v11.8.1 Encryption Enterprise

Product Information

Specifications

Product Name: Dell Encryption Enterprise

Version: v11.8.1

Release Date: November 2023

Product Usage Instructions

Chapter 2: Workarounds

This chapter provides workarounds for any known issues or
problems that may arise during the usage of Dell Encryption
Enterprise.

Chapter 3: Software and Hardware Compatibility

This chapter provides information on the compatibility of Dell
Encryption Enterprise with different software and hardware
configurations.

Technical Advisories

New Features and Functionality v11.8.1

Bug fixes to improve user experience.

Resolved Security Advisories v11.8.1

An issue is resolved where the Dell Encryption Installer does
not verify if Symlink is available in the ProgramData folder,
resulting in the creation of random files. [DDPC-13644]

Resolved Technical Advisories v11.8.1

Encryption Enterprise for Windows v11.8.1: No technical
advisories exist.

Pre-boot Authentication v11.8.1: No technical advisories
exist.

SED Manager v11.8.1: No technical advisories exist.

Full Disk Encryption v11.8.1: No technical advisories exist.

BitLocker Manager v11.8.1: No technical advisories exist.

New Features and Functionality v11.8

Integrated Package Key Destruction Utility tool in the latest
installer of Dell Encryption.

Resolved Security Advisories v11.8

No security advisories exist.

Resolved Technical Advisories v11.8

Encryption Enterprise for Windows v11.8:

• An issue that results in cmgshieldsvc.exe crash after the user
  logs on is resolved. [13098]

• An issue that results in system BSOD when a composite device is
  disconnected from VirtualBox is resolved. [13535]

• An issue that results in the application service not getting
  removed from the machine using the uninstall command is resolved.
  [11770]

Pre-boot Authentication v11.8

An issue that results in PBA not loaded on computers protected
by SED Manager when multi-disk encryption is enabled and an
additional unencrypted disk is added or replaced is resolved.
[DDPC-13358]

SED Manager v11.8

An issue that results in PBA not loaded on computers protected
by SED Manager when multi-disk encryption is enabled and an
additional unencrypted disk is added or replaced is resolved.
[DDPC-13358]

Full Disk Encryption v11.8

No technical advisories exist.

BitLocker Manager v11.8

No technical advisories exist.

FAQ

Q: What is Dell Encryption Enterprise?

A: Dell Encryption Enterprise is a software solution that
enables an enterprise to support a mobile workforce with the peace
of mind that sensitive information is secure.

Q: Where can I find FIPS compliance status for the data

security line of products?

A: You can view FIPS compliance status for the data security
line of products in KB 301500.

Q: How can I contact Dell ProSupport for Software?

A: You can contact Dell ProSupport for Software for any
assistance or support related to Dell Encryption Enterprise.

Dell Encryption Enterprise
Technical Advisories v11.8.1
November 2023 Rev. A01

Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2012-2023 Dell Inc. All rights reserved. Registered trademarks and trademarks used in the Dell Encryption and Endpoint Security Suite Enterprise suite of documents: DellTM and the Dell logo, Dell PrecisionTM, OptiPlexTM, ControlVaultTM, LatitudeTM, XPS®, and KACETM are trademarks of Dell Inc. Cylance®, CylancePROTECT, and the Cylance logo are registered trademarks of Cylance, Inc. in the U.S. and other countries. McAfee® and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. in the US and other countries. Intel®, Pentium®, Intel Core Inside Duo®, Itanium®, and Xeon® are registered trademarks of Intel Corporation in the U.S. and other countries. Adobe®, Acrobat®, and Flash® are registered trademarks of Adobe Systems Incorporated. Authen tec® and Eikon® are registered trademarks of Authen tec. AMD® is a registered trademark of Advanced Micro Devices, Inc. Microsoft®, Windows®, and Windows Server®, Windows Vista®, Windows 10®, Active Directory®, Access®, BitLocker®, BitLocker To Go®, Excel®, Hyper-V®, Outlook®, PowerPoint®, Word®, OneDrive®, SQL Server®, and Visual C++® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. VMware® is a registered trademark or trademark of VMware, Inc. in the United States or other countries. Box® is a registered trademark of Box. Dropbox is a service mark of Dropbox, Inc. GoogleTM, AndroidTM, GoogleTM ChromeTM, GmailTM, and GoogleTM Play are either trademarks or registered trademarks of Google Inc. in the United States and other countries. Apple®, App Store, Apple Remote DesktopTM, Boot CampTM, FileVaultTM, iPad®, iPhone®, iPod®, iPod touch®, iPod shuffle®, and iPod nano®, Macintosh®, and Safari® are either servicemarks, trademarks, or registered trademarks of Apple, Inc. in the United States and/or other countries. EnCaseTM and Guidance Software® are either trademarks or registered trademarks of Guidance Software. Entrust® is a registered trademark of Entrust®, Inc. in the United States and other countries. Mozilla® Firefox® is a registered trademark of Mozilla Foundation in the United States and/or other countries. iOS® is a trademark or registered trademark of Cisco Systems, Inc. in the United States and certain other countries and is used under license. Oracle® and Java® are registered trademarks of Oracle and/or its affiliates. Travelstar® is a registered trademark of HGST, Inc. in the United States and other countries. UNIX® is a registered trademark of The Open Group. VALIDITYTM is a trademark of Validity Sensors, Inc. in the United States and other countries. VeriSign® and other related marks are the trademarks or registered trademarks of VeriSign, Inc. or its affiliates or subsidiaries in the U.S. and other countries and licensed to Symantec Corporation. KVM on IP® is a registered trademark of Video Products. Yahoo!® is a registered trademark of Yahoo! Inc. Bing® is a registered trademark of Microsoft Inc. Ask® is a registered trademark of IAC Publishing, LLC. Other names may be trademarks of their respective owners.

Contents

Chapter 1: Technical Advisories……………………………………………………………………………………….. 7 Contact Dell ProSupport for Software……………………………………………………………………………………………………………7 New Features and Functionality v11.8.1…………………………………………………………………………………………………………..7 Resolved Security Advisories v11.8.1………………………………………………………………………………………………………………. 7 Resolved Technical Advisories v11.8.1……………………………………………………………………………………………………………..7 Technical Advisories v11.8.1……………………………………………………………………………………………………………………………..8 New Features and Functionality v11.8……………………………………………………………………………………………………………. 8 Resolved Security Advisories v11.8………………………………………………………………………………………………………………….8 Resolved Technical Advisories v11.8………………………………………………………………………………………………………………. 8 Technical Advisories v11.8………………………………………………………………………………………………………………………………. 9 New Features and Functionality v11.7.1…………………………………………………………………………………………………………..9 Resolved Security Advisories v11.7.1…………………………………………………………………………………………………………….. 10 Resolved Technical Advisories v11.7.1…………………………………………………………………………………………………………… 10 Technical Advisories v11.7.1…………………………………………………………………………………………………………………………… 10 New Features and Functionality v11.7…………………………………………………………………………………………………………….11 Resolved Security Advisories v11.7………………………………………………………………………………………………………………… 11 Resolved Technical Advisories v11.7……………………………………………………………………………………………………………….11 Technical Advisories v11.7……………………………………………………………………………………………………………………………… 12 New Features and Functionality v11.6……………………………………………………………………………………………………………12 Resolved Security Advisories v11.6……………………………………………………………………………………………………………….. 12 Resolved Technical Advisories v11.6………………………………………………………………………………………………………………13 Technical Advisories v11.6………………………………………………………………………………………………………………………………13 New Features and Functionality v11.5……………………………………………………………………………………………………………14 Resolved Security Advisories v11.5……………………………………………………………………………………………………………….. 14 Resolved Technical Advisories v11.5………………………………………………………………………………………………………………14 Technical Advisories v11.5………………………………………………………………………………………………………………………………15 New Features and Functionality v11.4……………………………………………………………………………………………………………15 Resolved Security Advisories v11.4……………………………………………………………………………………………………………….. 16 Resolved Technical Advisories v11.4………………………………………………………………………………………………………………16 Technical Advisories v11.4……………………………………………………………………………………………………………………………… 17 New Features and Functionality v11.3……………………………………………………………………………………………………………17 Resolved Security Advisories v11.3……………………………………………………………………………………………………………….. 18 Resolved Technical Advisories v11.3………………………………………………………………………………………………………………18 Technical Advisories v11.3……………………………………………………………………………………………………………………………… 18 New Features and Functionality v11.2……………………………………………………………………………………………………………19 Resolved Security Advisories v11.2……………………………………………………………………………………………………………….. 19 Resolved Technical Advisories v11.2………………………………………………………………………………………………………………19 Technical Advisories v11.2…………………………………………………………………………………………………………………………….. 20 New Features and Functionality v11.1…………………………………………………………………………………………………………… 21 Resolved Security Advisories v11.1…………………………………………………………………………………………………………………21 Resolved Technical Advisories v11.1……………………………………………………………………………………………………………….21 Technical Advisories v11.1……………………………………………………………………………………………………………………………… 22 New Features and Functionality v11.0…………………………………………………………………………………………………………..23 Resolved Security Advisories v11.0………………………………………………………………………………………………………………. 23 Resolved Technical Advisories v11.0…………………………………………………………………………………………………………….. 23

