SecureDoc v6.3 Release Notes

すべて表示

New Features

  • User Key files are protected from being viewed by other users in multi-user mode. (SD-309)
  • Transfer of written back SDS records from DataStore to main SDS for OPAL SED. (SD-1028)
  • AD (Active Directory) Integration for Administrators / Admin Groups. (SD-3222) An administrator group has been added to AD. This will allow for all users in the group to be considered as administrators.
  • Additional logging/alert details have been added for Removable Media. Includes: username, computer name, action (create, mount, unmount), used device & authentication method (password/key), vendor & model. (SD-3423)
  • A Secure Wipe option has been implemented in the context Menu. (SD-3891) This will allow users to right click on folders and files (when enabled) to perform a wipe.
  • Added the ability to change from Password protection to Token protection. (SD-5142)
  • When FV 2 is turned off, the event is reported to SES Admin. (SD-5244)
  • PBU Driver mode (DriverBinding/Hook) setting has been added to Boot Configuration Page. (SD-5318)
  • Tools to verify UEFI platforms for compatibility with SecureDoc have been added. (SD-5454).
  • A FV 2 computer can be unlocked without the user's input by using Recovery Account password stored in the SES database. (SD-5601)
  • Preliminary support added for devices running Mac OS x 10.9 Mavericks. (SD-5797) Added SecureDoc Mac File Vault kernel support for Mac OS X 10.9 Mavericks.
  • Preliminary support added for devices running Mac OS x 10.9 Mavericks. (SD-5797)
  • SES Admins have the ability to customize messages on Forgot Password Screen. (SD-5853)
  • Option to hide User/Password fields in Preboot GUI (in PBL and PBU) via the client profile. (SD-6308)
  • By default, all applications have the ability to access and use encrypted files in FFE Folders. This functionality works when WhiteList is enabled, and only "authorized" programs are added. (SD-6898)
  • The following encryption methods will be used based on the FFE Folder: Network FFE Folders automatically use "Double Encryption"; Local FFE Folders automatically use "CFEL - Copy First Encryption Last". (SD-7095)

 

Bug Fixes and Improvements

Reference

Description
SD-738

PBConnex works with <option> key when more than one network adapter.

SD-761

Can change the password using challenge response on DATEV Smart cards.

An error use to occur when using challenge response to do a recovery on token.

SD-1825

The user will not have to logon to SecureDoc after a reboot (when using permanent autoboot)

The permanent autoboot feature has been fixed when the device is using a SED.

SD-1997

Challenge Response has been added to RMCE Viewer.

With administrator assistance users can recover access to an encrypted container or a removable media device through a challenge response recovery process.

SD-4118

Boot Configuration settings will not auto-reset to default upon restarting the device.

SD-4240 DATEV SmartCard Classic V2 with the certificate change now work the SecureDoc.
SD-4759 SD no longer recognizes the HP Officejet 100 Mobile L411 printers as having storage media.

The HP Officejet 100 Movile L411 contains a memory area which caused conflicts with machines running SecureDoc when trying to print.

SD-4943 Additional details have been added to the Disk Access Control's "Log write access" feature.

The following information has been added:

Date & Time of File Transfer, Username, Serial # of PC, USB Device Name, When USB Device was connected, File Name and Destination, IP Address of Device/

The logs or accessible centrally from the SES Console.

SD-4975 When encrypting a USB with RMCE, the password rules regarding strength and complexity from the SES installation will be used.
SD-5456

Support has been added for the Dell 6430U smart card reader.

SD-5857

SD-5858

SD-5859

Several Wireless options have been added.

  • Wireless Config Settings can now be hidden. It has now been added to the F3 Keyboard options.
  • Show Password on the config screen has been removed.
  • Additional Wifi drivers have been added
  • HP Elitebook 860
  • Intel WLAN Radio Model 633ANHMW
SD-5885 PC Serial # (aka Service Tag) column has been added to RME Logging.

SD-6110

SD-6248

SD-6307

The delay time has been reduced when logging onto the device after SecureDoc has been installed.
SD-6129 SDPin no longer crashes due to a very long AES encryption key. The max key length has been set to 64.
SD-6178

When a shared folder is used for communication the SDI file will be sent to the destination folder in Windows 8/8.1.

SD-6218 SESCMD logic has been improved when re-adding users or SES PBConnex with duplicates.
SD-6256

When creating a container on removable media the correct % will be used from the free space.

There are limitations to the FAT and FAT 32 file systems as they do not support more than 4 GB files. The container itself is a form of a file.

SD-6269

Challenge Response length coincides with what was set.

SD-6346

It is now possible to update SD without having user and computer information completely filled out.

An error is caused when some pieces of information retrieved from SES is returned as Null.

