ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

System Requirements for Encryption Desktop 10.4.1 for Windows

book

Article ID: 164056

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Gateway Email Encryption

Issue/Introduction

Current system requirements for Symantec Encryption Desktop (powered by PGP) 10.4.1 for Microsoft Windows.

Resolution

This article contains information for the Encryption Desktop 10.4.1 client releases. For information regarding the 10.4.2 client, see TECH248332.

Update History

Update Version Date

Added compatibility with the following operating systems:

  • Microsoft Windows 10 Enterprise Fall Creators Update (version 1709) (32-bit and 64-bit)
  • Microsoft Windows 10 Pro Fall Creators Update (version 1709) (32-bit and 64-bit)
10.4.1 MP2 HF2 Feb 2018

Added compatibility with the following operating systems:

  • Microsoft Windows 10 Enterprise Creators Update (version 1703) (32-bit and 64-bit)
  • Microsoft Windows 10 Pro Creators Update (version 1703) (32-bit and 64-bit)
10.4.1 MP1 May 2017
Added compatibility for Non-Volatile Memory Express (NVMe) drives. 10.4.1 Dec 2016

Supported platforms

Symantec Encryption Desktop can be installed on systems with these versions of Microsoft Windows operating systems:

  • Microsoft Windows 10 Enterprise Fall Creators Update (version 1709) (32-bit and 64-bit editions)
  • Microsoft Windows 10 Pro Fall Creators Update (version 1709) (32-bit and 64-bit editions)
  • Microsoft Windows 10 Enterprise Creators Update (version 1703) (32-bit and 64-bit editions)
  • Microsoft Windows 10 Pro Creators Update (version 1703) (32-bit and 64-bit editions)
  • Microsoft Windows 10 Enterprise Anniversary Update (version 1607) (32-bit and 64-bit editions)
  • Microsoft Windows 10 Pro Anniversary Update (version 1607) (32-bit and 64-bit editions)
  • Windows 10 Enterprise November 2015 Update (version 1511) (32-bit and 64-bit editions)
  • Windows 10 Pro November 2015 Update (version 1511) (32-bit and 64-bit editions)
  • Windows 10 Enterprise (version 1507) (32-bit and 64-bit editions)
  • Windows 10 Pro (version 1507) (32-bit and 64-bit editions)
  • Windows 8.1 November 2014 Update (32-bit and 64-bit editions)
  • Windows 8.1 Update 2, August 2014 (32-bit and 64-bit editions)
  • Windows 8.1 Update 1, May 2014 (32-bit and 64-bit editions)
  • Windows 8.1 Enterprise (32-bit and 64-bit editions)
  • Windows 8.1 Pro (32-bit and 64-bit editions)
  • Windows 8 Enterprise (32-bit and 64-bit editions)
  • Windows 8 Pro (32-bit and 64-bit editions)
  • Windows 7 Enterprise (32-bit and 64-bit editions, plus Service Pack 1)
  • Windows 7 Pro (32-bit and 64-bit editions, plus Service Pack 1)
  • Windows Server 2012 R2 (64-bit edition)
  • Windows Server 2012 (64-bit edition)
  • Windows Server 2008 R2 (64-bit edition, plus Service Pack 1)

The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

Notes:

  • If Windows 10 Fall Creators Update with Symantec Encryption Desktop 10.4.1 MP2 HF2 or later is in use, see the Symantec Support Center article about incompatibility issues at https://www.symantec.com/docs/TECH249436.
  • Symantec Drive Encryption is not compatible with 32-bit systems that use UEFI mode.
  • Symantec Drive Encryption is not compatible with other third-party software that could bypass the Symantec Drive Encryption protection on the Master Boot Record (MBR) and write to or modify the MBR. This includes such off-line defragmentation tools that bypass the Symantec Drive Encryption file system protection in the OS or system restore tools that replace the MBR.
  • Symantec Encryption Desktop does not support the Device Guard Feature on Windows 10 systems (any version).
  • The Windows 10 Anniversary Update provides a feature that enables you to disable legacy drivers. To avoid disablement the Symantec File Share Encryption feature, Symantec recommends that you retain legacy drivers in the active state.
  • Symantec Encryption Desktop does not support operating system upgrades on encrypted systems through the Windows Update service.
  • Symantec Drive Encryption supports encryption on NVMe drives. Administrators can install Symantec Encryption Desktop on end-point devices that use NVMe drives and encrypt data with Symantec Drive Encryption. For more information, see https://support.symantec.com/en_US/article.TECH235669.html.

