New Features
- User Key files are protected from being viewed by other users in multi-user mode. (SD-309)
- Transfer of written back SDS records from DataStore to main SDS for OPAL SED. (SD-1028)
- AD (Active Directory) Integration for Administrators / Admin Groups. (SD-3222) An administrator group has been added to AD. This will allow for all users in the group to be considered as administrators.
- Additional logging/alert details have been added for Removable Media. Includes: username, computer name, action (create, mount, unmount), used device & authentication method (password/key), vendor & model. (SD-3423)
- A Secure Wipe option has been implemented in the context Menu. (SD-3891) This will allow users to right click on folders and files (when enabled) to perform a wipe.
- Added the ability to change from Password protection to Token protection. (SD-5142)
- When FV 2 is turned off, the event is reported to SES Admin. (SD-5244)
- PBU Driver mode (DriverBinding/Hook) setting has been added to Boot Configuration Page. (SD-5318)
- Tools to verify UEFI platforms for compatibility with SecureDoc have been added. (SD-5454).
- A FV 2 computer can be unlocked without the user's input by using Recovery Account password stored in the SES database. (SD-5601)
- Preliminary support added for devices running Mac OS x 10.9 Mavericks. (SD-5797) Added SecureDoc Mac File Vault kernel support for Mac OS X 10.9 Mavericks.
- Preliminary support added for devices running Mac OS x 10.9 Mavericks. (SD-5797)
- SES Admins have the ability to customize messages on Forgot Password Screen. (SD-5853)
- Option to hide User/Password fields in Preboot GUI (in PBL and PBU) via the client profile. (SD-6308)
- By default, all applications have the ability to access and use encrypted files in FFE Folders. This functionality works when WhiteList is enabled, and only "authorized" programs are added. (SD-6898)
- The following encryption methods will be used based on the FFE Folder: Network FFE Folders automatically use "Double Encryption"; Local FFE Folders automatically use "CFEL - Copy First Encryption Last". (SD-7095)
Bug Fixes and Improvements
|
Reference |
Description |
| SD-738 |
PBConnex works with <option> key when more than one network adapter. |
| SD-761 |
Can change the password using challenge response on DATEV Smart cards. An error use to occur when using challenge response to do a recovery on token. |
|
SD-1825 |
The user will not have to logon to SecureDoc after a reboot (when using permanent autoboot)
The permanent autoboot feature has been fixed when the device is using a SED. |
| SD-1997 |
Challenge Response has been added to RMCE Viewer. With administrator assistance users can recover access to an encrypted container or a removable media device through a challenge response recovery process. |
| SD-4118 |
Boot Configuration settings will not auto-reset to default upon restarting the device. |
| SD-4240 | DATEV SmartCard Classic V2 with the certificate change now work the SecureDoc. |
| SD-4759 | SD no longer recognizes the HP Officejet 100 Mobile L411 printers as having storage media.
The HP Officejet 100 Movile L411 contains a memory area which caused conflicts with machines running SecureDoc when trying to print. |
| SD-4943 | Additional details have been added to the Disk Access Control's "Log write access" feature.
The following information has been added: Date & Time of File Transfer, Username, Serial # of PC, USB Device Name, When USB Device was connected, File Name and Destination, IP Address of Device/ The logs or accessible centrally from the SES Console. |
| SD-4975 | When encrypting a USB with RMCE, the password rules regarding strength and complexity from the SES installation will be used. |
| SD-5456 |
Support has been added for the Dell 6430U smart card reader. |
|
SD-5857 SD-5858 SD-5859 |
Several Wireless options have been added.
|
| SD-5885 | PC Serial # (aka Service Tag) column has been added to RME Logging. |
|
SD-6110 SD-6248 SD-6307 |
The delay time has been reduced when logging onto the device after SecureDoc has been installed. |
| SD-6129 | SDPin no longer crashes due to a very long AES encryption key. The max key length has been set to 64. |
| SD-6178 |
When a shared folder is used for communication the SDI file will be sent to the destination folder in Windows 8/8.1. |
| SD-6218 | SESCMD logic has been improved when re-adding users or SES PBConnex with duplicates. |
| SD-6256 |
When creating a container on removable media the correct % will be used from the free space. There are limitations to the FAT and FAT 32 file systems as they do not support more than 4 GB files. The container itself is a form of a file. |
| SD-6269 |
Challenge Response length coincides with what was set. |
| SD-6346 |
It is now possible to update SD without having user and computer information completely filled out. An error is caused when some pieces of information retrieved from SES is returned as Null. |
| SD-6387 | NIC card support added for the I217-LM NIC card in pre-boot. |
| SD-6436 | Performance upgrades have been done to improve updating/sending of keys to large scale environments.