Contents

3

Technical Advisories v11.0…………………………………………………………………………………………………………………………….. 24 New Features and Functionality v10.10……………………………………………………………………………………………………….. 24 Resolved Security Advisories v10.10……………………………………………………………………………………………………………..25 Resolved Technical Advisories v10.10………………………………………………………………………………………………………….. 25 Technical Advisories v10.10……………………………………………………………………………………………………………………………26 New Features and Functionality v10.9………………………………………………………………………………………………………….26 Resolved Security Advisories v10.9……………………………………………………………………………………………………………… 26 Resolved Technical Advisories v10.9……………………………………………………………………………………………………………. 26 Technical Advisories v10.9……………………………………………………………………………………………………………………………. 27 New Features and Functionality v10.8…………………………………………………………………………………………………………. 28 Resolved Security Advisories v10.8……………………………………………………………………………………………………………… 29 Resolved Technical Advisories v10.8……………………………………………………………………………………………………………. 29 Technical Advisories v10.8……………………………………………………………………………………………………………………………. 29 New Features and Functionality v10.7…………………………………………………………………………………………………………. 30 Resolved Technical Advisories v10.7…………………………………………………………………………………………………………….. 31 Technical Advisories v10.7……………………………………………………………………………………………………………………………. 32 New Features and Functionality v10.6…………………………………………………………………………………………………………. 33 Resolved Technical Advisories v10.6……………………………………………………………………………………………………………. 33 Technical Advisories v10.6……………………………………………………………………………………………………………………………. 33 New Features and Functionality v10.5…………………………………………………………………………………………………………. 34 Resolved Technical Advisories v10.5……………………………………………………………………………………………………………. 35 Technical Advisories v10.5……………………………………………………………………………………………………………………………. 35 New Features and Functionality v10.4…………………………………………………………………………………………………………. 36 Resolved Technical Advisories v10.4……………………………………………………………………………………………………………. 37 Technical Advisories v10.4……………………………………………………………………………………………………………………………. 38 New Features and Functionality v10.3…………………………………………………………………………………………………………. 39 Resolved Technical Advisories v10.3……………………………………………………………………………………………………………. 40 Technical Advisories v10.3…………………………………………………………………………………………………………………………….. 41 New Features and Functionality v10.2.1………………………………………………………………………………………………………. 42 Resolved Technical Advisories v10.2.1…………………………………………………………………………………………………………. 42 Technical Advisories v10.2.1…………………………………………………………………………………………………………………………..42 New Features and Functionality v10.2…………………………………………………………………………………………………………. 43 Resolved Technical Advisories v10.2……………………………………………………………………………………………………………. 43 Technical Advisories v10.2……………………………………………………………………………………………………………………………. 44 New Features and Functionality v10.1…………………………………………………………………………………………………………..44 Resolved Technical Advisories v10.1……………………………………………………………………………………………………………..45 Technical Advisories v10.1…………………………………………………………………………………………………………………………….. 45 New Features and Functionality v10.0.1………………………………………………………………………………………………………. 46 Resolved Technical Advisories v10.0.1…………………………………………………………………………………………………………. 46 Technical Advisories v10.0.1…………………………………………………………………………………………………………………………. 46 New Features and Functionality v10.0…………………………………………………………………………………………………………. 47 Resolved Technical Advisories v10.0……………………………………………………………………………………………………………. 47 Technical Advisories v10.0……………………………………………………………………………………………………………………………. 48 New Features and Functionality v8.18…………………………………………………………………………………………………………. 49 Resolved Technical Advisories v8.18……………………………………………………………………………………………………………. 50 Technical Advisories v8.18…………………………………………………………………………………………………………………………….. 51 New Features and Functionality v8.17.2……………………………………………………………………………………………………….52 Resolved Technical Advisories v8.17.2………………………………………………………………………………………………………….52 Technical Advisories v8.17.2…………………………………………………………………………………………………………………………. 53 New Features and Functionality v8.17.1………………………………………………………………………………………………………. 54

4

Contents

Resolved Technical Advisories v8.17.1…………………………………………………………………………………………………………..54 Technical Advisories v8.17.1…………………………………………………………………………………………………………………………..55 New Features and Functionality v8.17…………………………………………………………………………………………………………. 55 Resolved Technical Advisories v8.17……………………………………………………………………………………………………………. 56 Technical Advisories v8.17……………………………………………………………………………………………………………………………..57 New Features and Functionality v8.16…………………………………………………………………………………………………………. 57 Resolved Technical Advisories v8.16……………………………………………………………………………………………………………. 58 Technical Advisories ……………………………………………………………………………………………………………………………………..59 New Features and Functionality v8.15………………………………………………………………………………………………………….60 Resolved Technical Advisories v8.15……………………………………………………………………………………………………………. 60 Technical Advisories v8.15…………………………………………………………………………………………………………………………….. 61 New Features and Functionality v8.13…………………………………………………………………………………………………………. 62 Resolved Technical Advisories v8.13……………………………………………………………………………………………………………. 62 Technical Advisories v8.13……………………………………………………………………………………………………………………………. 63 New Features and Functionality v8.12…………………………………………………………………………………………………………. 64 Resolved Technical Advisories v8.12……………………………………………………………………………………………………………. 65 Technical Advisories v8.12……………………………………………………………………………………………………………………………. 67 New Features and Functionality v8.11…………………………………………………………………………………………………………..68 Resolved Technical Advisories v8.11……………………………………………………………………………………………………………..69 Technical Advisories v8.11…………………………………………………………………………………………………………………………….. 69 New Features and Functionality v8.10.1……………………………………………………………………………………………………….. 71 Resolved Technical Advisories v8.10.1…………………………………………………………………………………………………………..72 Technical Advisories v8.10.1…………………………………………………………………………………………………………………………..72 New Features and Functionality v8.10…………………………………………………………………………………………………………. 72 Resolved Technical Advisories v8.10……………………………………………………………………………………………………………. 73 Technical Advisories v8.10……………………………………………………………………………………………………………………………. 73 Resolved Technical Advisories v8.9.1…………………………………………………………………………………………………………… 74 Resolved Technical Advisories v8.9………………………………………………………………………………………………………………76 Technical Advisories v8.9……………………………………………………………………………………………………………………………… 76 Resolved Technical Advisories v8.7.1…………………………………………………………………………………………………………….77 New Features and Functionality v8.7…………………………………………………………………………………………………………… 78 Resolved Technical Advisories v8.7……………………………………………………………………………………………………………… 78 Technical Advisories v8.7.1…………………………………………………………………………………………………………………………… 80 Technical Advisories v8.7……………………………………………………………………………………………………………………………… 80 New Features and Functionality v8.6.1………………………………………………………………………………………………………….81 Resolved Technical Advisories v8.6.1…………………………………………………………………………………………………………… 82 New Features and Functionality v8.6……………………………………………………………………………………………………………82 Resolved Technical Advisories v8.6………………………………………………………………………………………………………………83 Technical Advisories v8.6………………………………………………………………………………………………………………………………83 Resolved Technical Advisories v8.5.1……………………………………………………………………………………………………………85 New Features and Functionality v8.5 …………………………………………………………………………………………………………..87 Resolved Technical Advisories v8.5………………………………………………………………………………………………………………87 Technical Advisories v8.5 ……………………………………………………………………………………………………………………………..88 New Features and Functionality v8.4.1………………………………………………………………………………………………………… 89 Resolved Technical Advisories v8.4.1…………………………………………………………………………………………………………… 89 Technical Advisories v8.4.1…………………………………………………………………………………………………………………………… 90 New Features and Functionality v8.4…………………………………………………………………………………………………………… 91 Resolved Technical Advisories v8.4……………………………………………………………………………………………………………….91 Technical Advisories v8.4……………………………………………………………………………………………………………………………… 92 New Features and Functionality v8.3.2……………………………………………………………………………………………………….. 92

Contents

5

Resolved Technical Advisories v8.3.2………………………………………………………………………………………………………….. 92 Technical Advisories v8.3.2………………………………………………………………………………………………………………………….. 93 New Features and Functionality v8.3.1………………………………………………………………………………………………………… 93 Resolved Technical Advisories v8.3.1…………………………………………………………………………………………………………… 93 New Features and Functionality v8.3……………………………………………………………………………………………………………93 Resolved Technical Advisories v8.3………………………………………………………………………………………………………………93 Technical Advisories v8.3………………………………………………………………………………………………………………………………95 New Features and Functionality v8.2.1………………………………………………………………………………………………………… 98 Resolved Technical Advisories v8.2.1…………………………………………………………………………………………………………… 98 Technical Advisories v8.2.1…………………………………………………………………………………………………………………………… 99 New Features and Functionality v8.2……………………………………………………………………………………………………………99 Resolved Technical Advisories v8.2………………………………………………………………………………………………………………99 Technical Advisories v8.2……………………………………………………………………………………………………………………………. 100 Resolved Technical Advisories v8.1.1………………………………………………………………………………………………………….. 100 New Features and Functionality v8.1…………………………………………………………………………………………………………..100 Resolved Technical Advisories v8.1………………………………………………………………………………………………………………101 Technical Advisories v8.1………………………………………………………………………………………………………………………………101 Resolved Technical Advisories v8.0.1…………………………………………………………………………………………………………. 102 New Features and Functionality v8.0…………………………………………………………………………………………………………. 102 Resolved Technical Advisories v8.0……………………………………………………………………………………………………………. 103 Technical Advisories v8.0……………………………………………………………………………………………………………………………. 103
Chapter 2: Workarounds……………………………………………………………………………………………… 105
Chapter 3: Software and Hardware Compatibility……………………………………………………………. 106

6

Contents

1
Technical Advisories
Encryption Enterprise enables an enterprise to support a mobile workforce with the peace of mind that sensitive information is secure. See KB 301500 to view FIPS compliance status for the data security line of products.
Contact Dell ProSupport for Software
Call 877-459-7304, extension 4310039 for 24×7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support. Online support includes drivers, manuals, technical advisories, FAQs, and emerging issues. Be sure to help us quickly connect you to the right technical expert by having your Service Tag or Express Service Code available when you call. For phone numbers outside of the United States, see Dell ProSupport for Software international phone numbers.
New Features and Functionality v11.8.1
Bug fixes to improve user experience.
Resolved Security Advisories v11.8.1
An issue is resolved where the Dell Encryption Installer does not verify if Symlink is available in the ProgramData folder, resulting in creation of random files. [DDPC-13644] Resolved Technical Advisories v11.8.1
Encryption Enterprise for Windows v11.8.1
No technical advisories exist.
Pre-boot Authentication v11.8.1
No technical advisories exist.
SED Manager v11.8.1
No technical advisories exist.
Full Disk Encryption v11.8.1
No technical advisories exist.

