Symantec Endpoint Encryption Client, version 11.2.x - System Requirements

book

Article ID: 150849

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

 

Resolution

This article details the system requirements for version 11.2.x of the Symantec Endpoint Encryption Client software.

The article will be updated as additional platforms or other system requirements are tested and added.

To be automatically notified of changes, click Subscribe to this Article in the box to the right.

Update history

Date Version Update
July 8, 2019 11.2.1 MP1 HF1

Added Windows client compatibility with the following operating system:

  • Microsoft Windows 10 Enterprise, with the May 2019 Update (version 1903)
  • Microsoft Windows 10 Pro, with the May 2019 Update (version 1903)
May 23, 2019 11.2.x Added note: Logical Partitions are not supported with Symantec Endpoint Encryption 11.
March 29, 2019 11.2.1 MP1

Added compatibility with PIV 8.1 smart card

  • Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
March 29, 2019 11.2.1 MP1 Deprecated support for the macOS X 10.11.x for Symantec Endpoint Encryption for FileVault client
March 29, 2019 11.2.1 MP1 Deprecated support for macOS X 10.11.x, 10.10.x, and 10.9.x for Removable Media Access Utility
December 19, 2018 11.2.1

Added Windows client compatibility with the following operating systems:

  • Microsoft Windows Server 2016 Datacenter Edition
  • Microsoft Windows Server 2016 Standard Edition

 

December 3, 2018 11.2.1

Added Windows client compatibility with the following operating systems:

  • Microsoft Windows 10 October 2018 Update (version 1809)
  • Microsoft Windows 10 LTSB 2016 (version 1607)

Added Symantec Endpoint Encryption for FileVault compatibility with macOS 10.14.

Supported Microsoft Windows operating systems

Note: The Windows 10 May 2019 Update (version 1903) was released on May 21, 2019. Symantec is currently testing the compatibility of this release with Symantec Encryption Desktop. When testing is completed and formal support can be communicated, this article will be updated. Subscribe to the article to be automatically notified of changes.

The following Microsoft Windows operating systems are supported only with all of the latest hot fixes and security patches from Microsoft.

  • Microsoft Windows 10 Enterprise, with the May 2019 Update (version 1903)
  • Microsoft Windows 10 Pro, with the May 2019 Update (version 1903)
  • Microsoft Windows 10 Enterprise, with the October 2018 Update (version 1809)
  • Microsoft Windows 10 Pro, with the October 2018 Update (version 1809)
  • Microsoft Windows 10 Enterprise, with the April 2018 Update (version 1803)
  • Microsoft Windows 10 Pro, with the April 2018 Update (version 1803)
  • Microsoft Windows 10 Enterprise, with the Fall Creators Update (version 1709)
  • Microsoft Windows 10 Pro, with the Fall Creators Update (version 1709)
  • Microsoft Windows 10 Enterprise, with the Creators Update
  • Microsoft Windows 10 Pro, with the Creators Update
  • Microsoft Windows 10 Enterprise, with the Anniversary Update
  • Microsoft Windows 10 Pro, with the Anniversary Update
  • Microsoft Windows 10 LTSB 2016 (version 1607)
  • Microsoft Windows 10 Enterprise, with the November 2015 update
  • Microsoft Windows 10 Pro, with the November 2015 update
  • Microsoft Windows 10 Enterprise
  • Microsoft Windows 10 Pro
  • Microsoft Windows 8.1 Enterprise
  • Microsoft Windows 8.1 Pro
  • Microsoft Windows 8.1
  • Microsoft Windows 8 Enterprise
  • Microsoft Windows 8 Pro
  • Microsoft Windows 7 Ultimate
  • Microsoft Windows 7 Enterprise
  • Microsoft Windows 7 Professional
  • Microsoft Windows Server 2016 Datacenter
  • Microsoft Windows Server 2016 Standard
  • Microsoft Windows Server 2012 R2 Datacenter
  • Microsoft Windows Server 2012 R2 Standard
  • Microsoft Windows Server 2008 R2 Enterprise
  • Microsoft Windows Server 2008 R2 Standard
     

Notes:

  • To view known issues specific to Windows 10 Fall Creators Update and Symantec Endpoint Encryption version 11.1.3 MP1 or later, see the Symantec Support Center article: Known Issues with Windows 10 Fall Creators Update (version 1709) and Symantec Endpoint Encryption 11.1.3 MP1.
  • Starting with Symantec Endpoint Encryption 11.0.1, users are not required to install the Aero Desktop theme on Microsoft Windows Server 2008 R2 or Windows Server 2012 R2.
  • Symantec Endpoint Encryption Drive Encryption is not compatible with the Microsoft Windows BitLocker Drive Encryption feature and the Symantec Endpoint Encryption for BitLocker feature. Do not install both Drive Encryption and Symantec Endpoint Encryption for BitLocker on the same computer.
  • Symantec Endpoint Encryption does not support a client that you have configured for Dual Boot (when Microsoft Windows and Linux are both installed in BIOS mode).
     