Supported virtual servers include:

  • VMware ESXi 5.1 (64-bit version)
  • VMWare ESXi 6.0 (64-bit edition)

Additional Requirements for Drive Encryption on UEFI Systems

These requirements apply only if the disk is encrypted. If Symantec Encryption Desktop is installed only for either email or other Symantec Encryption Desktop functions, installations on supported 32-bit systems with UEFI boot mode will not need to meet these requirements.

To encrypt systems that boot in UEFI mode, these additional requirements must be met:

  • System must be certified for the 64-bit editions of Microsoft Windows 7, Microsoft Windows 8/8.1, or Microsoft Windows 10
  • UEFI firmware must allow other programs or UEFI applications to execute during boot
  • Boot drive must be partitioned in GPT with only one EFI system partition on the same physical disk
  • Boot drive must not be configured with RAID or Logical Volume Managers (LVM)
  • Tablets and any systems without a wired or OEM-supplied attachable keyboard are not supported

For more information on the firmware and boot drive, contact your system administrator or hardware manufacturer.

Symantec Drive Encryption on Microsoft Windows Servers

Symantec Drive Encryption is supported on all client versions above as well as these Windows Server versions:

  • Windows Server 2012 R2 64-bit Edition with internal RAID 1 and RAID 5
  • Windows Server 2012 64-bit Edition with internal RAID 1 and RAID 5
  • Windows Server 2008 R2 64-bit Edition with internal RAID 1 and RAID 5

Note: Dynamic disks and software RAID are not supported.

For additional system requirements and best practices information, see the article http://symantec.com/docs/TECH149613.

Compatible Email Client Software

Symantec Encryption Desktop for Windows will, in many cases, work with Internet-standards-based email clients other than those listed here. Symantec, however, does not support the use of other clients.

Symantec Encryption Desktop for Windows has been tested with these email clients:

  • Microsoft Outlook 2016 (32-bit and 64-bit)/Exchange Server 2016 (on-premise only)
  • Microsoft Outlook 2016 (32-bit and 64-bit)/Office Cloud Server
  • Microsoft Outlook 2013 (32-bit and 64-bit)/Exchange Server 2013 Cumulative Update 10 through CUx (on-premise only)
  • Microsoft Outlook 2013 (32-bit and 64-bit)/Exchange Server 2010 (on-premise only)
  • Microsoft Outlook 2013 (32-bit and 64-bit)/Office 365 Cloud Server
  • Microsoft Outlook 2010 (32-bit and 64-bit)/Exchange Server 2010 SP3 (on-premise only)
  • Microsoft Outlook 2010 (32-bit and 64-bit)/Office 365 Cloud Server
  • Microsoft Outlook 2007 SP2 (Outlook 12)/Exchange Server 2007 SP2
  • Microsoft Outlook 2007 SP2 (Outlook 12)/Office 365 Cloud Server
  • Microsoft Windows Live Mail version 2012
  • Mozilla Thunderbird 38.3
  • IBM Notes/IBM Domino Server 9.0.1 FP4
  • IBM Notes/IBM Domino Server 8.5.3

Anti-Virus and Other Protection Software Compatibility for Windows

Symantec Encryption Desktop has been tested with these anti-virus products:

  • McAfee AntiVirus Plus (includes McAfee Anti-Virus and Anti-Spyware) 17.6
  • Symantec Endpoint Protection 12.1 RU6 MP6
  • Symantec Endpoint Protection 14.0
  • McAfee AntiVirus LiveSafe 18.0
  • McAfee Host Intrusion Prevention System 8.0
  • AVG Antivirus Protection Free 16.71.7597
  • Sophos Endpoint Security and Control 10.6
  • Trend Micro Internet Security 10.0

In all anti-virus programs, real-time scans detect any viruses as the email or attachments are opened. Therefore, although it is recommended to disable email scans for some of the anti-virus products listed, your email is still scanned and protected by your anti-virus product from viruses spread via email.

Remote Desktop Services Compatibility

Symantec Encryption Desktop for Windows has been tested with these remote desktop services software:

  • Windows Server 2008 R2 (64-bit, Service Pack 1 or 2) Remote Desktop Services
  • Windows Server 2012 (64-bit) Remote Desktop Services
  • Windows Server 2012 R2 (64-bit) Remote Desktop Services
  • Citrix XenApp 7.6 FP3
  • Citrix XenApp 7.7
  • Citrix XenApp 7.9

Symantec Encryption Desktop supports the Symantec File Share Encryption feature in the Citrix XenApp environment. For more information, see the article  https://support.symantec.com/en_US/article.INFO3668.html.

Symantec Encryption Desktop supports the Symantec Desktop Email feature in the Citrix XenApp environment. For more information, see the article https://support.symantec.com/en_US/article.INFO4047.html.

Compatible Smart Cards and Tokens for Symantec Drive Encryption BootGuard Authentication

This section describes the system requirements (compatible smart cards/tokens and readers).