Technical Advisories

7

BitLocker Manager v11.8.1
No technical advisories exist.
Technical Advisories v11.8.1
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v11.8.1
No technical advisories exist.
SED Manager v11.8.1
.No technical advisories exist.
Full Disk Encryption v11.8.1
No technical advisories exist.
BitLocker Manager v11.8.1
No technical advisories exist.
New Features and Functionality v11.8
Integrated Package Key Destruction Utility tool in the latest installer of Dell Encryption.
Resolved Security Advisories v11.8
No security advisories exist.
Resolved Technical Advisories v11.8
Encryption Enterprise for Windows v11.8
An issue that results in cmgshieldsvc.exe crash after user logs on is resolved. [13098] An issue that results in system BSOD when a composite device is disconnected from VirtualBox is resolved. [13535] An issue that results in application service not getting removed from machine using uninstall command is resolved. [11770] Pre-boot Authentication v11.8
An issue that results in PBA not loaded on computers protected by SED Manager when multi-disk encryption is enabled and an additional unencrypted disk is added or replaced is resolved. [DDPC-13358]

8

Technical Advisories

SED Manager v11.8
An issue that results in PBA not loaded on computers protected by SED Manager when multi-disk encryption is enabled and an additional unencrypted disk is added or replaced is resolved. [DDPC-13358] Full Disk Encryption v11.8
No technical advisories exist.
BitLocker Manager v11.8
An issue that results in enabling the user to modify the status of BitLocker in the Control Panel even after the BitLocker Encryption is set to Turn On Encryption is resolved. [11717] Technical Advisories v11.8
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v11.8
No technical advisories exist.
SED Manager v11.8
.No technical advisories exist.
Full Disk Encryption v11.8
No technical advisories exist.
BitLocker Manager v11.8
No technical advisories exist.
New Features and Functionality v11.7.1
The internal Windows feature providing user information from Windows to Dell Encryption is scheduled for deprecation but an exact date for the removal is unknown. The Dell Encryption client v11.7 includes a feature to address the loss of this functionality in Windows by implementing a custom Credential Provider. An issue was encountered in cases when other installed products were using a custom Credential Provider on the computer. In these instances, the Windows login process could be disrupted. To address this, Dell Encryption 11.7.1 returns to use the previous internal Windows function to avoid any potential custom Credential Provider conflicts. If you require the use of custom Credential Providers for third-party applications and updated to Encryption Enterprise v11.7, it is recommended that you update Encryption Enterprise v11.7.1.

Technical Advisories

9

Resolved Security Advisories v11.7.1
No security advisories exist.
Resolved Technical Advisories v11.7.1
Encryption Enterprise for Windows v11.7.1
No technical advisories exist.
Pre-boot Authentication v11.7.1
No technical advisories exist.
SED Manager v11.7.1
No technical advisories exist.
Full Disk Encryption v11.7.1
No technical advisories exist.
BitLocker Manager v11.7.1
No technical advisories exist.
Technical Advisories v11.7.1
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v11.7.1
No technical advisories exist.
SED Manager v11.7.1
SED Manager requires the use of the Dell custom Credential Provider to synchronize Windows password changes and data encryption keys. If you require use of third-party applications that use custom Credential Providers running on computers protected SED Manager, you must initiate Windows password changes through the Data Security Console. For information about changing your password in the Data Security Console, see the Password chapter in the Data Security Console User Guide.

10

Technical Advisories

Full Disk Encryption v11.7.1
Full Disk Encryption requires the use of the Dell custom Credential Provider to synchronize Windows password changes and data encryption keys. If you require use of third-party applications that use custom Credential Providers running on computers protected Full Disk Encryption, you must initiate Windows password changes through the Data Security Console. For information about changing your password in the Data Security Console, see the Password chapter in the Data Security Console User Guide.
BitLocker Manager v11.7.1
No technical advisories exist.
New Features and Functionality v11.7
Windows 7 is no longer supported. Windows 10 2016 LTSB is no longer supported.
Resolved Security Advisories v11.7
Encryption Enterprise third-party components have been updated.
Resolved Technical Advisories v11.7
Encryption Enterprise for Windows v11.7
Files that are required for installation are now properly removed after Encryption is uninstalled. [DDPC-12745] A message no longer displays and prompts for restart as a result of a Windows 10 upgrade after running WSDeactivate.
[DDPC-12755] If Hibernation is enabled, the Hibernation option in the Windows Power menu now displays as expected. [DDPC-13376] The 32-bit and 64-bit Dell Encryption child installers details now display the following: Dell Encryption Installer
[DDPC-13510] An issue resulting in inaccessible System Data Encryption keys and boot loop on computers protected by Policy-Based
Encryption is resolved. [DDPC-13515, DDPSUS-3205] An issue resulting in incomplete and repeated encryption sweeps is resolved. [DDPC-13521, DDPSUS-3207, DDPSUS-3244] Pre-boot Authentication v11.7
An issue resulting in failure to sync passwords if using a third-party credential provider is resolved. [DDPC-13414, DDPSUS-3168] The PBA environment now displays the correct error if an incorrect password is entered. [DDPC-13454] SED Manager v11.7
An issue resulting in failure to sync passwords if using a third-party credential provider is resolved. [DDPC-13414, DDPSUS-3168] The PBA environment now displays the correct error if an incorrect password is entered. [DDPC-13454]

Technical Advisories

11

Full Disk Encryption v11.7
An issue resulting in failure to sync passwords if using a third-party credential provider is resolved. [DDPC-13414, DDPSUS-3168] The PBA environment now displays the correct error if an incorrect password is entered. [DDPC-13454] BitLocker Manager v11.7
An issue resulting in a repeating log message in the Data Security Console is resolved. [DDPC-13203, DDPC-13410] Technical Advisories v11.7
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v11.7
The PBA currently does not load on computers protected by SED Manager when multi-disk encryption is enabled and an additional unencrypted disk is added or replaced. As a workaround, bypass the PBA using Recovery. For more information, see Perform a SED Recovery in Encryption Recovery. [DDPC-13358] SED Manager v11.7
The PBA currently does not load on computers protected by SED Manager when multi-disk encryption is enabled and an additional unencrypted disk is added or replaced. As a workaround, bypass the PBA using Recovery. For more information, see Perform a SED Recovery in Encryption Recovery. [DDPC-13358] Full Disk Encryption v11.7
No technical advisories exist.
BitLocker Manager v11.7
No technical advisories exist.
New Features and Functionality v11.6
BitLocker Manager now supports setting a delayed PIN prompt. This policy allows administrators to set the number of minutes to delay the BitLocker PIN prompt before it is displayed to the user. For more information, see AdminHelp

PIN Prompt Delay Policy.
Encryption Enterprise now supports Windows 10 22H2. DiagnosticInfo now collects additional logging information for the following:
Carbon Black Endpoint Detection and Response Carbon Black AppDefense
Resolved Security Advisories v11.6
No security advisories exist.

12

Technical Advisories

Resolved Technical Advisories v11.6
Encryption Enterprise for Windows v11.6
No technical advisories exist.
Pre-boot Authentication v11.6
Azure-based domain users with uncached credentials can now login to the PBA as expected. [DDPC-13391] SED Manager v11.6
Computers protected by SED Manager on an Azure-based domain with the Sync Users at PBA Activation policy enabled can now use single sign-on. [DDPC-12089] Full Disk Encryption v11.6
Computers protected by Full Disk Encryption on an Azure-based domain with the Sync Users at PBA Activation policy enabled can now use single sign-on. [DDPC-12089] BitLocker Manager v11.6
An issue resulting in a repeating log message in the Data Security Console is resolved. [DDPC-13203, DDPC-13410] Computers running Windows 11 21H1 and protected by BitLocker Manager can now upgrade to Windows 11 22H2 as
expected. [DDPC-13324, DDPC-13365] Technical Advisories v11.6
Encryption Enterprise for Windows
After uninstalling Dell Encryption, Hibernation may not display in Windows advanced power settings. As a workaround, start command prompt as an administrator then run the following command: powercfg.exe /hibernate ON [DDPC-13376] Pre-boot Authentication v11.6
Computers protect by the PBA environment and using Windows Hello for Business PIN authentication currently cannot currently use Single Sign-on. [DDPC-13425] Computers protected by the PBA environment may not display the PIN authentication option after an operating system upgrade. As a workaround, use password authentication. [DDPC-13453] SED Manager v11.6
No technical advisories exist.

Technical Advisories

13

Full Disk Encryption v11.6
Computers protected by Multi-disk encryption using the PBA currently lock if Single Sign-on is disabled in the Remote Management Console. As a workaround, recover the computer using the steps in the Recovery Guide. [DDPC-13457] BitLocker Manager v11.6
In rare scenarios, BitLocker Manager may prompt users to change their PIN before the policy duration elapses. [DDPC-13416] Computers protected by BitLocker Manager may not display the PIN authentication option after updating from Windows 11 21H2 to Windows 11 22H2. As a workaround, restart the computer. [DDPC-13448] In rare scenarios, BitLocker Manager does not initialize an encryption sweep after changing the encryption method in the Remote Management Console. As a workaround, restart the computer. DDPC-13455
New Features and Functionality v11.5
BitLocker Manager PIN rotation time is now specified in 24 hour notation (DD.MM.YYYY_HH:MM). Encryption Enterprise v11.5 contains updates to third- party dependencies. Full Disk Encryption and SED Manager v11.5 or
later requires the Dell Security Management Server v11.5 or later to maintain client and server communication. Administrators can now set a custom PIN in the Management Console for computers protected by BitLocker Manager. For
more information, see AdminHelp. DiagnosticInfo now collects information from the Measured Boot folder. The SK Hynix PC801 NVMe drive is now supported with SED Manager.
Resolved Security Advisories v11.5
No security advisories exist.
Resolved Technical Advisories v11.5
Encryption Enterprise for Windows v11.5
A message no longer displays and prompts for restart as a result of a Windows 10 upgrade after running WSDeactivate. [DDPC-12755] Verbose logging no longer decreases encryption and decryption sweep speed. [DDPC-13159] An issue resulting in accessible files if Fast User Switching is enabled is resolved. [DDPC-13161] An issue resulting in intermittent computer crash for Active Directory users is resolved. [DDPC-13164, DDPSUS-3138] Activation workflows for computers activated against Security Management Servers leveraging Active Directory Federation
Services is now improved. [DDPC-13201] A database issue resulting in intermittent computer crashes is resolved. [DDPSUS-3105] Pre-boot Authentication v11.5
The Legacy boot mode PBA environment now displays the correct URL for Dell Support. [DDPC-12536] Windows now loads as expected after activating and logging into the PBA using a smart card. [DDPC-13126] SED Manager v11.5
Smart card authentication functions as expected for computers protected by SED Manager after upgrading previous versions of Encryption Enterprise. [DDPC-13149]