Drive Encryption on Microsoft Windows Servers

Drive Encryption is supported on all of the client versions that are listed above as well as the following Windows Server versions:

  • Microsoft Windows Server 2016, Datacenter 64-bit, with update with internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
  • Microsoft Windows Server 2016, Standard 64-bit, with update with internal RAID 1, (UEFI boot mode only)
  • Microsoft Windows Server 2012 R2, Datacenter 64-bit, with update with internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
  • Microsoft Windows Server 2012 R2, Standard 64-bit, with update with internal RAID 1, (UEFI boot mode only)
  • Microsoft Windows Server 2008 R2 64-bit Standard SP1, with internal RAID 1 and RAID 5, (UEFI and BIOS boot mode)
  • Microsoft Windows Server 2008 R2 64-bit Enterprise SP1, with internal RAID 1, (BIOS boot mode only)
     

Note: Dynamic disks and software RAID are not supported.


Software Requirements for Microsoft Windows clients

.NET Framework requirements

Depending on the version of Microsoft Windows that you use, the Symantec Endpoint Encryption requires the following versions of .NET Framework:

Operating system Required version of .NET Framework
Microsoft Windows 10 May 2019 (version 1903) 4.8
Microsoft Windows 10 April 2018 (version 1803) 4.7.2
Microsoft Windows 10 Fall Creators Update (version 1709) 4.7.1
Microsoft Windows 10 Creators Update 4.7
Microsoft Windows 10 Anniversary Update 4.6.2
Microsoft Windows 10 LTSB 2016 4.6.2
Microsoft Windows 10 November 2015 Update 4.6.1
Microsoft Windows 10 4.5.2
Microsoft Windows 8.1 4.5.2
Microsoft Window 7 4.5.2
Microsoft Windows Server 2008 R2 4.5.2
Microsoft Windows Server 2012 R2 4.5.2

Supported virtual machines
The Symantec Endpoint Encryption client software for Microsoft Windows supports the following virtual servers:

  • VMware ESXi 5.1
  • VMware ESXi 5.5
  • VMware ESXi 6.0

Note: The Removable Media Encryption feature additionally supports VMware vSphere.

Note: VMware considers boot disk as removable disk. For Symantec Endpoint Encryption Drive Encryption to work correctly, disable the HotPlug capability in VMware. Refer to the following VMware article to disable this capability:
Disabling the HotAdd/HotPlug capability in ESXi 6.x, 5.x and ESXi/ESX 4.x virtual machines (1012225)

Citrix, Terminal Services and Hypervisor compatibility

Symantec Endpoint Encryption supports the Management Agent feature with the following terminal services software:

  • Microsoft Windows Server 2008 R2: Remote Desktop Services (SP1), 64-bit
  • Microsoft Windows Server 2012 R2, 64-bit with update
  • Citrix XenDesktop 7.1 and 7.6
  • Citrix XenServer 6.1 Hypervisor
  • VMware vSphere 5.5
     

Note: Symantec Endpoint Encryption does not support Drive Encryption in the Citrix and Terminal Services environments.

Symantec Endpoint Encryption for BitLocker support for Trusted Platform Module (TPM)
Symantec Endpoint Encryption for BitLocker supports TPM version 1.2 and later.

Symantec Data Loss Prevention integration requirements
To integrate Removable Media Encryption with Symantec Data Loss Prevention, the supported versions of Symantec Data Loss Prevention are 11.5.1, 12.5.x, and 14.0.1.

Note: Integration on Microsoft Windows 10 systems requires Symantec Data Loss Prevention 14.0.1 or later. Integration on Microsoft Windows 10 RS3 systems requires Symantec Data Loss Prevention 15.0 or later.


Hardware requirements for Microsoft Windows clients

Supported disk types for Drive Encryption

Following are the supported disk types and file systems for Drive Encryption:

  • Desktop or laptop disks, including solid-state drives (either partitions or an entire disk)
  • Advanced format drives with 512-byte emulation mode (512e)
  • FAT32, and NTFS formatted disks or partitions
  • GPT boot disks on Microsoft Windows 8.x and Microsoft Windows Server 2012 (UEFI systems only)

Note: Logical Partitions are not supported with Symantec Endpoint Encryption 11.

Supported Opal v2-compliant drives for Drive Encryption

See the Support Center article, Compatible Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption 11.2.

