Considerations and Best Practices for Encryption Desktop 10

book

Article ID: 181517

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption

Issue/Introduction

 

Resolution

Considerations and Best Practices prior to the installation of Symantec Encryption Desktop 10:

  • Use the latest version of Symantec Drive Encryption, which can be downloaded from MySymantec https://support.symantec.com/en_US/article.INFO5242.html
  • Symantec always recommends upgrading to the latest version of Symantec Encryption Desktop: www.symantec.com/docs/TECH187067
  • Review the Symantec Encryption Desktop Product Documentation ((Release Notes, User's Guides, etc):
    *Symantec Encryption Desktop 10.4.x Product Documentation: www.symantec.com/docs/DOC9491
    *Symantec Encryption Desktop 10.3 Product Documentation: www.symantec.com/docs/TECH214498

    The Release Notes provide more detail on known issues and information that applies to specific circumstances that could affect compatibility of the software.  The User's Guide provides a wealth of knowledge on every aspect of Symantec Encryption Desktop 10
  • Run Microsoft Windows update 
  • Back up your computer before you install or upgrade any software, including Symantec Encryption Desktop.
  • Defragment your disk for Spinning Disks, and run Disk Optimization (trim) for SSDs: www.symantec.com/docs/TECH180373

Click for more information on Encryption Desktop\PGP Desktop Recovery Disks

Security Best Practices for Symantec Drive Encryption 10

  • Restrict Administrator access on the system to a trusted set of individuals, and grant minimal privileges required.
  • Prevent unauthorized access to systems.
  • Educate users on security hygiene, including the risks associated with executing untrusted programs.
  • Ensure anti-virus and anti-malware solutions on the system have the latest definitions and are patched.
  • Avoid visiting untrusted web sites  from the system.

 

Best Practices for Symantec Drive Encryption 10.3 and above on UEFI Systems such as Windows 8 or Windows 10

The following requirements apply only if you are encrypting your disk. If you are installing Symantec Encryption Desktop 10.3.2 MP13 or above for email or other Symantec Encryption Desktop functions, you can install on Windows 8/10 32-bit systems and boot using UEFI mode without having to meet these requirements.  To encrypt systems booting in UEFI mode, the following additional requirements must be met:

  • System must be certified for Microsoft Windows 8/8.1 64-bit or Microsoft Windows 7 64-bit
  • UEFI firmware must allow other programs or UEFI applications to execute while booting
  • Boot drive must be partitioned in GPT with only one EFI system partition on the same physical disk
  • Boot drive must not be configured with RAID or Logical Volume Managers (LVM)
  • Tablets and any systems without a wired or OEM-supplied attachable keyboard are not supported For more information on the firmware and boot drive, contact your system administrator or hardware manufacturer.
     

Note: Symantec Drive Encryption is not compatible with other third-party software that could bypass the Symantec Drive Encryption protection on the Master Boot Record (MBR) and write to or modify the MBR. This includes such off-line defragmentation tools that bypass the Symantec Drive Encryption file system protection in the OS or system restore tools that replace the MBR.

For more information about requirements for UEFI systems, see article TECH203071, "Symantec Encryption Desktop 10.3.2 compatibility with Microsoft Windows 8/8.1".

Click for more information on USB Recovery for Windows 8 Computers 

Best Practices for Symantec Drive Encryption on Windows Servers

Symantec Drive Encryption is supported on all of the following Windows Server versions:

  • Windows Server 2012 R2 64-bit Edition with internal RAID 1 and RAID 5
  • Windows Server 2012 64-bit Edition with internal RAID 1 and RAID 5
  • Windows Server 2008 R2 64-bit Edition with internal RAID 1 and RAID 5
  • Windows Server 2008 64-bit Edition (Service Pack 1 and Service Pack 2) with internal RAID 1 and RAID 5
     

Note: Dynamic disks and software RAID are not supported on any Windows Operating System.

For additional system requirements and best practices information for use on Windows Servers, see article TECH149613 "Drive Encryption on Windows Servers".

 

For information on "Encryption Desktop for Windows - System Requirements", see KB TECH224415.

For information on "Downloading Symantec Encryption Desktop", see KB TECH195170.

For information on "How to Install Symantec Encryption Desktop (unmanaged/standalone)", see KB HOWTO85096.