14

Technical Advisories

A rare issue resulting in encryption status not displaying in the Data Security Console after a reboot is resolved. [DDPC-13101] Full Disk Encryption v11.5
Smart card authentication functions as expected for computers protected by Full Disk Encryption after upgrading previous versions of Encryption Enterprise. [DDPC-13149] BitLocker Manager v11.5
BitLocker Manager no longer requests for a new PIN when encryption is removed from a drive. [DDPC-12110] BitLocker Manager’s PIN Rotation now receives policy updates as expected. [DDPC-13075] BitLocker Manager’s PIN Rotation now uses local time zone per computer. [DDPC-13076] BitLocker Manager’s PIN Rotation workflow has been hardened. [DDPC-13078] Technical Advisories v11.5
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v11.5
No technical advisories exist.
SED Manager v11.5
No technical advisories exist.
Full Disk Encryption v11.5
No technical advisories exist.
BitLocker Manager v11.5
Computers running Windows 11 21H1 and protected by BitLocker Manager currently cannot upgrade to Windows 11 22H2. As a workaround, stop the following Dell services then upgrade to Windows 11 22H2: DellMgmtAgent DellMgmtLoader [DDPC-13324] New Features and Functionality v11.4
Encryption Enterprise now supports Multi-disk encryption. Diagnostic Info now collects logging and troubleshooting data for Absolute Device and Data Security. DiagnosticInfo now collects logging and troubleshooting data for Dell Threat Defense. Dell Encryption now supports Windows 10 LTSC 2021.

Technical Advisories

15

Resolved Security Advisories v11.4
The log4net component in the Data Security Uninstaller has been updated. [DDPC-13088] Resolved Technical Advisories v11.4
Encryption Enterprise for Windows v11.4
The Dell End User License Agreement (EULA) has been updated to 2022 for all products and pages. [DDPC-12052] The Reboot Now prompt in the notification area now functions as expected for Encryption on Server Operating Systems.
[DDPC-12874] The Dell Encryption vault file, a secure container that stores policy and key information, is now located in C:
ProgramDataDellDell Data ProtectionEncryptionVault. [DDPC-13005] Child installers and master installers are now install the Encryption Management Agent components to C:Program
FilesDellClient Security Framework. [DDPC-13006] An issue resulting in computer crash and incorrect designation of internal drives as external on computers protected by
Encryption External Media is resolved. [DDPSUS-3109] An issue resulting in computer crash after updating Encryption Enterprise to v11.3 and applying Encryption External Media
policies is resolved. [DDPSUS-3123] Pre-boot Authentication v11.4
If a Windows Feature update is blocked, the DellAgent.log file now includes entries detailing the block. [DDPC-12598] An issue resulting in unprinted outputs due to Caps Lock being enabled is resolved. [DDPC-13084] SED Manager v11.4
During uninstallation, SED Manager filter drivers are now properly unmounted. [DDPC-12461, DDPSUS-2925, DDPSUS-3054] A rare issue resulting in encryption status not displaying in the Data Security Console after a reboot is resolved.
[DDPC-13101] Full Disk Encryption v11.4
An issue resulting in delays in the Pre-boot Authentication environment when using the TB16 dock is resolved. [DDPC-8147, DDPSUS-1923] During uninstallation, Full Disk Encryption filter drivers are now properly unmounted. [DDPC-12461, DDPSUS-2925, DDPSUS-3054] An issue resulting in unprinted outputs due to Caps Lock being enabled is resolved. [DDPC-13084] A rare issue resulting in encryption status not displaying in the Data Security Console after a reboot is resolved.
[DDPC-13101] BitLocker Manager v11.4
An inventory issue resulting in incorrect encryption percentages displaying in the Security Management Server is resolved. [DDPC-13071, DDPSUS-3089] An issue resulting BitLocker Manager interpreting policies from the Security Management Server as invalid is resolved. [DDPC-13070, DDPC-13091, DDPSUS-3096] An issue resulting in failure to apply policy properly because the LastAppliedPolicy registry value was misspelled is resolved. [DDPC-13084] A rare issue resulting in encryption status not displaying in the Data Security Console after a reboot is resolved. [DDPC-13101]

16

Technical Advisories

Technical Advisories v11.4
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v11.4
No technical advisories exist.
SED Manager v11.4
Smart card authentication currently fails for computers protected by SED Manager after upgrading previous versions of Encryption Enterprise to v11.4. As a workaround, use the Remove User command under PBA Device Control in the Management Console. See AdminHelp for more information. [DDPC-13149] Full Disk Encryption v11.4
Computers protected by BitLocker Manager and Full Disk Encryption currently lock removable drives if the Removable Drives Encryption policy is enabled then disabled and the computer restarted before the drive can be decrypted. As a workaround, ensure removable drives are fully decrypted before restarting the computer if you intend to disable this policy. [DDPC-13114] On computers encrypting multiple disks with Full Disk Encryption, all non-system drives must be initialized and formatted before enabling Full Disk Encryption. [DDPC-13120] Smart card authentication currently fails for for computers protected by Full Disk Encryption after upgrading previous versions of Encryption Enterprise to v11.4. As a workaround, use the Remove User command under PBA Device Control in the Management Console. See AdminHelp for more information. [DDPC-13149] BitLocker Manager v11.4
BitLocker Manager currently uses UTC time rather than local time to enforce PIN rotation. [DDPC-13076] Computers protected by BitLocker Manager and Full Disk Encryption currently lock removable drives if the Removable Drives
Encryption policy is enabled then disabled and the computer restarted before the drive can be decrypted. As a workaround, ensure removable drives are fully decrypted before restarting the computer if you intend to disable this policy. [DDPC-13114] New Features and Functionality v11.3
Dell Encryption on Server Operating Systems now supports Windows Server 2022 Standard and Datacenter editions. DiagnosticInfo collects additional information including:
Class filter drivers in use Dell Data Security product versions Hardware serial numbers Installed servers and their availability status Windows build versions Logs for the following:
Component-Based Servicing Installed applications Deployment Image Servicing and Management Security Management Server installation Server Configuration Tool and server migration Threat Defense VMware Carbon Black Windows Updates

Technical Advisories

17

Resolved Security Advisories v11.3
No security advisories exist.
Resolved Technical Advisories v11.3
Encryption Enterprise for Windows v11.3
The Data Security Uninstaller now properly populates the Device Server URL field in the uninstallation process. [DDPC-12692] DiagnosticInfo now identifies mishandled Command Line entries when run with the /silent option. [DDPC-10244] Uninstalling Dell Encryption now removes all Windows 10 Feature Update supporting folders as expected. [DDPC-12039] An issue resulting in an errant directory displaying in Dell Encryption logs is resolved. [DDPC-12854] The Data Security Uninstaller now properly populates the Device Server URL field in the uninstallation process.
[DDPC-12692] Registry modifications are no longer required after installing Dell Encryption using the master installer and using Windows
Hello for Business authentication. [DDPC-12885] Dell Encryption policy updates initiated in the Security Management no longer triggers errant updates to Client Security
Framework features. [DDPC-12886, DDPSUS-3061] Pre-boot Authentication v11.3
An issue resulting in delays in the Pre-boot Authentication environment when using the TB16 dock is resolved. [DDPC-8147, DDPSUS-1923] An issue resulting in a freeze in the The Pre-boot Authentication environment is resolved. [DDPC-12758] A driver issue resulting in network cards being unavailable in the Pre-boot Authentication environment is resolved.
[DDPC-12835, DDPSUS-2959, DDPSUS-2977] SED Manager v11.3
No technical advisories exist.
Full Disk Encryption v11.3
An issue resulting in delays in the Pre-boot Authentication environment when using the TB16 dock is resolved. [DDPC-8147, DDPSUS-1923] An issue resulting in a freeze in the The Pre-boot Authentication environment is resolved. [DDPC-12758] A driver issue resulting in network cards being unavailable in the Pre-boot Authentication environment is resolved.
[DDPC-12835, DDPSUS-2959, DDPSUS-2977] BitLocker Manager v11.3
If initialization of BitLocker fails, BitLocker Manager is now engaged to reinitialize encryption. [DDPC-12826] Technical Advisories v11.3
Encryption Enterprise for Windows
The notification that prompts users to restart after installing Dell Encryption on a server operating system does not currently restart the computer. As as workaround, manually restart the computer. [DDPC-12874]

18

Technical Advisories

Windows Hello for Business authentication requires the following registry key if you install Encryption Enterprise using the child installers: HKLMSYSTEMCurrentControlSetServicesDellMgmtAgentParameters REG_SZ: NoDDPETray Value: 0 [DDPC-13001] When installed with the master installer, the directory in which Client Security Framework components are installed does not currently align with the directory created during installation with the child installers. [DDPC-13006] Pre-boot Authentication v11.3
No technical advisories exist.
SED Manager v11.3
No technical advisories exist.
Full Disk Encryption v11.3
No technical advisories exist.
BitLocker Manager v11.3
No technical advisories exist.
New Features and Functionality v11.2
Encryption Enterprise v11.2 now supports Windows 11 v21H2. Encryption Enterprise v11.2 now supports Windows 10 v21H2. Dell Encryption now displays the following message in the notification area if a user attempts to upgrade to an unsupported
version of Windows: Dell Encryption is preventing an upgrade to an unsupported version of Windows. Contact Dell ProSupport for Software for assistance. BitLocker Manager now supports policy-based PIN expiration. This name of this policy is User PIN lifetime. By default, BitLocker Manager PINs expire after 90 days of use. This policy requires the Security Management Server v11.2 or later.
Resolved Security Advisories v11.2
No security advisories exist.
Resolved Technical Advisories v11.2
Encryption Enterprise for Windows v11.2
The Data Security Uninstaller now properly populates the Device Server URL field in the uninstallation process. [DDPC-12692] Dell Encryption now activates as expected against a Security Management Server with the Passwordless Authentication policy disabled when users log in with local credentials. [DDPC-12707] An issue that is caused by hardlink mapping mishandling resulting in high CPU use on computers that are protected by Dell Encryption is resolved. [DDPC-12407, DDPSUS-2983] Encryption External Media now honors policies more than 500 lines. [DDPC-12553, DDPSUS-2980]

