions are tracked including help desk assistance through the OTP snap-in, software installation package creation, and export of drive data recovery information.

Additional Server Platform Support
The server-side components of SEE now support the 32-bit editions of both Windows Server 2008 and Microsoft SQL Server 2008.

Installation Notes
SEE Framework 7.0.4 is only compatible with SEE Full Disk 7.0.4 and SEE Removable Storage 7.0.4. If you are running SEE Removable Storage and plan to upgrade to SEE Full Disk 7.0.4, you must upgrade to SEE Removable Storage 7.0.4 also.

Resolved Issues

Description

Certain combinations of USB devices inserted into Dell D610 and D810 machines at boot time no longer cause kernel panic errors.

The following Dell models will boot faster: Inspiron 531, Latitude D631, Latitude E4300, Latitude E5400, Latitude E6400, and Precision M6400.

Issues preventing the full support of the following Dell models have been remediated: Precision D670.

Issues preventing the full support of the following HP models have been remediated: xw6400, and xw6600.

Users no longer experience difficulty accessing floppy drives following the installation of GuardianEdge Hard Disk on certain Optiplex models.

Users no longer lose access to Philips DVD/CD-ROM drives following the installation of GuardianEdge Hard Disk.

A single quote character in the Enter User Names field of the Computers with Specified Users report (e.g., Ryan O’Neil) no longer causes a database access error to be displayed repeatedly.

Users are now able to enter the following character from German keyboards in Pre-Windows: μ.

Known Issues
Third Party Compatibility

Third Party Tool	Description	Workaround
SanDisk 4GB Cruzer Micro USB Flash Drive	A SanDisk device inserted at startup will cause the Client Computer to hang after Pre-Windows authentication.	Remove SanDisk devices before powering on.
BIOS Power Management	Client machines will fail to recover after going into screensaver mode from Pre-Windows.	Perform a hard reboot and disable BIOS power management. Windows power management should be used instead.
Roxio 6.2	The Framework client package will fail to install due to a missing drive letter in the primary partition.	Ensure that the following Registry key has the value PartMgr: HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Control\Class\{4D36E967-E325-11CE-BFC1- 08002BE10318}\UpperFilters
Symantec Endpoint Protection 11	Following the installation of SEE Full Disk on the Client Computer, a Network Threat Protection message may be displayed, alerting the end user to a change in the EAFRCliADSI application.	Open Symantec Endpoint Protection and click Options in the Network Threat Protection area. Select Configure Firewall Rules from the popup menu. Highlight Block IPv6 over IPv4 and click Edit. Select the Allow this traffic option button on the General tab. Open the Ports and Protocols tab. Select All IP Protocols from the Protocol drop-down list box.
RSA SecurID® 800	If a second certificate is added to the token and the first certificate is deleted, the user will be unable to register with the token.	Remove all certificates from the token and add the certificate again.

Upgrade/Install/Uninstall/Migration

Description	Workaround
When uninstalling the GuardianEdge Management Server from a Windows Server 2008 machine, the administrator will be prompted to close the following applications: GuardianEdge Active Directory Sync Service and GuardianEdge Novell Sync Service.	Select the Automatically close applications option and click OK.
If a local instance is selected during the installation of the GuardianEdge Management Server, GuardianEdge Management Server uninstallation will fail with the message, “Could not connect to Microsoft SQL Server.”	Locate the GEServerConfig.xml file on the GuardianEdge Management Server machine. Find (local). Replace with the computer name of the GuardianEdge Management Server machine. Save and close the file. Try the uninstall again.
If power is lost during an upgrade of the client machine, a blue screen may occur and the machine may loop continuously in an effort to boot into Windows.	Run Recover /d. If Recover /d fails, try Recover /b. If the Recover Program completes successfully, back up important files, then reinstall SEE Full Disk. If this fails, you will need to reinstall Windows or reimage the machine.
If password authentication is selected during the installation of SEE Framework Manager console, but token authentication is specified by policy, users will be unable to register.

Vista Hibernation

Description	Workaround
On certain Vista machines (Compaq nc6320, Compaq Presario SG3145IL, Optiplex GX280, Optiplex GX520, Lifebook T5010, EliteBook 8730w, and ThinkPad T400) errors ranging from inconvenient to fatal may occur if the machine goes into hibernation following the registration of the first user and before reboot.	Disable hibernation or ensure that the machine reboots following registration of the first user.
Following the installation of GuardianEdge Hard Disk, machines missing the Sleep power option will go into hibernation on a schedule that does not correspond to the Windows power plan.	Disable hibernation or ensure that the machine reboots following registration of the first user.

Token Authentication

Description	Workaround
Tokens cannot be used for Pre-Windows authentication on the Acer Aspire 5515.
Only tokens inserted into a USB card reader can be used for Pre- Windows authentication on the HP Compaq 6535b.

Client Keyboards

Description	Workaround
Users may be unable to combine the ^ (Circumflex), ¨ (Diaeresis), ` (Grave) and ´ (Acute) dead keys with l (0131), I (0049), Shift+i (0069) or Shift+I (0130) from the Turkish Q keyboard.
The Turkish Q character İ; (0130) may display as I in pre-Windows.
Users will be unable to enter the following characters from Canadian French keyboards in Pre-Windows: á ç
The CAPSLOCK key will behave like the SHIFTLOCK key for nonalphabet characters in Pre-Windows for the Belgian (Period), French, and German keyboards.
The character ł (0142) displays as Ł (0141) in pre-Windows when the Hungarian keyboard is used.
CTRL+ALT combinations do not produce the expected special characters in Pre-Windows

Manager Console

Description	Workaround
After clicking a column heading to sort by the column, the sort arrow will be displayed to the left of the column heading if the operating system is Vista or Server 2008.
The name of the Last Logon Time column of the Associated Users dialog refers to the last time/date that the user or Client Administrator logged on to the User or Administrator Client Console.
Deploying an Active Directory policy that contains a change to the Client Administrator settings from a 6.1.0 or later Manager to 6.0.0 or earlier clients will result in a failure of the new Client Administrator policy to be applied, a deletion of all existing Client Administrator policies, and a return to the Client Administrators specified in the original installation settings.	When deploying an Active Directory policy from a 6.0.0 or earlier Manager, add the following WMI filter: Select * FROM Win32_Product WHERE (name="Symantec Endpoint Encryption Framework Client") AND (version <= "6.0.0") When deploying an Active Directory policy from a 6.1.0 or later Manager, add the following WMI filter: Select * FROM Win32_Product WHERE name = “Symantec Endpoint Encryption Framework Client” AND version > "6.1.0"

Single Sign-On

Description	Workaround
If a user presses CRTL+ALT+DEL in Windows Vista, clicks Change Password, provides the incorrect old password causing an error or is prevented from changing their password due to Windows policies, and then cancels out, that user will be unregistered from SEE.	Visit http://support.microsoft.com/kb/936183 Obtain and apply the hotfix
Password synchronization problems in Windows Vista could occur if users specify blank passwords.	Set the Windows policy to prevent users from specifying blank passwords.

Pre-Windows Authentication

Description	Workaround
Users will not be able to utilize the Keyboard Layout window if Help is open.	Close the Help window and try again.

Section 508

Description	Workaround
JAWS users will experience an Internet Explorer script error after tabbing onto the QuickHelp icon.	The user should select Yes on the message and continue working.
JAWS does not always announce all of the information displayed within the Registration wizard and User Client consoles.	Users should follow these steps: 1. Press INSERT+F9. 2. Select the frame that is of interest from the resultant Frames List dialog. 3. Click OK. 4. Press P. If this doesn’t work, restart JAWS and try the steps again.