Unsupported disk types for Drive Encryption
Following are the unsupported disk types and file systems for Drive Encryption:

  • Any configuration where the system partition is not on the same disk as the boot partition
  • Native mode advanced format drives
  • Dynamic disks
  • SCSI drives and controllers
  • Software RAID disks
  • exFAT formatted disks
  • Resilient File System (ReFS)

Smart card support for preboot authentication
Symantec Endpoint Encryption supports the following for preboot authentication on both BIOS and UEFI systems:

  • Any generic USB CCID-compatible readers that you connect to a USB port.
    Note: To check for updates about newly supported smart card readers, refer to the Symantec Endpoint Encryption Release Notes.
  • Personal Identity Verification (PIV) cards
    • G&D SmartCafe Expert v7.0 144K DI
    • G&D [email protected]é Expert 144K DI v3.2
    • G&D [email protected]é Expert 80K DI v3.2
    • Gemalto Cyberflex Access 64K v2c
    • Gemalto ID Prime .NET
    • Gemalto TOP DL GX4 144K FIPS
    • HID Global Crescendo JCOP 21 version 2.4.1 R2 64K
    • Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
    • Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
    • Oberthur 64K CosmopolIC v5.2
    • Oberthur CS PIV End Point v1.08 FIPS201 Certified
    • Oberthur ID-One Cosmo 128 v5.5 Dual
    • Oberthur ID-One Cosmo v7.0

On BIOS and UEFI systems, Symantec Endpoint Encryption supports the following PIV CAC v2 smart cards:

  • G&D SmartCafe Expert v7.0 144K DI
    ATR: 3B F9 96 00 00 80 31 FE 45 53 43 45 37 20 03 00 20 46 42
  • Giesecke & Devrient SmartCafe Expert 144K DI v3.2
    ATR: 3b 7a 18 00 00 73 66 74 65 20 63 64 31 34 34
  • Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
    ATR: 3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 52 21 19 48
  • Oberthur C128K v5.5 Dual
    ATR: 3b db 96 00 80 1f 03 00 31 c0 64 b0 f3 10 00 07 90 00 80
  • Gemalto TOP DL GX4 144K FIPS
    ATR: 3b 7d 96 00 00 80 31 80 65 b0 83 11 17 d6 83 00 90 00
  • Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
    3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 5X XX 1A XX, where X = mask

On UEFI systems, Symantec Endpoint Encryption requires the following smart card firmware:

  • AMI
  • HPQ

Note: If you have issues with any of the cards listed, see the Support Center article Symantec Endpoint Encryption Smart Card Support for preboot authentication.

Supported media types for Removable Media Encryption

  • USB flash drives
  • USB external hard drives
  • FireWire external hard drives
  • eSATA external hard drives
  • Secure Digital (SD) cards and memory cards
  • CompactFlash cards
  • NTFS drives that are compressed
  • CD-RW and DVD-RW Blu-Ray

Unsupported media types for Removable Media Encryption

  • Music devices and digital cameras
  • Diskettes

Microsoft BitLocker hardware encryption on self-encrypting drives
Symantec Endpoint Encryption for BitLocker supports hardware encryption for Microsoft eDrives.

Tablet support
Symantec Endpoint Encryption supports Microsoft Surface Pro 3, 4, and 5 systems that have an external Type or Touch keyboard.

Symantec provides a utility to test whether your devices' Touch keyboards are compatible with Symantec Endpoint Encryption. For more information, see TECH237200.

Notes:

  • The external Type or Touch keyboard is required for preboot authentication on the tablet. The keyboard can be detached once the user authenticates.
  • You must disable BitLocker to use the Drive Encryption functionality on tablet computers. Alternatively, you can use the Symantec Endpoint Encryption for BitLocker feature instead of the Drive Encryption feature.

Operating system requirements for Mac client computers

Requirements for Symantec Endpoint Encryption for FileVault

You can install Symantec Endpoint Encryption for FileVault on the Mac systems running any of the following:

  • macOS 10.14.x (Mojave)
  • macOS 10.13.x (High Sierra)
  • macOS 10.12.x (Sierra)
  • OS X 10.11, 10.11.6 (Deprecated in SEE 11.2.1 MP1)

Requirements for the Removable Media Access Utility
The Removable Media Access Utility is supported on the following macOS X platforms:

  • macOS 10.14.x (Mojave)
  • macOS 10.13.x (High Sierra)
  • macOS 10.12.x (Sierra)
  • OS X 10.11.6 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.11.4 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.11 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.10.5 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.10.4 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.9.4 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.9.3 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.9.2 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.9.1 (Deprecated in SEE 11.2.1 MP1)
  • OS X 10.9 (Deprecated in SEE 11.2.1 MP1)