Technical Advisories

19

Files in OneDrive folders now decrypt as expected. [DDPC-12444] An issue resulting in computer crash if abnormally large amounts of data were being processed by the file I/O buffer is
resolved. [DDPC-12746, DDPSUS-3021] An issue resulting in computer crash due to coinciding high file transmission rates and file lock requests is resolved.
[DDPC-12753, DDPSUS-3025] An issue resulting in locked user accounts due to incorrect credentials being processed during Fast User Switching is
resolved. [DDPC-12780, DDPSUS-3026] Pre-boot Authentication v11.2
An issue resulting in delays in the Pre-boot Authentication environment is resolved. [DDPC-12758] SED Manager v11.2
No technical advisories exist.
Full Disk Encryption v11.2
An issue resulting in delays in the Pre-boot Authentication environment is resolved. [DDPC-12758] BitLocker Manager v11.2
No technical advisories exist.
Technical Advisories v11.2
Encryption Enterprise for Windows
After running WSDeactivate on a computer, a message incorrectly displays and prompts for restart as a result of a Windows 10 upgrade. This message should be ignored. [DDPC-12755] If a computer crash occurs before Dell Encryption activates, the vault is corrupted and automatic repair is not attempted. As a workaround, run WSDeactivate on the affected computer. [DDPC-12779] WinPE run on Windows 11 does not automatically mount the target disk. As a workaround, use the following steps: 1. Type x and press Enter to exit to Command line. 2. To open the Diskpart utility, type diskpart and press Enter. 3. Type list vol and press Enter to list the available volumes. 4. Type select volume x where x is the volume number. 5. Use the assign command to assign a drive letter to that volume. For example, assign C and press Enter. 6. Type exit to leave Diskpart. The target disk is mounted, and recovery can be performed. [DDPC-12848] Pre-boot Authentication v11.2
Dell platform BIOS from mid-2020 and earlier may not align with EFI-based certificate handling recently updated by Microsoft. This may result in the Dell Pre-boot Authentication environment failing to boot. To work around this incompatibility, ensure that the BIOS on your computer is updated. For more information, see this KB article 129365. [DDPC-12834]

20

Technical Advisories

SED Manager v11.2
No technical advisories exist.
Full Disk Encryption v11.2
Dell platform BIOS from mid-2020 and earlier may not align with EFI-based certificate handling recently updated by Microsoft. This may result in the Dell Pre-boot Authentication environment failing to boot. To work around this incompatibility, ensure that the BIOS on your computer is updated. For more information, see this KB article 129365. [DDPC-12834] BitLocker Manager v11.2
No technical advisories exist.
New Features and Functionality v11.1
Installs and upgrades to Windows 11 and Windows 10 21H2 are not blocked with Encryption Enterprise v11.1. Dell does not support preview versions of operating systems and using unsupported operating systems may result in data loss. Go to KB article 156050 for additional Information on Windows operating system compatibility.
The Encryption Management Agent now automatically decrypts then encrypts drives protected by BitLocker Manager when an algorithm is changed from the default in the Dell Server. For more information, see the following in logs: Encryption method is changed. Start decryption and after that encryption with new method. Note: Computers encrypted with BitLocker for OEM will be automatically decrypted and re-encrypted after an update to Encryption Enterprise v11.1 or newer. You may observe performance impacts during the re- encryption process.
BitLocker Manager now rotates the RecoveryPassword protector on computers after the password is requested in the Self-Service Recovery Portal in the Dell Server or through the Management Console.
Resolved Security Advisories v11.1
The icon and verbiage for failed login attempts in the PBA environment have been aligned. [DDPC-12662] Resolved Technical Advisories v11.1
Encryption Enterprise for Windows v11.1
An issue resulting in corruption of hard link files after new data is written is resolved. [DDPC-12079] Files in OneDrive folders now decrypt as expected. [DDPC-12444] Dell Encryption now uninstalls properly using the Data Security Uninstaller and the Encryption Removal Agent – Download
Keys from Server option. [DDPC-12520] The Data Security Uninstaller now removes all components of the master installer as expected. [DDPC-12521] An issue resulting in a customer-facing PIN request prompt after a policy change to decrypt a drive was consumed is
resolved. [DDPC-12539] Interactive user detection no longer blocks all removable media if multiple users rapidly log in and out of the computer.
[DDPC-12561] The child installers now extract from the master installer as expected on computers that have the Security Framework
installed. [DDPC-12571] The Encryption Management Agent now provides the following error when unsupported Windows Feature Updates fail to
install: Dell Encryption is preventing an upgrade to an unsupported version of Windows. Contact Dell ProSupport for Software for assistance. [DDPC-12597]

Technical Advisories

21

A rare issue resulting in partial file corruption with files containing hard link based on their naming convention in tandem with rapid superceding updates is resolved. [DDPC-12693] Pre-boot Authentication v11.1
No technical advisories exist.
SED Manager v11.1
No technical advisories exist.
Full Disk Encryption v11.1
Computers protected by Full Disk Encryption now decrypt as expected when a removable drive is present. [DDPC-12494] BitLocker Manager v11.1
PIN prompts no longer display when decrypting a drive protected by BitLocker Manager after selecting the Use no additional unlock methods option. [DDPC-12539] Technical Advisories v11.1
Encryption Enterprise for Windows
The following error may display if you inspect a policy that exceeds nine KB of data: Invalid Value for 100 [DDPSUS-2980] When changing the password for removable media protected by Encrypted External Media, Password Accepted displays incorrectly. [DDPC-12721] The Data Security Console does not currently display information for protected removable media. [DDPC-12722] The Data Security Uninstaller currently does not uninstall properly if using the Encryption Removal Agent – Import Keys
from a File option. As a workaround, use the Encryption Removal Agent – Download Keys from Server option, or uninstall by running the Dell Encryption child installer using the predownloaded key. [DDPC-12723] System Data Encryption validation failures on boot do not currently cause a computer crash as expected. An infinite boot logo displays instead. A System Data Encryption recovery should be performed for resolution. [DDPC-12725] Pre-boot Authentication v11.1
External smart card readers do not currently function properly when used in the Pre-Boot Authentication environment on Dell models that are generated in calendar year 2020 or later due to a change in the BIOS of these computers. [DDPC-12730] SED Manager v11.1
No technical advisories exist.
Full Disk Encryption v11.1
No technical advisories exist.

22

Technical Advisories

BitLocker Manager v11.1
No technical advisories exist.
New Features and Functionality v11.0
Encryption Enterprise is now supported with Windows 10 v21H1 (May 2021 Update/21H1) The Kioxia BG4 NVMe is now supported with SED Manager. Dell Encryption now supports Windows Hello authentication.
Resolved Security Advisories v11.0
The Encryption Enterprise signing certificate is updated.
Resolved Technical Advisories v11.0
Encryption Enterprise for Windows v11.0
External Media Encryption’s installation description is updated to clarify functionality of the product. [DDPC-12367, DDPC-12368] Copyrights are updated. [DDPC-12378] With a global shift to inclusive language, several terms and expressions have been updated. [DDPC-12398] Pre-boot Authentication v11.0
No technical advisories exist.
SED Manager v11.0
The Encryption Management Agent now performs additional checks during installation and uninstallation to detect if the computer was rebooted. This prevents an inaccessible boot drive. [DDPC-12390, DDPSUS-2925] Full Disk Encryption v11.0
The Encryption Management Agent now performs additional checks during installation and uninstallation to detect if the computer was rebooted. This prevents an inaccessible boot drive. [DDPC-12390, DDPSUS-2925] BitLocker Manager v11.0
BitLocker Manager no longer prompts for new PIN input for unrelated policy updates. [DDPC-12415, DDPSUS-2937] An issue resulting in multiple failures to cancel user dialogue for the Encryption of Fixed Drives policy on computers
protected by BitLocker Manager is resolved. [DDPC-12435]

Technical Advisories

23

Technical Advisories v11.0
Encryption Enterprise for Windows
The Dell Encryption Removal agent may not decrypt hydrated OneDrive files. To decrypt these files, either unlink OneDrive, or decrypt these files before uninstall through policy. [DDPC-12444] WSDeactivate currently displays a non- functional progress bar. [DDPC-12502] To enable Windows Hello authentication, computers must have a registry key set:
HKLMSYSTEMCurrentControlSetServicesDellMgmtAgentParameters REG_SZ: NoDDPETray Value: 0 [DDPC-12511] External Media Encryption v11.0 cannot currently be upgraded to Encryption Enterprise. To upgrade to Encryption Enterprise, uninstall Encryption External Media and install Encryption Enterprise. [DDPC-12544] Pre-boot Authentication v11.0
Computers leveraging Microsoft-based accounts and protected by SED Manager with the Sync Users at PBA Activation policy enabled currently cannot use single sign-on after rebooting. As a workaround, at the Windows sign-in screen, select Other User and log in using your user name and password. Single sign-on is functional for the local users and Active Directory domain users if the system is domain-joined. [DDPC-12089] SED Manager v11.0
Computers leveraging Microsoft-based accounts and protected by SED Manager with the Sync Users at PBA Activation policy enabled currently cannot use single sign-on after rebooting. As a workaround, at the Windows sign-in screen, select Other User and log in using your user name and password. Single sign-on is functional for the local users and Active Directory domain users if the system is domain-joined. DDPC-12089
Full Disk Encryption v11.0
Computers leveraging Microsoft-based accounts and protected by Full Disk Encryption with the Sync Users at PBA Activation policy enabled currently cannot use single sign-on after rebooting. As a workaround, at the Windows sign-in screen, select Other User and log in using your user name and password. Single sign-on is functional for the local users and Active Directory domain users if the system is domain-joined. [DDPC-12089] Computers protected by Full Disk Encryption do not currently decrypt properly if removable media is present. As a workaround, disconnect all removable media before removing Full Disk Encryption. [DDPC-12494] BitLocker Manager v11.0
No technical advisories exist.
New Features and Functionality v10.10
The interactive installer now includes fields for non-standard ports for the Encryption Management Agent’s communication with the Core Server and Security Server.

