SecureDoc v7.1 SR1 Release Notes

すべて表示

Product/Feature Deprecation Pre-Notice

Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

 

Important Note

WinMagic has done extensive work to improve, streamline and augment the security surrounding the initial deployment of Key Files during the process of installing the SecureDoc Client software, bearing in mind that many customers have widely divergent requirements relating to how devices are used during and after initial installation. Some customers install SecureDoc while the primary device user is on or will be on the machine, while others may need to protect new devices before the end-users of those devices have been defined, as well as other scenarios.

Please refer to the When SecureDoc server is upgraded to version 7.1 from previous versions (6.5 or earlier) and the Setting up Device Provisioning Rules sections under the Creating Installation Packages for Windows chapter in the SES User Manual to understand how these new settings work, in order to inform your own use of these new features, particularly as they operate in a way that cannot be easily migrated from the previous methodology to the new methodology. Upon upgrading from an earlier version, you will need to adjust each of your existing Installation Packages to reflect the deployment methodology that will meet your security design.

 

System Requirements

System requirements and supported devices, including tokens and SmartCards, for SecureDoc v7.1 SR1are listed here.

Note: It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation. More information can be found here: msdn.microsoft.com/en-us/library/ms143786(v=sql.100).ASPX

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note: Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly.

Note: WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

 

New Features and Improvements

  
SD-14700

Support for the new Mac FileVault2 Operating Systems X 10.11.2 (El Capitan)

Now, SecureDoc extends FileVault2 support for the new Mac OS X 10.11.2 (El Capitan) operating system version. You can create the SecureDoc client package in the SES console and deploy to the Mac FV2 devices that are running this latest operating system.

SD-15645

SecureDoc extends supports for NVM Express (NVMe) Opal Drives

Now, SecureDoc extends support for NVMe Opal drives. NVMe stands for Non-Volatile Memory Express. SES Administrators can now install SecureDoc on end-point devices that have NVMe Opal drives. The users will be able to perform pre-boot authentication under both PBU (Pre-Boot for Native UEFI) and PBLU (Pre-Boot under Linux for UEFI devices).

 

Resolved Issues

ReferenceDescription
SD-15470

Issue: The Maximum Failed Logins setting was not working for PBConnex or local keyfiles

This issue has been reported on the devices that have SES V6.5 SR3 installed. When a user exceeded the set maximum failed login attempts, he/she was not locked out and the system did not display the number of incorrect attempts made by the user. This issue has been fixed in this version and the user will be locked out if he/she exceeds the set limit; in addition the unsuccessful attempts notification will be displayed.

SD-15135SD-15795

Issue: USB and Remote Media Encryption (RME) logs on the Windows / Mac FileVault 2 devices are missing in SecureDoc Enterprise Server Console

This issue has been reported on both the Windows and Mac File Vault 2 devices that have SES V6.5 SR3 installed. The latest log events for USB and RME logs were not being reported back to SES, thus making it difficult for SES Administrators to monitor the log events.

This issue has been fixed for clients installed with SES Client V7.1 SR1 and above. Now, the SES Administrators will be able to view the latest log events in SES. There may be some instances where the log reports are not reported instantly back to the SES server due to the high traffic on the SDConnex or if the client device is in offline mode. It is recommended that the SES Administrators ensure clients have communicated with the server before attempting to obtain the log reports. However, in those cases where log files contain huge amounts of log data; these may take longer than the usual time to report back to the SES server.

SD-16021

SES Web “Assign users to device(s)” page issue: While clicking on the folders related to a list of users, the selected device will change to one of the devices that has been previously selected

This issue has been reported on the devices that have SES Web V6.5 SR3 installed. While visiting the Assign Users to Device page frequently by one or multiple users, the selected device will change to one of the devices that had been previously selected (shown in the navigation history (“breadcrumb-trail” at the top of the page). This happens randomly when an SES Web Admin is clicking on the different folders while looking for a user.

This issue has now been resolved. The Assign Users to Device page no longer switches to the previous Device folder. The SES Web Administrators will now be able to view the recently added device.

SD-15139

SDConnex: SDConnex crashes while executing the Audit Reports in SecureDoc Web (SESWeb)

This issue occurs when there is a huge amount of audit logs in database and when SDConnex receives a request for generating Audit Log data for reports from the SES Web. In such a scenario, the "Runtime 500" error message is displayed.

This issue has been temporarily fixed. However, in a scenario where multiple users attempt to run an audit report at the same time, the audit report crash may still occur. A permanent fix for this will be available in a future release.

SD-15982

While adding a user to a device, an error message " Error 7702 Password is too short" is displayed

Issue: This issue has been reported on Windows 2008 devices that have the version 6.5SR3 installed. When a SES administrator attempts to create a user without a password (with generic initial password) and add this user to a device, an error message "Key file for user must be created manually now. Error 7702 Password is too short. See minimum length in password rules" is displayed.

This issue has now been resolved and SES administrators can add users to a device successfully.

 

Known Limitations

Note: For the Known Limitations other than the ones mentioned below, refer to the “Known Limitations” section in the SecureDoc Release Notes v7.1.

ReferenceDescription
SD-16274

The User ID is not displayed correctly in the SecureDoc Web after the migration from SES V6.5SR3 to V7.1

Limitation:
This issue occurs after SES migration from V6.5SR3 to V7.1. After launching the SES Web, the User information under the User ID column is not shown properly.

Work-around:

  1. After the upgrade, clear the browser cache.
  2. Log into SecureDoc Web.
  3. Make sure that the time stamp for the file C:\Program Files (x86)\WinMagic\SDDB-NT\SDWeb\Scripts\grid_user.js has been updated after upgrade.
SD-16538

Unattended (SCCM/Remote Package/Silent Deployment) method of SecureDoc installation fails to initiate Boot Logon when a user is not logged into Windows

Limitation:
This issue has been reported on the SecureDoc-protected Windows server and client devices that are running SES version of 7.1. When a SES administrator performs unattended installation of SecureDoc, the Windows client devices are unable to start the Boot Logon until a user logs into Windows.

Work-around:
Before deploying the installation packages, manually add the SilentDeployment=1 parameter in the PackageSettings.ini from server source where the SCCM uses to deploy to the client devices.

SD-16567

SecureDoc for Mac FileVault2: Unable to create container error

Limitation:
This issue occurs when a Mac FileVault2 installation package is created and deployed to the Mac FileVault2 devices with the Remote Media Container Encryption (RMCE) with the "Encrypt entire space and move files into container" option enabled. In such a scenario, when users attempt create RMCE in a USB, an error message, "Unable to create container" is displayed. However, if this USB has no data, then RMCE is created susscessfully.

Work-around:
NA

SD-15659

SecureDoc Mac FileVault2: The Current Account dialogue prompts again when clicking the Cancel button on a decryption completed MacFileVault2 device

Limitation:
This issue has been reported on Mac FileVault2 devices that are running 10.10.5 and 10.9.5 OS. This issue occurs when a SecureDoc -protected Mac FileVault2 device is decrypted manually. After the successful decryption and when a user hits the Cancel button of the Current Account Password prompt, this prompt re-appears.

Work-around:
Click the Cancel button again.

  Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.”

 すべて表示 Release Notes

—  フォローする  —