SD-6387 NIC card support added for the I217-LM NIC card in pre-boot.
SD-6436 Performance upgrades have been done to improve updating/sending of keys to large scale environments.
  • Ability to disable UDP client wakeup packet
  • Improved througput of SDConnex Server

SD-6497

SD-6649

Only MAC profiles will be displayed for MAC devices (WIndows profiles will not be shown).
SD-6507

Blue screen no longer occurs when copying a file to the container.

SD-6557 v5 Authentication works on Seagate OPAl drives running on Dell E6510 devices.
SD-6574

Growth of database logs on Samsung version no longer occurs.

The issue on the custom Samsung build with the DB logs growing to over 200Gb has been fixed.

SD-6576

Added support for in Windows and at pre-boot for v4 and v5 for several smart cards.

"SG 330-xx Oberthur xx" and "SG 330-xx Datakey 330-GS"

SD-6720 Gemalto Token 3300A (manufacture date of 2013) is supported in PBA.
SD-6793 The SDConnex Alerts and Licence count will now be saved to the config file.

This will allow for any configurations made to be seen in SES.

SD-6805 Support added for 802.1x over wired networks.
SD-6982 Support added for DATEV mIdentity Air token in Pre-Boot Linux (PBL) and Pre-Boot UEFI (PBU).
SD-7005

SSO fails after Recovery in PBConnex AutoBoot and ENC is not updated after the user logs in.

The ENC file is properly updated and saved after performing recovery on their device (when Silent deployment is enabled). Also fixed for when the user password expires and recovery is performed while offline.

SD-7022 Encryption can be enforced on Secure Digital Memory Cards on Mac FV 2.
SD-7161 Unable to install/re-install on an OPAL M500 FW:MU02/PM841.

The error causing OPAL activation to error out whenever the Key ID is 64 characters has been resolved.

SD-7424 Key Name no longer shows up under the computer name.
SD-7434

After restarting a key chain password validation prompt is displayed on FileVault 2 for Mac OS 10.9 and 10.9.1.

The key chain password validation prompt no longer appears without having to change the password.

 

Known Limitations

Reference

Description
SD-2162 Unable to login at Boot Logon after succesfully deploying a UPEK FingerPrint reader.

UserData cannot be retrieved because Windows cannot be launched.

SD-4957

In Disk Access Control (DAC) the expiration timer does not work properly.

When a timer is set up with the "Enable temporary profile setting" it should return the default profile after the time limit has run out.

SD-5072 When migrating to SES from HP Protect Tools stand-alone encryption, the new key file doesn't have a self-help question.

When upgrading from HPPT, only use of password is supported for authentication. Other modes of authentication: Self-help/Sparekey, fingerprint and smartcard are not supported.

SD-5622

SD7544

An error occurs on the PBU screen when "Communication" is set.

When setting up a SecureDoc package on SES, when setting the “Communication” by the Server Network Name, an error will occur on the PBU screen. This does not happen when setting up by the Server IP Address.

Workaround:

The Server Network Name cannot be used. As a temporary measure, when creating the SecureDoc package the Server IP Address should be used.

SD-5808 On-screen keyboard support is not available on PBL authentication on Panasonic FZ-G1 tablets.

On Windows 8, the touchscreen works but not the pen (due to hardware limitations.

Note: On PBU, only the finger touch is supported.

On Windows 7, the touchscreen works but the pen has to be calibrated in order to work.

  1. Turn on device
  2. When Preboot loads tap screen and allow timer to count down (5 sec.).
  3. A black screen will appear for calibration
  4. Tap on the four corners of the screen (starting from the top left)
  5. If done incorrectly just power off and retry

After calibrating your finger, the Stylist can be calibrated.

  1. Press F3 on theon-screen keyboard.
  2. A menu will appear on the bottom right corner.
  3. Click the "i option".
  4. An info page will appear
  5. Click the drop down menu
  6. Select (dev/input/tablet/WmPen4)
  7. Click Calibrate
  8. A calibrate stylist screen will appear (start at the top left)
SD-6379

Submitting SDForm will fail with "Error 08995"

Submit SDFrom will fail and show "Passwords may not be empty" dialogue when the AD User can not get a generic password if it is assigned to a folder.

SD-6452 Abnormal PBA time when an encrypted USB is kept inserted into a NEC PC-VK15EZSDG-B Tablet (Win7x32).
SD-6481 Encryption status is incorrect while installing the SDFVMac package.

The encryption status is shown in plaintext.

SD-6506

The IP address cannot be obtained on boot with machines running Windows Server 2012.

Currently only affects the following configuration:

Virtual Machine: Windows 2012 Server/Windows 2012 R2 Server with BIOS and Pre-Boot Linux.