Compatible Smart Card Readers for Symantec Drive Encryption Authentication

These smart card readers are compatible when used at pre-boot time. These readers can be used with any compatible removable smart card (it is not necessary to use the same brand of smart card and reader).

Generic smart card readers

Most CCID smart card readers are compatible. These readers have been tested by Symantec Corporation:

  • OMNIKEY CardMan 3121 USB for desktop systems (076b:3021)
  • OMNIKEY CardMan 6121 USB for mobile systems (076b:6622)
  • ActivIdentity USB 2.0 reader (09c3:0008)
  • SCM Microsystem Smart Card Reader model SCR3311

CyberJack smart card readers

  • Reiner SCT CyberJack pinpad (0c4b:0100)

ASE smart card readers

  • AET SafeSign ASEDrive IIIe USB reader (0dc3:0802)

Embedded smart card readers

  • Dell D430 embedded reader
  • Dell E6410 embedded reader (Broadcom)
  • Dell E6510 embedded reader (Broadcom)

Compatible Smart Cards or Tokens for Symantec Drive Encryption

This topic lists all of the smart cards or tokens that are supported in Symantec Encryption Desktop 10.4.

Supported smart cards for pre-boot authentication:

  • ActiveIdentity ActivClient CAC cards, 2005 model
  • ActiveIdentity ActivClient CAC cards, 2005 and older
  • Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
  • EMC RSA Smart Card 5200
  • Gemalto ASECard Crypto Smart Card
  • Gemalto Cyberflex Access 32K V2
  • Gemalto Cyberflex Access 64K v2c
  • HID Global Crescendo JCOP 21 version 2.4.1 R2 64K
  • Marx CrypToken MX2048 JCOP USB token
  • Oberthur 64K CosmopolIC v5.2
  • Rainbow iKey 3000
  • S-Trust StarCOS smart card

Note: S-Trust SECCOS cards are not compatible.

  • SafeNet 330 smart card
  • SafeNet eToken PRO Java 72K
  • SafeNet eToken NG-OTP 32K
  • T-Systems Telesec NetKey 3.0 smart card

Supported Personal Identity Verification (PIV) cards for pre-boot authentication:

  • Gemalto TOP DL GX4 144K FIPS
  • Gemalto TOP DM GX4 72k (FIPS)
  • Giesecke & Devrient SmartCaf_ Expert 144K DI v3.2
  • Giesecke & Devrient SmartCaf_ Expert 80K DI v3.2
  • Giesecke & Devrient SmartCaf_ Expert 5.0
  • Giesecke and Devrient [email protected] Expert 3.2 personal identity verification cards with ActivClient version 6.1 client software
  • Oberthur ID-One Cosmo V5.2D personal identity verification cards with ActivClient version 6.1 client software
  • Oberthur ID-One Cosmo v7.0 with Oberthur PIV Applet Suite 2.3.2
  • Oberthur ID-One Cosmo 128 v5.5 for DoD CAC with V2.6.2b client software

Supported smart cards for storage of user keys:

  • EMC RSA SecurID 800 Rev A, B, and D
  • Gemalto Cryptoflex 32K v1
  • Gemalto Cyberflex Access 32K v2
  • Gemalto IDBridgeK30 USB token
  • Gemalto TOP DL GX4 144K with V2.6.2b Applets
  • Oberthur IS-One Cosmo 128 5.5 for DoD CAC with V2.6.2b Applets
  • SafeNet eToken PRO Java 72K
  • SafeNet eToken PRO USB 64K
  • SafeNet eToken PRO USB 32K
  • SafeNet eToken NG-OTP 32K
  • T-Systems Telesec NetKey 3.0 cards
  • Giesecke and Devrient [email protected] Expert 3.2 personal identity verification cards with AET's SafeSign middleware

Supported smart cards for storage of administrator keys:

  • SafeNet eToken PRO 64k
  • SafeNet eToken PRO 72k
  • SafeNet iKey 2032
  • AET ASEKey Crypto USB Token
  • AET ASECard Crypto Smart Card

Tablet Support

Symantec Encryption Desktop for Windows supports these tablet systems:

  • Microsoft Surface Pro 4
  • Microsoft Surface Pro 3
  • Microsoft Surface Pro 2
  • Microsoft Surface Pro 1

Note: To enable compatibility with Secure Boot on Microsoft Surface Pro 1 and Surface Pro 2 laptops, download and run the Microsoft Surface Pro UEFI CA OEM PK Tool. Instructions and the download file are available at http://www.microsoft.com/en-us/download/details.aspx?id=41666. Note that this tool can only be run when your system is decrypted and Secure Boot is enabled.