SecureDoc V8.6 SR1 HF4 Release Notes

すべて表示

SecureDoc Support

WinMagic strongly recommends that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and new features.

Please visit Knowledge Base Article 1397 for more information on End of Life and End of Support timelines for SecureDoc software releases.

Customers running SecureDoc 6.5 and earlier should upgrade their server and clients to an actively supported software version. For more information on upgrading from SecureDoc 6.5 and earlier, please visit http://downloads.winmagic.info/SD8.2SR1/HF2/Release_Notes_8.2SR1HF2.pdf.


About This Release

This document contains important information about the current release. We strongly recommend that you read the entire document.

Recommended – WinMagic recommends this service release for all environments. Apply this update at your earliest convenience.

Previous Versions

Version

Release Date

Details

8.6

December 8th, 2020

New Features, Improvements and fixes (server/client)

8.5

December 5th 2019

New Features, Improvements and fixes (server/client)

8.5 SR1

April 8th 2020

New features, improvements and fixes (server/client)

8.5 SR2

June 11th 2020

New features, improvements and fixes (server/client)

Download the latest release notes for each version listed within Knowledge Base Article 1756.

System Requirements
For server and client system requirements: https://www.winmagic.com/support/technical-specifications
For supported devices, drives, smartcards and tokens: https://www.winmagic.com/device-compatibility

Note:  It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation.
More information is available here: http://msdn.microsoft.com/en-us/library/ms143786(v=sql.100).ASPX

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note:  Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly

Client OS Support
For a detailed view of which specific versions of SecureDoc are supported under various versions of Windows, macOS or Linux: See: https://www.winmagic.com/support/technical-specifications

The KnownConfigs.XML File

Customers are strongly advised to download the most current KnownConfigs.XML file, then replace the current version (if older) in the SES Application folders and
Installation Packages.

WinMagic strongly recommends that you seek out the most up-to-date version of the KnownConfigs.XML file and incorporate it into your SES implementation on a regular basis (e.g. monthly). This will help ensure your SES Version will take advantage of new client installation override settings that have been added since the version of the KnownConfigs.XML file that came with your version of SES. This will improve installation success on any new device makes/models you might purchase since installing SES, utilizing the new special settings available in newer versions of this file.
Customers are advised to look to the SecureDoc Knowledge Base for a link to the available KnownConfigs.XML files, then check that document (e.g. on a monthly basis) for updates to this file, then use the new version to replace all versions of the KnownConfigs.XML file in their SES Implementation folder structure. For example:

  • Position Windows Explorer to: c:\Program Files(x8)\WinMagic\SDDB-NT, then
  • Search for files like *.xml.
  • Sort the resulting search list by name
  • In each directory where a KnownConfigs.XML file is found, replace it with the new one that you have downloaded from the WinMagic Knowledge Base article.

Additional information can be found here: Installing or updating the KnownConfigs.xml file (Applies to SES from Version 7.5 onward).

The latest versions of the KnownConfigs.XML files can be found at the following links:

    • SecureDoc Device KnownConfigs.XML File for SES V8.2 And Later- Download the

latest version of this here: https://na80.salesforce.com/articles/Service/SecureDoc-Device-KnownConfigs-XML- File-for-SES-V8-2-Download-the-latest-version-of-this-here

    • SecureDoc Device KnownConfigs.XML File for SES V7.5 - Download the latest

version of this here: https://na80.salesforce.com/articles/Service/SecureDoc-Device-KnownConfigs-XML-File-for- SES-V7-5-Download-the-latest-version-of-this-here

The contents of the KnownConfigs.XML file are reserved to be developed and advanced by WinMagic solely. While customers might consider enhancing it, WinMagic cannot be held responsible for issues that might arise from such modifications and may (at its sole discretion) levy an additional support charge to any customers that encounter support issues that can be traced back non-sanctioned customer-initiated changes to KnownConfigs.XML.
WinMagic welcomes customer ideas and suggestions on how KnownConfigs.XML can be extended and improved, but WinMagic reserves the sole right to test, approve and to publish any changes to KnownConfigs.XML that it deems to be in the broader customer interest, and makes no commitment to act upon or publish all, or indeed any customer-recommended changes.

Version 8.6SR1 HotFix 4

Which customers should upgrade to 8.6SR1 HF4?

Customers who wish to deploy macOS 12.x Monterey should upgrade to this Hot Fix. Customers who can take advantage of improvements listed in the other issues covered in these release notes may similarly wish to upgrade.

 

Improvements

SD-38401 SecureDoc now supports macOS 12.X Monterey

Issue: macOS continues to evolve and SecureDoc must provide support for newer versions of macOS. Solution: SES V8.6SR1 HF4 supports client devices running macOS 12.X Monterey.


SD-32774 SecureDoc Icon remains dark when macOS desktop is change to Dark Mode, making icon difficult to see

Issue: If the user changes the macOS desktop to utilize the Dark Mode setting, the SecureDoc menu icon would remain as black characters in the menu bar, making it difficult to find.