SD-6522

During a file encryption when using a VM Client, if the process is interrupted the file may become corrupted.

When using the Power Off button to turn off the virtual machine it will work like a power switch (like a power supply). The virtual machine is abruptly powered off with no consideration for work in progress.

Note: If a virtual machine is writing to disk when it receives a Power Off command, data corruption may occur. It is recommended to perform a graceful shutdown on the virtual machine.

SD-6600 Creating a container on Windows 7 will not be recognized on Windows XP.

When creating a removable media container on Windows 7, it will be formatted as an ExFat file. This file format is not compatible with Windows XP and will cause an error.

SD-6734 UEFI Preboot does not automatically load on a Toshiba z10t device.
SD-6802 Self-help does not give a prompt after the user has changed the initial password successfully.
SD-6825
SD-6826
Lenovo xx40 series laptops with the Validity Fingerprint Sensor are not yet fully supported.

There still needs to be support for PBL and Windows.

SD-6875

The "Alt Gr key" for the German keyboard does not work at PBU when using a hardware keyboard.

The virtual keyboard supports using the "Alt Gr key".

SD-7015

Static IP addressing does not work for wired PBConnex based authentication.

SD-7027 An "Incorrect Password" dialogue is incorrectly displayed when trying to login to Version 4 Boot Logon.

When trying to login with the correct password, an error ("0xa0") is incorrectly shown.

SD-7047

English Keyboard is still used in UEFI even when the German keyboard is selected.

In UEFI there is also no standard way to get the status of special keyboard keys (Ctrl, Alt, Shift, Caps, Scroll Lock, ...) There is no support for these keys.

SD-7125

Confirmation message is displayed even when a USB is added into the Trust Control.

When a USB device is added into the Trust Control and "Automatically encrypt removable media", and "Encrypt Immediately" is selected, a prompt is still displayed asking the user if they he/she wants to encrypt the device.

SD-7173

The SecureDoc Wipe Folder does not work with the following types of drives:

  • Container Mounted Drive
  • Dynamic Drives
  • USB containing RMCE
SD-7314 The header in the SecureDoc Control Center (SDCC) currently only shows one line and is truncated.

After changing the header in the SDCC under in "Boot Text and color" it does not display properly.

SD-7315 Unable to change to a new password which contains special charcters in Greek and Russian.
SD-7325

The message for the Challenge Response prompt is truncated.

A message with multiple lines will only show a maximum of 6 lines.

SD-7340

On Windows 8, personal key files cannot be created for Windows users with Case Switch Users.

This occurs when there are two Windows Accounts. The users must also have logged onto Windows before the installation of SecureDoc.

SD-7356 PBConnex does not work when upgrading HP Protect Tools to SecureDoc
SD-7361

System Slot does not recognize other Windows Accounts after shutdown when Fast Startup is enabled.

A device with multiple SecureDoc users assigned to it will cause issues as Windows 8 treats "shutdowns" as "hibernate"

Workaround:
Fast Startup needs to be disabled.

SD-7375 The "Password convert to TPM succesful" dialogue appears again after the machine has been rebooted.
SD-7376

RSA SecureID 800 tokens are not supported with the v4 Boot Code.

RSA SecureID 800 tokens are only supported in PBL and PBU mode.

SD-7377

SD-7398

eToken Pro 72K (Java) not supported for login PBU.
SD-7411 V4 and V5 BL do not work with theGemalto .NET v2 smartcard when using protection.
SD-7443 Error 9204 in the Standalone version of 6.3.

Workaround:

Log on to the SecureDoc Control Center and navigate to:

Boot Control -> Install/Uninstall Boot Logon -> Update

SD-7484

A recovery drive cannot be created on Windows 8 when a USB drive is inserted.

Workaround:

  • Go to registry editor:
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\partmgr\Parameters]
  • Add "RMMode" [REG_DWORD], set value = 1
  • Reboot the machine, select the recovery drive, following which the media creation can proceed further.
  • Delete the previous registry value, otherwise, SD cannot encrypt removable media.
SD-7500 Unable to select/check the checkboxes on some pages as: FFE Network Fodler, Assign FFE policy / Users / Keys / Groups to Device on Internet Explorer.

No support for the latest version of Internet Explorer 11. This is causing the select/check feature on some pages to not display properly.

Workaround:

It is advised to use Chrome and Firefox until a fix is made.

SD-7501 The "IP Address" and "User" columns in FFE log have empty data.
SD-7548 Error "SecCode not found" occurs after migrating SD client to v6.3 on Win XP.

SD-7576

SD-7589

After migrating SecureDoc from v4.91, it is unable to bypass BL with PBN autoboot.
SD-7590 SecureDoc PBL is currently not supported on HP ProBook 455 G1 machines.

 すべて表示 Release Notes