SecureDoc v5.3 Release Notes

Sending information during conversion

New status field in the SES management console will reveal if a device is in a conversion state.

External/internal multiple SED drive support

SES management console can manage multiple self-encrypting internal and external drives from one device. SES will have data (e.g. PIN) to recover the SED drives. A new field will list and manage all removable self-encrypted drives that are encrypted from a client device.

Convert RMO to full disk encryption

Existing devices that are deployed to encrypt only removable media can be converted by SES Administrators to a full disk encryption profile package without un-installing the software.

Audit log improvements

Clearer and specific descriptions have been added to SES audit logs displaying why a remote command has been executed on a device.

SES settings for RMO packages

Enhanced SES Settings where password sync now works for RMO packages.

Export of SES communication certificate

Enables ability to import and export an SES certificate to multiple databases.

Reference

Corrected issue where the reboot command and the lock PC command wouldn't work when the SES and the client were in different time zones.

Corrected issue where Active Directory could not import static groups from the generic LDAP server.

Corrected issue where Active Directory Sync with a Microsoft domain and a generic domain together wouldn't work.

Corrected issue where SES would not properly track Intel AT licences via the management console.

Added missing file that was causing Web Reporting installation failure.

Corrected Login failure on web reporting tool related to users with "NT/Authority/Anonymous Login"

Removed conflict issues for Password Rule Management

Reference

Removable media container encryption

SecureDoc Gold Edition users can create a encrypted container on removable media. This container is mounted like a normal hard drive, and anything copied into the container is automatically encrypted.

PBCONNEX wireless support

Users will be able to use their WLAN network to communicate to their management console. This new feature will let users select the available wireless network, authenticate and then communicate to SES securely.

SecureDoc OSA SED support

Devices equipped with an SED drive can be encrypted at pre-boot. The encryption process is completely independent of the host operating system and the installation process is started from either bootable removable media or a PXE server.

User-friendly troubleshooting

PBConnex errors are now logged in the background. These logs can be captured by generating logs using the new built-in option and the logs can be copied to removable media for trouble-shooting.

Remote crypto-erase support at pre-boot

Administrators can execute a remote crypto-erase command that can render the device inaccessible at pre-boot (applies to both hardware and software). The device can be restored back using the emergency disk management console for software only.

SED improvements

Resolve problems related to caching x-mode and y-mode values after every reboot.

New SDFORM

Notifies users with a communication progress and registration process update during installation; as well as an option to retry in case of failures. Also separates related error messages from SDForm to a new pop-up window.

SecureDoc account improvements

Windows credentials can now be the same as SecureDoc credentials. Enabling an easier form of single sign-on with the same NT login for SecureDoc as is used for Windows based on Active Directory credentials.

Support for new Intel AT 3.0 platform

“Poison Pills” and “Unlocks” can be sent via SES to mobile PC via SMS to disable platforms when the OS is not running and the PC is not connected to the TCP/IP network. Additionally, a sleep resume timer is available that will power off the PC, protecting data in the RAM, if user doesn’t authenticate after a configurable amount of time after resuming from sleep.

Pre-boot enhancements

Can now force machine power-off based on timer if user does not login within a set period of time at pre-boot.

Reference

Corrected issue where conversion window would disappear.

Corrected issue where user who had 'Lock computer when token is removed' enabled with single sign-on and had to use 'Challenge/Response' they would be stopped from logging into Windows.

SecureDoc service now runs properly on Flat-book.

Corrected issue where users were unable to create bootable media when using removable USB drive (Flash or Disk) when SecureDoc was installed.

Corrected issue with converted disk drives would not resize properly in Windows 7.

Corrected issue where a client with the SD v4 boot loader is enabled is switched to the v5 boot loader.

Corrected pre-boot issue to ensure support for 2048-bit certificates with Gemalto Smartcards.

Issue corrected with Aladdin token so that error 0x01 no longer occurs.

Drive Encryption

Resolved known issue where the disk encryption table was unable to recognize a removable floppy drive.

Challenge Response

Fixed issue where SES would use a 32-bit response but device client would only support a max of 10-bit response.

Reference

Support for PBConnex auto-boot

SecureDoc for Mac now includes PBConnex support for auto boot, not offered in the previous edition.

Updated installer

SecureDoc using updated Mac file installer package nomenclature - .dmg

Single sign-on for PBConnex and active directory accounts

Added single sign-on support for PBConnex and Microsoft Active Directory accounts to enable faster boot log-in and security.

Resident key file

Added ability to enable the creation resident key file at PBN login.

Pre-boot enhancement

Can now force machine power-off based on timer if user does not login within a set period of time.

Improvements

When upgrading SecureDoc versions, the older version is properly uninstalled.

Reference

Resolved Mac OS X boot failure where efi-runtime interface is timed out.

Fixed the way SecureDoc cleans up install files in the event installation is cancelled.

SecureDoc no longer re-asks user to create recovery media.

Improved PBConnex functionality - specifically around user authentication where if key file password doesn't match, the SES server will check for updated password.

Login counter

Corrected issue for Macs where the Failed Login counter wouldn’t reset after a successful Mac pre-boot networking login.