|
|
SD-6497 SD-6649 |
Only MAC profiles will be displayed for MAC devices (WIndows profiles will not be shown). |
| SD-6507 |
Blue screen no longer occurs when copying a file to the container. |
| SD-6557 | v5 Authentication works on Seagate OPAl drives running on Dell E6510 devices. |
| SD-6574 |
Growth of database logs on Samsung version no longer occurs. The issue on the custom Samsung build with the DB logs growing to over 200Gb has been fixed. |
| SD-6576 |
Added support for in Windows and at pre-boot for v4 and v5 for several smart cards. "SG 330-xx Oberthur xx" and "SG 330-xx Datakey 330-GS" |
| SD-6720 | Gemalto Token 3300A (manufacture date of 2013) is supported in PBA. |
| SD-6793 | The SDConnex Alerts and Licence count will now be saved to the config file.
This will allow for any configurations made to be seen in SES. |
| SD-6805 | Support added for 802.1x over wired networks. |
| SD-6982 | Support added for DATEV mIdentity Air token in Pre-Boot Linux (PBL) and Pre-Boot UEFI (PBU). |
| SD-7005 |
SSO fails after Recovery in PBConnex AutoBoot and ENC is not updated after the user logs in. The ENC file is properly updated and saved after performing recovery on their device (when Silent deployment is enabled). Also fixed for when the user password expires and recovery is performed while offline. |
| SD-7022 | Encryption can be enforced on Secure Digital Memory Cards on Mac FV 2. |
| SD-7161 | Unable to install/re-install on an OPAL M500 FW:MU02/PM841.
The error causing OPAL activation to error out whenever the Key ID is 64 characters has been resolved. |
| SD-7424 | Key Name no longer shows up under the computer name. |
| SD-7434 |
After restarting a key chain password validation prompt is displayed on FileVault 2 for Mac OS 10.9 and 10.9.1. The key chain password validation prompt no longer appears without having to change the password. |
Known Limitations
|
Reference |
Description |
| SD-2162 | Unable to login at Boot Logon after succesfully deploying a UPEK FingerPrint reader.
UserData cannot be retrieved because Windows cannot be launched. |
| SD-4957 |
In Disk Access Control (DAC) the expiration timer does not work properly. When a timer is set up with the "Enable temporary profile setting" it should return the default profile after the time limit has run out. |
| SD-5072 | When migrating to SES from HP Protect Tools stand-alone encryption, the new key file doesn't have a self-help question.
When upgrading from HPPT, only use of password is supported for authentication. Other modes of authentication: Self-help/Sparekey, fingerprint and smartcard are not supported. |
|
SD-5622 SD7544 |
An error occurs on the PBU screen when "Communication" is set. When setting up a SecureDoc package on SES, when setting the “Communication” by the Server Network Name, an error will occur on the PBU screen. This does not happen when setting up by the Server IP Address. Workaround: The Server Network Name cannot be used. As a temporary measure, when creating the SecureDoc package the Server IP Address should be used. |
| SD-5808 | On-screen keyboard support is not available on PBL authentication on Panasonic FZ-G1 tablets.
On Windows 8, the touchscreen works but not the pen (due to hardware limitations. Note: On PBU, only the finger touch is supported. On Windows 7, the touchscreen works but the pen has to be calibrated in order to work.
After calibrating your finger, the Stylist can be calibrated.
|
| SD-6379 |
Submitting SDForm will fail with "Error 08995" Submit SDFrom will fail and show "Passwords may not be empty" dialogue when the AD User can not get a generic password if it is assigned to a folder. |
| SD-6452 | Abnormal PBA time when an encrypted USB is kept inserted into a NEC PC-VK15EZSDG-B Tablet (Win7x32). |
| SD-6481 | Encryption status is incorrect while installing the SDFVMac package.
The encryption status is shown in plaintext. |
| SD-6506 |
The IP address cannot be obtained on boot with machines running Windows Server 2012. Currently only affects the following configuration: Virtual Machine: Windows 2012 Server/Windows 2012 R2 Server with BIOS and Pre-Boot Linux. |
| SD-6522 |
During a file encryption when using a VM Client, if the process is interrupted the file may become corrupted. When using the Power Off button to turn off the virtual machine it will work like a power switch (like a power supply). The virtual machine is abruptly powered off with no consideration for work in progress. Note: If a virtual machine is writing to disk when it receives a Power Off command, data corruption may occur. It is recommended to perform a graceful shutdown on the virtual machine. |
| SD-6600 | Creating a container on Windows 7 will not be recognized on Windows XP.