Solution: Now, the SecureDoc menu icon in the Menu bar will become white on dark when the macOS desktop is in Dark Mode.


SD-36698, SD-36625 SecureDoc for Mac installation now warns standard-rights user to use elevated-rights user account for installation

Due to limitations in recent macOS operating system versions, installation must be performed by a user account that has elevated rights. If a standard-rights account is detected, the installation will indicate this in a message box, after which it can be terminated so that it can be retried under an elevated-rights account.


SD-37587 SecureDoc for macOS has been improved to permit users to use the Recovery Account again if they failed to set a new password

Issue: If macOS users forget their passwords and want to use WM recovery account to login preboot, in previous versions, if they failed to successfully set a new password after logging in using the Recovery Account, they could not do so again using the same Recovery Account password if the device was rebooted before a new personal password could be set.

Solution: In this version, users who fail to successfully set a new Password prior to rebooting the device (after having used the Recovery Account to log in) may use the same Recovery Account password in order to have a second chance to set a new password.


SD-37588 Delay rotation of FileVault 2 Recovery string until device is capable of communicating with SDConnex and SES Server.

Issue: Where users forget their password, they will use the WinMagic recovery account to login to FIleVaul2 to on a macOS device. After the user logs in and sets a new password the device SecureDoc will rotate the recovery account to have a new password, and communicate that to SES.

However, if in the interim that device is no longer able to communicate with the SES server, then the new Recovery Account cannot be communicated and stored in the SES server.

Solution: With this improvement, the device will delay rotating the recovery account password until the next time it is successfully able to communicate to the SES server.


SD-37635 Upon logging in to a macOS device protected with SecureDoc for FileVault 2, an error message appears indicating the Recovery Account password can't be changed/rotated at this time.

Issue: Following login using the FileVault 2 Recovery Account, the following message appears: "The Recovery account password can't be set this time. Please try to Login as other User. Please inform your SecureDoc Administrator that setting Recovery password failed. ". Upon logging out then logging in with other user. account, once SecureDoc starts normally and communication with server has completed, it was noted that instead of rotating automatically to a new value, the WinMagic recovery password remained as it was before the above scenario. If the Administrator tried to send down a remote command to force-change the recovery password, Error 0x1 occurred while parsing the remote command data.

Background: After investigation, we have found out the root cause for WinMagic recovery account cannot change its password is because this account is defined as SecureToken Disabled. The reason for this is because M1 chip macOS BigSur allows Standard User to enable FV2, but when our account is created with Standard User credential, this account doesn't have SecureToken Enabled.

Solution: To resolve this issue, we have forced SecureDoc to prevent a Standard user from enabling FileVault 2.


SD-39007, SD-39130 Redundant SecureDoc FV2 messages following macOS upgrade and login using FileVault recovery account have been suppressed.

Issue: Following an ugrade of macOS, upon next login to SecureDoc for FileVault 2, the user would encounter a series of redundant messages after logging in with the FileVault recovery account.

Solution: The redundant messages have been suppressed. After macOS has been upgraded and the user has logged in with the WinMagic account, the multiple system redundant messages that were displayed (and which the user would need to ignore) have been eliminated in this fix.

NOTE: There is a new Password Confirmation dialog that appears starting in this version. Version 8.6 SR1 and earlier did not enquire the user to provide a password after performing a macOS major upgrade.


SD-39130 The WinMagic Recovery Account may fail/be stuck at the Login Page after upgrading macOS following recovery.

Issue: If a user has used the WinMagic recovery account logged into system to perform user password recovery, the WinMagic recovery account has gone through the user setup configuration which is provided by macOS After that, if the user upgraded macOS to the a newer version, some user settings cannot be handled by the macOS upgrade.

The issue is after macOS upgrading is done and user wants to login with WinMagic recovery account to perform recovery (reset real user password), the device will remain stuck at the user login page, and the WinMagic account fails to login to the system.

Resolution: In SES V8.6SR1 HF4 SecureDoc for FileVault 2 (SDFV2), after macOS has been upgraded to the newer version, SDFV2 will delete the WinMagic recovery account and re-create a new one.
The User will encounter the Password Confirmation dialog to provide user credentials so that SecureDoc can re- create the new WinMagic recovery account correctly, then add this account into the FileVault 2 Unlock list.
After re-creating the WinMagic recovery account, macOS will treat this user as a new user. It won't have issues when logging into the system.
This has also resolved an issue that occurred in a previous version; After macOS was upgraded and the user logged in with the WinMagic account, it several system redundant messages were displayed which the user would need to ignore. These redundant messages have been eliminated in this fix.
One disadvantage is this Password Confirmation dialog is new, starting in this version. Version 8.6 SR1 and earlier did not require the user to provide a password after performing a macOS major upgrade.


SD-39392 An issue with macOS users not having enough time to approve Full Disk Encryption has been improved.

Issue: Apple had introduced a fdesetup pop-up message in macOS Catalina, which, during the enablement of FileVault 2, required the user to click OK button on this pop-up message.