24

Technical Advisories

Resolved Security Advisories v10.10
The Encryption Enterprise signing certificate is updated.
Resolved Technical Advisories v10.10
Encryption Enterprise for Windows v10.10
The decryption agent now properly decrypts Cloud-based files regardless of hydration status. [DDPC-11556, DDPSUS-2895] The Encryption External Media service now starts as expected on computers that do not have Dell Encryption installed.
[DDPC-12101, DDPC-12196] An issue resulting in double-encrypted files with superseding file versions is resolved. [DDPC-12302] When installing BitLocker Manager, Dell Encryption, and Encryption External Media using the suite installer, Dell Encryption
now installs in the correct configuration. [DDPC-12346] Pre-boot Authentication v10.10
No technical advisories exist.
SED Manager v10.10
No technical advisories exist.
Full Disk Encryption v10.10
When enabling Full Disk Encryption, the script that is generated to perform the tasks is now signed by Dell’s signing certificates, allowing for approval based on script instead of script hash. [DDPC-12320]

Technical Advisories

25

BitLocker Manager v10.10
When installing BitLocker Manager, Dell Encryption, and Encryption External Media using the suite installer, Dell Encryption now installs in the correct configuration. [DDPC-12346] Technical Advisories v10.10
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v10.10
No technical advisories exist.
SED Manager v10.10
No technical advisories exist.
Full Disk Encryption v10.10
No technical advisories exist.
BitLocker Manager v10.10
No technical advisories exist.
New Features and Functionality v10.9
Encryption Enterprise is now supported with Windows 10 v20H2 (October 2020 Update/20H2). Encryption Enterprise now supports disks with 4k sector formats. The Dell Encryption PBA now supports Brazilian ABNTv2 keyboards.
Resolved Security Advisories v10.9
No security advisories exist.
Resolved Technical Advisories v10.9
Encryption Enterprise for Windows v10.9
If a duplicate user attempts to activate with Deferred Activation, the following message displays: Activation Failed & the user is already activated on this computer. [DDPC-7456] An issue resulting in a memory leak due to file name length is resolved. [DDPC-7569] An issue resulting in the Dell DiagnosticInfo utility detecting a client operating system as a server operating system is
resolved. [DDPC-11762] Encryption External Media now displays on the component selection screen when upgrading Dell Encryption. [DDPC-11998]

26

Technical Advisories

An issue resulting in the inability to use smart card login from a remote location is resolved. [DDPC-12068, DDPC-12290, DDPSUS-2821] An issue resulting in incomplete feature installation when installing with the master installer using command-line or interactively is resolved. [DDPSUS-2870, DDPSUS-2908, DDPC-12090] Block SID functionality with multiple disks is improved. [DDPC-12183] An issue resulting in failed activation of Encryption on server operating systems is resolved. [DDPC-12115] An issue resulting in inaccessible data and unresponsive Start menu after Windows 10 Feature Update failure is resolved.
[DDPC-12121, DDPSUS-2844, DDPSUS-2854] An issue resulting in inaccessible data due to mishandling of System Disk Encryption keys is resolved. [DDPC-12123,
DDPSUS-2850] An issue resulting in encryption sweep failures on computers protected by Dell Encryption and VMWare Carbon Black Cloud
or many anti-virus solutions is resolved. [DDPC-12205, DDPSUS-2883] An issue resulting in failed provisioning for computers protected by Dell Encryption is resolved. [DDPC-12289,
DDPSUS-2893, DDPSUS-2906] An issue resulting in nonfunctional shortcuts after completing an encryption sweep is resolved. [DDPC-12265] An issue resulting in failed Dell Encryption reactivation due to a corrupt System Disk Encryption key vault is resolved.
[DDPC-12255] An issue resulting in failed Windows 10 Feature Updates and computer crash due to a corrupt System Data Encryption key
vault is resolved. [DDPSUS-2862] An issue resulting in inaccessible files due to System Data Encryption key handling is resolved. [DDPSUS-2867] Pre-boot Authentication v10.9
The Pre-boot Authentication environment now displays the correct version in the About section. [DDPC-11995] SED Manager v10.9
No technical advisories exist.
Full Disk Encryption v10.9
An issue resulting in incomplete feature installation when installing with the master installer using command-line or interactively is resolved. [DDPSUS-2870, DDPSUS-2908, DDPC-12090] BitLocker Manager v10.9
An issue resulting in incomplete feature installation when installing with the master installer using command-line or interactively is resolved. [DDPSUS-2870, DDPSUS-2908, DDPC-12090] Technical Advisories v10.9
Encryption Enterprise for Windows
Devices with multiple disks may not display the status of disks immediately when selecting the Encryption tab in the Data Security Console . [DDPC-11346] If Policy-Based Encryption is installed before the Encryption Management Agent, computer crash may occur. This issue is caused by failure to load the encryption Sleep driver which is used to manage the PBA environment. As a workaround, use the master installer or ensure that Policy-Based Encryption is installed after the Encryption Management Agent. [DDPC-12239] Pre-boot Authentication v10.9
No technical advisories exist.

Technical Advisories

27

SED Manager v10.9
No technical advisories exist.
Full Disk Encryption v10.9
No technical advisories exist.
BitLocker Manager v10.9
No technical advisories exist.
New Features and Functionality v10.8
The Data Security console now displays the encryption technology in use. Full Disk Encryption can now be selected in the feature selection screen of the master installer. Full Disk Encryption now writes disk encryption percentage to the registry at the following location:
HKLMSYSTEMCurrentControlSetServicesDellMgmtAgentParameters The DiagnosticInfo utility is now installed when the Encryption Management agent is installed. The DiagnosticInfo utility now queries additional registry entries. The master installer’s detection of UEFI and Legacy boot modes is improved. BitLocker Manager now displays drive labels and letter assignment. In the PBA environment, the network icon now displays with a yellow slash if the PBA detects a network but the network
adapter cannot be configured. The Dell Encryption WinPE recovery environment verbiage is updated for Self-Encrypting Drives and drives that are
protected by Full Disk Encryption. The DiagnosticInfo utility now displays the following prompt for Personally Identifiable Information:

Full Disk Encryption and SED Manager now support the following platforms: Latitude 9510 Latitude 9510 2-in-1 XPS 15 9500

28

Technical Advisories

Resolved Security Advisories v10.8
Additional files used during the installation of Encryption Enterprise are now signed. [DDPC-6827] Dell has released additional fixes for an improper access control vulnerability in Encryption Enterprise (CVE-2020-5358). See
the Dell Security Advisory (DSA-2020-113) at https://www.dell.com/support/security/ for affected products, versions, and additional information. [DDPC-11877] Resolved Technical Advisories v10.8
Encryption Enterprise for Windows v10.8
Custom Support Dialog is now properly consumed against a Security Server with nondefault ports when set. [DDPC-8060] Deferred activation now activates properly against a Security Server with nondefault ports. [DDPSUS-2762] Unsupported languages no longer display in help directories after installing Encryption Enterprise. [DDPC-10746] Reboot prompts no longer display on the login screen after decryption. [DDPC-11940] Pre-boot Authentication v10.8
When using Recovery Questions to log in through the PBA, the password reset prompt now only appears for the first 90 seconds after login. [DDPC-11671] Right-clicking the username, password, smart card, pin or recovery answer field in the PBA no longer yields a menu. [DDPC-11795] An issue resulting in third-party authentication providers being disabled by default is resolved. [DDPC-12057, DDPSUS-2818] SED Manager v10.8
No technical advisories exist.
Full Disk Encryption v10.8
Encryption status now properly displays the status of all encryption technologies in the Data Security Console and for computers that are protected by multiple encryption technologies. [DDPC-11133] BitLocker Manager v10.8
Computers that are protected by Dell Encryption no longer fail PIN creation for BitLocker Manager. [DDPC-10949] If the TPM is unmanaged, requiring BitLocker Manager to use the TPM or TPM and PIN now writes the following error to
logs: TPM manager is disabled, therefore TPM-based protector is not allowed! [DDPC-11960] Technical Advisories v10.8
Encryption Enterprise for Windows
During reboot and shutdown, a .NET error may display due to simultaneous shutdown of a Dell Encryption service and Windows WMI service. [DDPC-12054, DDPC-12098, DDPSUS-2807, DDPSUS-2812] In rare scenarios, the DiagnosticInfo utility does not collect all logs after Command-line installation and failed exportation errors display in the Command-line window. [DDPC-12090] Administrators are currently unable to change disk encryption keys’ escrow location after encryption sweeps are complete. [DDPC-12100]

Technical Advisories

29

Pre-boot Authentication v10.8
No technical advisories exist.
SED Manager v10.8
No technical advisories exist.
Full Disk Encryption v10.8
No technical advisories exist.
BitLocker Manager v10.8
No technical advisories exist.
New Features and Functionality v10.7
Encryption Enterprise is now supported with Windows 10 v2004 (May 2020 Update/20H1). The Dell DiagnosticInfo utility logging is improved. Boot order logging is improved. A new RAID controller driver is added to the Dell Encryption Recovery WinPE environment. This enables recovery of disks in
newer platforms configured in RAID ON mode. Dell Encryption performs a re- analysis of encrypted volumes on key backups to ensure policy is correctly applied to the entire
drive. This will appear as a re-sweep of encryption of the disk, which may lead to a temporary increase in system resource use. Encryption Enterprise can now prompt the user to reboot their computer after the Encryption Removal Agent finishes its final state in the decryption process. This prompt can be disabled by configuring a registry value or enabling Force Reboot on Update in the Management Console. When Force Reboot on Update is enabled in the Management Console, the following registry entry is created. HKLMSoftwareDellDell Data Protection “ShowDecryptAgentRebootPrompt”=DWORD 1 = enabled (displays prompt) 0 = disabled (hides prompt)

Full Disk Encryption and SED Manager now support the following platforms: Latitude 5411 Latitude 5511 Latitude 9410 2-in-1 OptiPlex 5480 All-in-One OptiPlex 7480 All-in-One OptiPlex 7780 All-in-One Precision 3440