When creating a removable media container on Windows 7, it will be formatted as an ExFat file. This file format is not compatible with Windows XP and will cause an error. |
| SD-6734 | UEFI Preboot does not automatically load on a Toshiba z10t device. |
| SD-6802 | Self-help does not give a prompt after the user has changed the initial password successfully. |
| SD-6825 SD-6826 |
Lenovo xx40 series laptops with the Validity Fingerprint Sensor are not yet fully supported.
There still needs to be support for PBL and Windows. |
| SD-6875 |
The "Alt Gr key" for the German keyboard does not work at PBU when using a hardware keyboard. The virtual keyboard supports using the "Alt Gr key". |
| SD-7015 |
Static IP addressing does not work for wired PBConnex based authentication. |
| SD-7027 | An "Incorrect Password" dialogue is incorrectly displayed when trying to login to Version 4 Boot Logon.
When trying to login with the correct password, an error ("0xa0") is incorrectly shown. |
| SD-7047 |
English Keyboard is still used in UEFI even when the German keyboard is selected. In UEFI there is also no standard way to get the status of special keyboard keys (Ctrl, Alt, Shift, Caps, Scroll Lock, ...) There is no support for these keys. |
| SD-7125 |
Confirmation message is displayed even when a USB is added into the Trust Control. When a USB device is added into the Trust Control and "Automatically encrypt removable media", and "Encrypt Immediately" is selected, a prompt is still displayed asking the user if they he/she wants to encrypt the device. |
| SD-7173 |
The SecureDoc Wipe Folder does not work with the following types of drives:
|
| SD-7314 | The header in the SecureDoc Control Center (SDCC) currently only shows one line and is truncated.
After changing the header in the SDCC under in "Boot Text and color" it does not display properly. |
| SD-7315 | Unable to change to a new password which contains special charcters in Greek and Russian. |
| SD-7325 |
The message for the Challenge Response prompt is truncated. A message with multiple lines will only show a maximum of 6 lines. |
| SD-7340 |
On Windows 8, personal key files cannot be created for Windows users with Case Switch Users. This occurs when there are two Windows Accounts. The users must also have logged onto Windows before the installation of SecureDoc. |
| SD-7356 | PBConnex does not work when upgrading HP Protect Tools to SecureDoc |
| SD-7361 |
System Slot does not recognize other Windows Accounts after shutdown when Fast Startup is enabled. A device with multiple SecureDoc users assigned to it will cause issues as Windows 8 treats "shutdowns" as "hibernate" Workaround: |
| SD-7375 | The "Password convert to TPM succesful" dialogue appears again after the machine has been rebooted. |
| SD-7376 |
RSA SecureID 800 tokens are not supported with the v4 Boot Code. RSA SecureID 800 tokens are only supported in PBL and PBU mode. |
|
SD-7377 SD-7398 |
eToken Pro 72K (Java) not supported for login PBU. |
| SD-7411 | V4 and V5 BL do not work with theGemalto .NET v2 smartcard when using protection. |
| SD-7443 | Error 9204 in the Standalone version of 6.3.
Workaround: Log on to the SecureDoc Control Center and navigate to: Boot Control -> Install/Uninstall Boot Logon -> Update |
| SD-7484 |
A recovery drive cannot be created on Windows 8 when a USB drive is inserted. Workaround:
|
| SD-7500 | Unable to select/check the checkboxes on some pages as: FFE Network Fodler, Assign FFE policy / Users / Keys / Groups to Device on Internet Explorer.
No support for the latest version of Internet Explorer 11. This is causing the select/check feature on some pages to not display properly. Workaround: It is advised to use Chrome and Firefox until a fix is made. |
| SD-7501 | The "IP Address" and "User" columns in FFE log have empty data. |
| SD-7548 | Error "SecCode not found" occurs after migrating SD client to v6.3 on Win XP. |
|
SD-7576 SD-7589 |
After migrating SecureDoc from v4.91, it is unable to bypass BL with PBN autoboot. |
| SD-7590 | SecureDoc PBL is currently not supported on HP ProBook 455 G1 machines. |