Encryption Desktop for Windows - System Requirements

book

Article ID: 161116

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption

Issue/Introduction

This article lists the current system requirements for Symantec Encryption Desktop 10.3.2 for Windows.

Resolution

The article will be updated as additional platforms or other system requirements are tested and added for Symantec Encryption Desktop for Windows.

Updates

Platform \ Functionality Added Added in Release Date Support Added
Added compatibility with Microsoft Outlook 2016 MP12 February 18, 2016
Microsoft Windows 10 MP10 August 6, 2015
Microsoft Windows 8.1 November 2014 Update  N/A Tested and verified with 10.3.2 MP4
Microsoft Windows 8.1 Update 2, August 2014 (all 32-bit and 64-bit editions)  N/A Tested and verified with 10.3.2 MP3
Microsoft Windows 8.1 Update 1, May 2014 (all 32-bit and 64-bit editions)  N/A Tested and verified with 10.3.2 MP1
Added compatibility with the following smart card so that it works properly with Symantec Encryption Desktop at preboot authentication.
 
  • Marx CrypToken MX2048 JCOP USB token
     
MP9 May 20, 2015
Added compatibility with the following smart cards so that they work properly with Symantec Encryption Desktop at preboot authentication.
 
  • Oberthur 64K CosmopolIC v5.2
     
  • HID Global Crescendo JCOP 21 version 2.4.1 R2 64K
     
  • Gemalto Cyberflex Access 64K v2c
     
MP7 January 29, 2015
Added compatibility with the following smart cards so that they work properly with Symantec Encryption Desktop at preboot authentication.
 
  • ID-One Cosmo v7.0 with Oberthur PIV Applet Suite 2.3.2
     
  • Giesecke & Devrient [email protected]é Expert 80K DI v3.2
     
  • Giesecke & Devrient [email protected]é Expert 144K DI v3.2
     
  • Gemalto TOP DL GX4 144K FIPS
     
MP2 June 20, 2014
Added compatibility with the following smart card so that it works properly with Symantec Encryption Desktop at preboot authentication.
 
MP1 April 15, 2014


System Requirements for 10.3.2 GA Release

Encryption Desktop for Windows runs on these Microsoft platforms:

  • Windows 8.1
  • Windows 8.1 Enterprise (32-bit and 64-bit versions)
  • Windows 8.1 Pro (32-bit and 64-bit versions)
  • Windows 8 Enterprise (32-bit and 64-bit versions)
  • Windows 8 Pro (32-bit and 64-bit versions)
  • Windows 7 (all 32-bit and 64-bit versions, including Service Pack 1)
  • Windows Vista (all 32-bit and 64-bit versions, including Service Pack 2)
  • Windows XP Professional (32-bit version, including Service Pack 2 or 3)
  • Windows XP Professional (64-bit version, Service Pack 2)
  • Windows XP Home Version (32-bit version, including Service Pack 2 or 3)
  • Windows Server 2012 R2 (64-bit version), Windows Server 2012 (64-bit version)
  • Windows Server 2008 R2 (64-bit version)
  • Windows Server 2008 (32-bit version)
  • Windows Server 2003 (32-bit and 64-bit versions, including Service Pack 1 or 2)
     

The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

Note: Systems running in UEFI mode are supported on Microsoft Windows 8 and 8.1, and on Microsoft Windows 7 64-bit version.

Note: Symantec Drive Encryption is not compatible with other third-party software that could bypass the Symantec Drive Encryption protection on the Master Boot Record (MBR) and write to or modify the MBR. This includes such off-line defragmentation tools that bypass the Symantec Drive Encryption file system protection in the OS or system restore tools that replace the MBR.

The supported virtual servers are:

  • VMware ESXi 5.1 (64-bit version)
     

Additional Requirements for Drive Encryption on UEFI Systems

The following requirements apply only if you are encrypting your disk. If you are installing Symantec Encryption Desktop for email or other Symantec Encryption Desktop functions, you can install on Windows 8/8.1 32-bit systems and boot using UEFI mode without having to meet these requirements.

To encrypt systems booting in UEFI mode, the following additional requirements must be met:

  • The system must be certified for Microsoft Windows 8/8.1 64-bit or Microsoft Windows 7 64-bit.
  • UEFI firmware must allow other programs or UEFI applications to execute while booting.
  • The boot drive must be partitioned in GPT with only one EFI system partition on the same physical disk.
  • The boot drive must not be configured with RAID or Logical Volume Managers (LVM).
  • Tablets and any systems without a wired or OEM-supplied attachable keyboard are not supported.
     