30

Technical Advisories

Precision 3551 Precision 7550 Precision 7750 XPS 15 9500
Resolved Technical Advisories v10.7
Encryption Enterprise for Windows v10.7
Dell Encryption files are now properly cleaned up during uninstallation. [DDPC-866, DDPC-2548, DDPC-11094, DDPC-11497] A rare issue resulting in the DiagnosticInfo utility failing to generate a temporary directory for data collection before
packaging is resolved. [DDPC-4981] An issue resulting in installation files being improperly flagged as threats is resolved. [DDPC-6827, DDPC-11573, DDPC-11844.
DDPC-11846] The Data Security Uninstaller now accepts upper case and lower case entries of the silent Command-line switch (Silent and
silent). [DDPC-11092] All files are now properly removed when Dell Encryption is installed against an incorrect server address. [DDPC-11094] An issue resulting in failed activation on computers leveraging multiple domains and users is resolved. [DDPC-11479,
DDPC-11840, DDPSUS-2648] The master installer now displays text correctly in German on the InstallShield Wizard Complete screen. [DDPC-11501] An issue resulting in computer crash after mounting and unmounting removal media is resolved. [DDPC-11555] The HCA driver is no longer installed when installing Encryption Enterprise. [DDPC-11576] The Data Security Uninstaller no longer displays overlapping windows on the Latitude 7370. [DDPC-11791] An issue resulting in failed activation due to the inability to locate a user in the vault is resolved. [DDPC-11840,
DDPSUS-2734] Encryption sweeps no longer yield an error due to a mishandled vault code. [DDPC-11849, DDPSUS-2759] Dell has released fixes for an improper access control vulnerability in Encryption Enterprise (CVE-2020-5358). See the
Dell Security Advisory (DSA-2020-113) at https://www.dell.com/support/security/ for affected products, versions, and additional information. [DDPC-11877] An issue resulting in computer crash if the Encryption Management Agent is installed on a computer with Credant Mobile Guardian v7.x is resolved. [DDPC-11890, DDPSUS-2763] Files on Demand and .PST file types no longer fail to sync to Onedrive on computers protected by Dell Encryption. [DDPC-11963, DDPSUS-2799, DDPSUS-2800] Large recovery bundles no longer encounter a timeout and subsequently fail to download from the Dell Server. [DDPC-11972, DDPSUS-2713] Pre-boot Authentication v10.7
The PBA now properly syncs with the Dell Server if the network cable is plugged in after startup. [DDPC-2773, DDPC-2794] PBA configured in UEFI mode on specific BIOS revisions now properly sync with the Dell Server without user intervention.
[DDPC-6375, DDPC-7978, DDPC-11236] Keyboard mapping on Swiss French keyboards now function as expected on the Latitude 7490. [DDPC-11122,
DDPSUS-2579] A rare issue in which duplicate users are created in the PBA resulting in failed authentication when logging in through the
PBA is resolved. [DDPC-11733] SED Manager v10.7
An issue resulting in the Dell Credential provider resetting the password field as a user attempts to log in after logging off or unlocking the computer is resolved. [DDPC-11826, DDPSUS-2739]

Technical Advisories

31

Full Disk Encryption v10.7
An issue resulting in a repeating lock screen if the Sync Users at PBA Activation policy is enabled is resolved. [DDPC-8195, DDPC-8416, DDPC-8590, DDPC-10038] In issue resulting in the Dell Credential provider resetting the password field as a user attempts to log in after logging off or unlocking the computer is resolved. [DDPC-11826, DDPSUS-2739] BitLocker Manager v10.7
The Encryption Management Agent no longer manages the TPM if TPM management is disabled for BitLocker Manager in the Dell Server. [DDPC-8991, DDPC-11960] BitLocker Manager now detects and creates the recovery password protector for non-system drives protected by BitLocker. [DDPC-11126, DDPSUS-2562] When installing with the Encryption Enterprise master installer, the BitLocker Manager tile now properly displays in the Data Security Console if Encryption or External Media Encryption are installed. [DDPC-11874] Technical Advisories v10.7
Encryption Enterprise for Windows
Dell Encryption cannot be upgraded to v10.7.0 from versions earlier than v8.16.0. Endpoints running versions prior to v8.16.0 must upgrade to v8.16.0 then upgrade to v10.7.0 . [DDPC-11576] After decrypting a computer, a prompt to reboot the computer may display on the login screen. [DDPC-11940] After a successful Windows 10 Feature Update, a rare issue may occur resulting in inaccessible encrypted data. As a
workaround, run WSDeactivate on the affected endpoint and force reactivation with the configured Dell Server. For more information on running WSDeactivate, see KB article SLN298107. [DDPC-12013] In rare situations, upgrades using the DDSSetup installer fail and an error displays on subsequent update attempts detailing that the application is already updated. As a workaround, upgrade specific components using the child installers. [DDPC-11993] If updating an endpoint running Dell Encryption with the DDSSetup installer interactively, the External Media Encryption option may not display in the feature selection screen. [DDPC-11998] Pre-boot Authentication v10.7
If the Authentication Method is set as smart card and the Sync Users at PBA Activation policy is enabled in the Dell Server, users cannot use alternate authentication methods to log in. As a workaround, administrators should change the Authentication Method to Password or disable the Sync Users at PBA Activation policy in the Dell Server. [DDPC-11897] The About section in the PBA environment currently lists the incorrect version number. [DDPC-11995] SED Manager v10.7
No technical advisories exist.
Full Disk Encryption v10.7
No technical advisories exist.
BitLocker Manager v10.7
If the TPM is unmanaged, requiring BitLocker Manager to use the TPM or TPM and PIN results in a log error that does not clearly specify the state of TPM management. [DDPC-11960]

32

Technical Advisories

New Features and Functionality v10.6
Dell’s DiagnosticInfo utility now queries additional registry entries for more comprehensive results. Full Disk Encryption and SED Manager now support the following platforms:
Latitude 7070 Tower Note: This platform was incorrectly listed as supported in v10.5 Technical Advisories.
OpiPlex 7080 Tower
Resolved Technical Advisories v10.6
Encryption Enterprise for Windows v10.6
An issue resulting in the inability to decrypt and uninstall if multiple System Data Encryption keys were present in the registry is resolved. [DDPC-2428, DDPC-11662, DDPSUS-2208] An issue resulting in ERR files after changing policy to Single Overwrite Pass during a System Data Encryption sweep is resolved. [DDPC-2751, DDPC-5038, DDPC5148, DDPC-7708, DDPC-8019, DDPC-8116] The reboot prompt no longer displays off-screen after a policy requiring a reboot is updated. [DDPC-5374, DDPC-5376] The Data Security Uninstaller now removes all Dell Encryption registry entries as expected. [DDPC-5410] An issue that triggered System Data Encryption recovery after Windows updates is resolved. [DDPC-11667] An issue caused by corrupt vault entries that resulted in cmgshieldsvc.exe and computer crash is resolved. [DDPC-11720] Pre-boot Authentication v10.6
Smart cards leveraging compressed certificates now function as expected. [DDPC-11769] SED Manager v10.6
An issue resulting in domain-added users failing to authenticate when a third- party credential provider is in use after an administrator invoked password change is resolved. [DDPC-11654, DDPSUS-2506, DDPSUS-2695] An issue resulting in computers starting up automatically after hibernating or shutting down is resolved. [DDPC-11751] Full Disk Encryption v10.6
An issue resulting in domain-added users failing to authenticate when a third- party credential provider is in use after an administrator invoked password change is resolved. [DDPC-11654, DDPSUS-2506, DDPSUS-2695] Bitlocker Manager v10.6
An issue resulting in deleted registry values after disabling the Reset Platform Validation Data After Recovery policy in the Dell Server is resolved. [DDPC-6150] Technical Advisories v10.6
Encryption Enterprise for Windows
In January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows 7 or Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https:// support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation packages.

Technical Advisories

33

Applications and installation packages signed with SHA1 certificates will function but an error will display on the endpoint during installation or execution of the application without these updates installed.
Pre-boot Authenticationv10.6
An issue resulting in failed authentication when logging in through the PBA is resolved. [DDPC-11733] When leveraging smartcard authentication with the PBA, users are unable to properly select other certificates in the Other
Users option. [DDPC-11898] No technical advisories exist.
SED Managerv10.6
No technical advisories exist.
Full Disk Encryptionv10.6
No technical advisories exist.
Bitlocker Managerv10.6
When installing with the Encryption Enterprise master installer, the BitLocker Manager tile does not display in the Data Security Console if Encryption or External Media Encryption are selected during installation. [DDPC-11874] New Features and Functionality v10.5
Swedish keyboards are now supported by the Pre-boot Authentication environment. Dell Encryption now supports additional Windows smart card Credential Providers. Encryption Enterprise now supports Windows 10 v1909 (November 2019 Update19H2). Full Disk Encryption and SED Manager now support the following platforms:
Latitude 3310 Latitude 3310 2-in-1 Latitude 5401 Latitude 5403 Latitude 5501 Latitude 7220 Rugged Extreme Tablet Latitude 7300 OptiPlex 3070 All-in-One OptiPlex 5070 Tower, Small Form Factor, Micro Optiplex 5270 All-In-One OptiPlex 7070 Tower, Small Form Factor Optiplex 7770 All-In-One Precision 3431 Desktop Workstation Precision 3540 Precision 3541