Background: In previous versions of SES and the SES Client for macOS, the user was permitted only approximately 10 seconds in which to click the OK button. However, if it was not clicked within the time limit, then SecureDoc for FileVault 2 could not enable FileVault 2 successfully in this system start cycle, so SecureDoc would show a countdown dialog panel, then automatically reboot the device. After that, it would repeat the prompt process by requesting that the user provide a password.

Solution: With this improvement, the User is able to click on the OK button anytime within an almost one-minue period

Due to Apple's design, after 1 minute this fdesetup pop up will disappear, but even though the user might not have been able to click the OK button, SecureDoc will enable FileVault 2 successfully.

On the other hand, if the user clicks on the "Don't Allow" button, the SecureDoc setup process will display a countdown dialog and will automatically reboot the device. Following device restart, it will then again ask for a password to enable FileVault 2.


SD-40293 SecureDocD app requires elevated permissions during deployment or upgrade of SecureDoc V8.6SR1 HF4 to avoid interrupting users with messages relating to Full Disk Access permission.

Issue: Apple has introduced a new dialog that will appear when running some commands in Terminal which
require user intervention (e.g. to press Okay or Don’t Allow).

Solution: To permit installation of SecureDoc to handle such responses automatically, rather than requesting that users enable such permissions for Terminal (which could result in potential weakened security if other applications could take advantage), WinMagic will prompt customers to provide such permission to component SecureDocD, as follows:

During deployment/upgrade of SecureDoc FV2, when the customer deploys our latest v8.6 SR1 HF4 mac dmg, a message will appear instructing customers to go to System Preferences -> Security & Privacy ->Privacy to grant SecureDocD permission.

Three opportunities will be provided (so up to three messages will appear prompting the user to enable SecureDocD.

If customers don't provide the necessary access following the display of any of these messages, the deployment/upgrading process will continue and the process will finish without problem, but if customers log out or reboot the device (causing SecureDoc FV2 to re-start), the message will show up again until the necessary permission has been enabled.


Limitations

SD-39109 The list of acceptable special characters that may be used in volume names of removable media has been changed

NOTE: For macOS Big Sur ONLY, the back-tick ` and multiple dollar-signs in a row (e.g. %^$$&) are not acceptable characters and should not be used.

This is an update to previously-issued release notes that were published in a previous version: SD-32942, which had listed additional special characters that could be used in removable Media Volume names when creating removable media/RMCE media under macOS.

The following special characters represent the revised/updated list of those special characters that are supported for use in volume names when creating RME/RMCE media on devices running macOS: ~ ! @ # $ % ^ & ( ) _ + = - { } [
] { } [ ] ; , '


SD-40738 An expected SecureDoc FV2 message does not appear following upgrade to macOS Monterey 12.1 Big Sur, requiring device reboot

Issue: Upon upgrading a SecureDoc FV2-protected device to macOS Monterey 12.1 Big Sur, devices running SecureDoc FV2 8.6004.6 should expect to see a message prompting the user to Enable SecureDocD in the System Preferences, followed by a prompt to Confirm the current password to re-create the SecureDoc WM recovery account - but this password prompt does not appear.
Work-Around:

  1. - Reboot the device manually
  2. - The Confirm current password dialog will now appear as expected.
  3. - The user must provide the correct password, after which the device will work correctly

How to Install/Upgrade

Customers with an active support plan should contact support@winmagic.com to receive the latest download link for their SecureDoc upgrade. 

Contacting WinMagic

WinMagic
5770 Hurontario Street, Suite 501
Mississauga, Ontario, L5R 3G5
Toll free: 1-888-879-5879
Phone: (905) 502-7000
Fax: (905) 502-7001
Sales: sales@winmagic.com
Marketing: marketing@winmagic.com
Human Resources: hr@winmagic.com
Technical Support: support@winmagic.com
For information: info@winmagic.com
For billing inquiries: finance@winmagic.com

Acknowledgements

This product includes cryptographic software written by Antoon Bosselaers, Hans Dobbertin, Bart Preneel, Eric Young (eay@mincom.oz.au) and Joan Daemen and Vincent Rijmen, creators of the Rijndael AES algorithm.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).

WinMagic would like to thank these developers for their software contributions.

© Copyright 1997 – 2022 by WinMagic Corp. All rights reserved.

Printed in Canada Many products, software and technologies are subject to export control for both Canada and the United States of America. WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations. Exports and re-exports of WinMagic Inc. products are subject to Canadian and US export controls administered by the Canadian Border Services Agency (CBSA) and the Commerce Department’s Bureau of Industry and Security (BIS). For more information, visit WinMagic’s web site or the web site of the appropriate agency.

WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac, MySecureDoc, MySecureDoc Personal Edition Plus, MySecureDoc Media, PBConnex, SecureDoc Central Database, and SecureDoc Cloud Lite are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2019 WinMagic Corp. All rights reserved.

© Copyright 2022 WinMagic Corp. All rights reserved. This document is for informational purpose only. WinMagic Corp. makes NO WARRANTIES, expressed or implied, in this document. All specification stated herein are subject to change without notice.

 すべて表示 Release Notes