For more information on the firmware and boot drive, contact your system administrator or hardware manufacturer.
 

Symantec Drive Encryption on Windows Servers

Symantec Drive Encryption is supported on all client versions above as well as the following Windows Server versions:

  • Windows Server 2012 R2 64-bit version, with internal RAID 1 and RAID 5
  • Windows Server 2012 64-bit version, with internal RAID 1 and RAID 5
  • Windows Server 2008 R2 64-bit version, with internal RAID 1 and RAID 5
  • Windows Server 2008 64-bit version (Service Pack 1 and Service Pack 2), with internal RAID 1 and RAID 5
     

Note: Dynamic disks and software RAID are not supported.

For additional system requirements and best practices information, see Knowledgebase article TECH149613 "Drive Encryption on Windows Servers.”

Hardware Requirements

Encryption Desktop for Windows requires the following:

  • 512 MB of RAM
  • 124 MB of hard disk space
     

Compatible Email Client Software

Symantec Encryption Desktop for Windows will, in many cases, work with Internet-standards-based email clients other than those listed here.

Symantec Corporation, however, does not support the use of other clients.

Symantec Encryption Desktop for Windows has been tested with the following email clients:

  • Microsoft Outlook 2013 (32- and 64-bit versions)/Exchange Server 2013 Cumulative Update 2 (CU 2)
  • Microsoft Outlook 2013 (32- and 64-bit versions)/Exchange Server 2010 (on-premise only)
  • Microsoft Outlook 2013 (32- and 64-bit versions)/Office 365 Cloud Server
  • Microsoft Outlook 2010 (32- and 64-bit versions)/Exchange Server 2010 (on-premise only)
  • Microsoft Outlook 2010 (32- and 64-bit versions)/Office 365 Cloud Server
  • Microsoft Outlook 2007 SP2 (Outlook 12)/Exchange Server 2007 SP2
  • Microsoft Outlook 2007 SP2 (Outlook 12)/Office 365 Cloud Server
  • Microsoft Outlook 2003 SP3/Exchange Server 2003 SP3
  • Microsoft Windows Mail 6.0.600.16386
  • Microsoft Outlook Express 6 SP1
  • Microsoft Windows Live Mail
  • Mozilla Thunderbird 17
  • Lotus Notes/Domino Server 8.5.3
  • Lotus Notes/Domino Server 8.5.2
  • Lotus Notes/Domino Server 8.5.1 FP2
     

Compatible Anti-Virus and Other Protection Software for Windows

Symantec Encryption Desktop has been tested with the following anti-virus products and no issues have been identified:

  • McAfee Host Intrusion Prevention (HIPS) 8.0.0
  • McAfee VirusScan Enterprise 16.8 (McAfee AntiVirus Plus)
  • AVG AntiVirus 2014.0.4158
  • Trend Micro Titanium Antivirus +
  • Sophos Endpoint Security and Control and Sophos Anti-Virus 10.2.9
  • Symantec Norton 21.1.0.18
     

Some incompatibilities have been identified with anti-virus products listed in the two following sections. In all anti-virus programs, enabling real-time scanning detects any viruses as the email or attachments are opened. Therefore, although it is recommended to disable email scanning for some of the anti-virus products listed, your email is still being scanned and you are still being protected by your anti-virus product from viruses spread through email.

McAfee VirusScan Enterprise, AntiSpyware Enterprise 8.8

  • An Access Protection Rule prevents Symantec Encryption Desktop from being installed or uninstalled (various error messages appear). To work around this issue, refer to the McAfee Knowledgebase article KB52624.
  • There is a known incompatibility with Symantec File Share Encryption and Microsoft Office 2010 when McAfee version 8.8 patch 2 is installed. For more information, see knowledgebase article TECH202537 “Incompatibility between Symantec File Share Encryption (previously PGP NetShare) and McAfee VirusScan Enterprise 8.8 patch 2” [2886335].

McAfee VirusScan Enterprise, Host Intrusion Prevention 8

  • There are installation, uninstallation and upgrade issues caused by earlier versions of this product. Please see the knowledge base article TECH237071.

Symantec Norton AntiVirus 11.x through 12.x, Symantec Norton Internet Security 2006, Symantec Norton Internet Security 2005

  • No special configuration is required for MAPI email.
  • When using POP email, enable Auto-Protect and disable the Anti-Spam and Email Scanning options. Auto-Protect, which is enabled by default, provides protection against viruses in email messages when the message is opened.
  • Disable SSL/TLS in Server Settings in Symantec Encryption Desktop or Symantec Encryption Satellite. (In Symantec Encryption Desktop, select the PGP Messaging Control Box and then choose Messaging > Edit Server Settings. For SSL/TLS, select Do Not Attempt. In Symantec Encryption Satellite, on the Policies tab, select Ignore SSL/TLS.) These versions of Norton AntiVirus prevent all mail clients from using SSL/TLS, regardless of the use of Symantec Encryption software.
     

Terminal Services Compatibility

Symantec Encryption Desktop for Windows has been tested with the following terminal services software:

  • Windows Server 2012 R2 (64-bit version)
  • Windows Server 2012 (64-bit version)
  • Windows Remote Desktop Services (64-bit version, including Service Pack 1)
  • Windows 2008 Terminal Services (32-bit version, including Service Pack 1 or 2)
     

The following features of Symantec Encryption Desktop for Windows are available in these environments, as specified:

  • Email encryption is fully supported.
  • PGP Zip functionality is fully supported.
  • PGP Shredder functionality is fully supported.
  • Symantec File Share Encryption is fully supported.
  • PGP Virtual Disks cannot be mounted at a drive letter over Terminal Services, but can be mounted at directory mount points on NTFS volumes.
  • Symantec Drive Encryption is not supported.
     

Compatible Smart Cards and Tokens for Symantec Drive Encryption BootGuard Authentication

This section describes the system requirements (compatible smart cards/tokens and readers).

Compatible Smart Card Readers for Symantec Drive Encryption Authentication

The following smart card readers are compatible when communicating to a smart card at pre-boot time. These readers can be used with any compatible removable smart card; it is not necessary to use the same brand of smart card and reader.

Generic Smart Card Readers

Most CCID smart card readers are compatible. The following readers have been tested by Symantec Corporation:

  • OMNIKEY CardMan 3121 USB for desktop systems (076b:3021)
  • OMNIKEY CardMan 6121 USB for mobile systems (076b:6622)
  • ActivIdentity USB 2.0 reader (09c3:0008)
  • SCM Microsystem Smart Card Reader model SCR3311
     

CyberJack Smart Card Readers

  • Reiner SCT CyberJack pinpad (0c4b:0100)
     

ASE Smart Card Readers

  • AET SafeSign ASEDrive IIIe USB reader (0dc3:0802)
     

Embedded Smart Card Readers

  • Dell D430 embedded reader
  • Dell E6410 embedded reader (Broadcom)
  • Dell E6510 embedded reader (Broadcom)
     

Compatible Smart Cards or Tokens for Symantec Drive Encryption Authentication

Symantec Drive Encryption is compatible with the following smart cards for pre-boot authentication:

  • ActiveIdentity ActivClient CAC cards, 2005 model
  • ActiveIdentity ActivClient CAC cards, 2005 and older
  • SafeNet eToken PRO 64K, 2048 bit RSA capable (4253)
  • SafeNet eToken PRO USB Key 32K, 2048 bit RSA capable
  • SafeNet eToken PRO Java 72K
  • SafeNet eToken NG-OTP 72K

    Note: Other SafeNet eTokens, such as tokens with flash, should work provided they are APDU compatible with the compatible tokens. OEM versions of SafeNet eTokens,  should work provided they are APDU compatible with the compatible tokens.
     
  • AET SafeSign ASEKey Crypto USB Token
  • AET SafeSign ASECard Crypto Smart Card

    Note: The AET SafeSign tokens are compatible only for credential storage.
     
  • Gemalto Cyberflex Access 32K V2
  • Gemalto ASECard Crypto Smart Card
  • Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
  • EMC RSA SecurID 800 Rev A, B, and D

    Note: This token is compatible only for key storage. SecurID is not compatible.
     
  • EMC RSA Smart Card 5200
  • Marx CrypToken MX2048 JCOP USB token
  • Rainbow iKey 3000
  • S-Trust StarCOS smart card

    Note: S-Trust SECCOS cards are not compatible.
     
  • SafeNet 330 smart card
  • T-Systems Telesec NetKey 3.0 smart card
     

Personal Identity Verification (PIV) Cards

  • Oberthur ID-One Cosmo V5.2D personal identity verification cards using ActivClient version 6.1 client software
  • Oberthur ID-One Cosmo 128 v5.5 for DoD CAC with V2.6.2b client software
  • Gemalto TOP DM GX4 72k (FIPS)
  • Giesecke and Devrient [email protected]é Expert 3.2 personal identity verification cards using ActivClient version 6.1 client software