34

Technical Advisories

Resolved Technical Advisories v10.5
Encryption Enterprise for Windows v10.5
An issue resulting in corrupted files created by Notepad++ and Onenote is resolved. [DDPC-11440, DDPSUS-2385, DDPSUS-2642] An issue resulting in files not encrypting after a change in encryption algorithm is resolved. [DDPC-11460] A rare occurrence resulting in the Change Password option to not display at Windows login is resolved. [DDPC-11400] Installing Dell Encryption with older versions of Encryption Management Agent now creates independent system tray icons
for each product. [DDPC-11052, DDPC-11279] Pre-boot Authentication v10.5
Boot time when the Pre-boot Authentication environment is present is improved. [DDPC-11042, DDPC-11422, DDPSUS-2471] Swiss French keyboard mapping now functions as expected in the Pre-boot Authentication environment. [DDPC-11122,
DDPSUS-2579] SED Manager v10.5
No technical advisories exist.
Full Disk Encryption v10.5
No technical advisories exist.
Bitlocker Manager v10.5
No technical advisories exist.
Technical Advisories v10.5
Encryption Enterprise for Windows
Added 12/2019 – In January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows 7 or Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https://support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation packages. Applications and installation packages signed with SHA1 certificates will function but an error will display on the endpoint during installation or execution of the application without these updates installed.
In rare occurrences, computers leveraging eMMC drives will crash in Dell.SecurityFramework.Agent.exe, causing a Stop 0x74 CRITICAL_PROCESS_DIED BSOD, when restarting the computer after applying encryption. [DDPC-11461] The German installer contains improperly formatted text. [DDPC-11501] In rare cases, encryption sweeps yield an error due to a mishandled vault code. [DDPC-11849, DDPSUS-2759] Pre-boot Authenticationv10.5
When leveraging smart cards for PBA activation, the Sync Users at PBA Activation policy must be disabled in the Dell Server. [DDPC-11543]

Technical Advisories

35

SED Managerv10.5
No technical advisories exist.
Full Disk Encryptionv10.5
Full Disk Encryption’s encryption status may not properly display in the Data Security Console on computers protected by Dual Encryption. [DDPC-11133] Bitlocker Managerv10.5
No technical advisories exist.
New Features and Functionality v10.4
Dell Encryption’s DDSSetup and DDSSuite installers have been updated to resolve CVE-2016-2542. Dell has added verbosity in the Policy-Based Encryption logs when performing Windows 10 Feature Updates. Read speed on Full Disk Encryption is improved by parallelized decryption routine. Mounting a disk protected by Full Disk Encryption in a WinPE is now possible through a GUI.

36

Technical Advisories

Full Disk Encryption and SED Manager now support the following platforms: Latitude 5403 Precision 5540 Precision 7540 Precision 7740 XPS 7390 XPS 7390 2-in-1 XPS 7590
Resolved Technical Advisories v10.4
Encryption Enterprise for Windows v10.4
The master uninstaller now removes all files and folders as expected. [DDPC-9468] An issue resulting in the Encryption service failing after activation and, in rare occurrences, operating system crashes is
resolved. [DDPC-11011, DDPC-10952, DDPC-10953, DDPSUS-2543] Multi-user and domain-based computers no longer invoke activation loss or fail to achieve policy compliance regardless of
authentication method or sequence. [DDPC-11053, DDPC-11066] A race condition resulting in an unusable system due to no Credential Providers available at the Windows login screen is
resolved [DDPC-10936] An issue resulting in the Encryption service crashing after attempting to take ownership of a TPM is Cleared state is
resolved. [DDPC-11095, DDPSUS-2565] An issue resulting in failure to write the Encryption mode in use to registry is resolved. [DDPC-11125] An issue resulting in a crash if changing crypto libraries with HVCI enabled is resolved. This issue could present
when upgrading from versions prior to v10.0 to v10.1 or later. [DDPC-11178, DDPC-11293, DDPC-11506, DDPSUS-2572, DDPSUS-2598] An issue resulting in a crash due to failed policy processing is resolved. [DDPC-11207, DDPSUS-2597] An issue in Dell Encryption resulting in untranslated text during a Windows 10 Feature Update is resolved. [DDPC-11381] An issue resulting in a crash after applying KB4512941 on a computer protected by Encryption is resolved. [DDPC-11320, DDPSUS-2662] An issue resulting in the inability to install Cadence, orCAD, and Allegro with Encryption present on the target computer is resolved. [DDPC-11420, DDPSUS-2630] An exception resulting in the Encryption service crashing is resolved. [DDPC-11425, DDPSUS-2629] An issue resulting in system crash caused by a new file classification starting in KB4515384 and KB4512941 is resolved. For more information, see KB article SLN318627. [DDPC-11505] An issue resulting in Encryption moving to an unmanaged state after a Windows Feature Update is resolved. [DDPC-10545, DDPC-10569]

Technical Advisories

37

Pre-boot Authentication v10.4
An issue resulting in a delay if a Dell Server was unavailable at in the Pre- boot Authentication environment is resolved. [DDPC-4503, DDPC-8098, DDPSUS-2277] Challenge/Response Recovery now functions as expected in Legacy boot mode when multiple user certificates are in use. [DDPC-4503, DDPC-10816] The Pre-boot Authentication environment no longer freezes when authenticating a user with cached smart-card credentials. [DDPC-8072, DDPC-8696] Users can now enroll Recovery Questions using a mouse or keyboard. [DDPC-9143] Users can now enroll Recovery Questions as expected. [DDPC-9972, DDPC-10503] Legal Notice and Support Information fields in the Pre-boot Authentication environment now display text as expected.
[DDPC-11026, DDPSUS-2545] The Pre-boot Authentication environment now properly displays copyright dates on the Network and Support pages.
[DDPC-10740] Challenge/Response Recovery now functions as expected in UEFI boot mode. [DDPC-10815] After failing to authenticate in the Pre-boot Authentication environment and failing Challenge Response recovery, user’s
domain accounts now unlock after successfully logging into Windows. [DDPC-11127] An issue resulting in Server Sync failing in the Pre-boot Environment is resolved. [DDPC-11263] An issue resulting in duplicate DHCP requests in the Pre-Boot Authentication environment is resolved. This fix reduces boot
time. [DDPC-11366] An issue resulting in the inability to Single-sign-on through the Pre-boot Authentication environment with a domain user
after local administrator activation is resolved. [DDPC-11378] SED Manager v10.4
An issue resulting in smartcard login being unavailable for devices protected by SED Manager after resuming from sleep is resolved. [DDPC-8284] Full Disk Encryption v10.4
An issue resulting in smartcard login being unavailable for devices protected by Full Disk Encryption after resuming from sleep is resolved. [DDPC-8284] Installing Policy-Based Encryption and Full Disk Encryption no longer requires the ENABLE_FDE_LM=1 parameter during installation for either application. [DDPC-11091, DDPC-11090] An issue resulting in access to a drive protected by Full Disk Encryption without the necessary prerequisites is resolved. [DDPC-11424] Bitlocker Manager v10.4
An issue resulting in computers protected by Bitlocker not honoring Bitlocker Manager policies is resolved. [DDPC-11250, DDPSUS-2608] Technical Advisories v10.4
Encryption Enterprise for Windows
After installing Dell Encryption, the Support pane in the Data Security Console displays a blank page until the device activates, or an internet connection is available. [DDPC-8059] When Policy Based Encryption and any technology managed by the Encryption Management Agent is installed, removable media may not consistently appear as removable in the Data Security Console and the Security Management Server. [DDPC-9736] The Encryption Management Agent no longer outputs policies by default. To output current and newly consumed policies, create the following registry key:

38

Technical Advisories

HKLMSoftwareDellDell Data Protection DWORD: DumpPolicies Value=1 Note: a reboot is not required for this change to take effect. [DDPC-9786] When using Policy-Based Encryption with a version prior to v10.0 and the Encryption Management Agent with v10.0 or newer, Policy Based Encryption’s status does not properly display in the Data Security Console. [DDPC-11052] The following registry key prevents lock screen applications from properly functioning until a user has logged into the device. This key is enabled by default to ensure that user activation and key unlock is not impeded. HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem DWORD: DisableAutomaticRestartSignOn Value: 1 [DDPC-10825] The master uninstaller currently requires all lower-case characters with the /silent command. Running with camel-case or upper case characters will prevent the uninstaller from running. [DDPC-11092] Before a reboot, Dell recommends properly closing any files open in applications that leverage temporary files to store changes. Failure to properly close these files could result in data loss. [DDPC-11440] A high volume events may result in an excessive number of notifications. To suppress notifications, see Encryption Enterprise Advanced Installation Guide.
Pre-boot Authenticationv10.4
The XPS 7390 touchpad functions improperly after the Pre-boot Authentication environment is created. After logging into Windows, the touchpad functions properly. To work around this issue, use the Tab key to transition between dialog boxes and options. [DDPC-11306] In rare occurrences, when the Pre-boot Authentication environment is created, the boot order may be set incorrectly on reboot. [DDPC-11504] SED Managerv10.4
No technical advisories exist.
Full Disk Encryptionv10.4
No technical advisories exist.
Bitlocker Managerv10.4
No technical advisories exist.
New Features and Functionality v10.3
Pre-boot Authentication now supports block SID features. Dell Encryption now supports Micron 1300 self-encrypting drives. Dell Encryption now supports the following platforms:
Latitude 5300 Latitude 5500 Latitude 7200 2-in-1 Latitude 7400 Latitude 7400 2-in-1 Encryption Enterprise v10.3 now supports Windows Server 2019 (Standard/Datacenter).

Technical Advisories

39

Resolved Technical Advisories v10.3
Encryption Enterprise for Windows v10.3
An issue resulting in failed user activation when a smart card is in use with Policy Based Encryption is resolved. [DDPC-9686, DDPC-9808, DDPC-10592, DDPC-10592, DDPSUS-2402, DDPSUS-2425, DDPSUS-2450] An issue resulting with Windows 10 Work Folders failing to sync when attempting to sync encrypted files is resolved. [DDPC-10400, DDPSUS-2269, DDPSUS-2394, DDPSUS-2407] Decryption of EMS devices from any endpoint is now enabled. [DDPC-10564, DDPC- 10781, DDPSUS-2421, DDPSUS-2467] An issue resulting in a key icon appearing allowing for local key escrow on a remotely managed device is resolved.
[DDPC-10559, DDPSUS-2548] An issue resulting in the Encryption Management Agent and Policy Based Encryption installers failing to determine the
installation status of newer VC++ 2017 versions is resolved. These prerequisites may be bypassed through MSI installation. Contact Dell ProSupport to acquire MSI installers. [DDPC-10654, DDPC-10888] An issue resulting in Dell Encryption not applying EMS policies on the local computer unless Check for policy update is selected is resolved. [DDPC-10781, DDPSUS-2421, DDPSUS-2467] Encryption sweeps now function as expected after upgrading a computer protected by Dell Encryption in Encryption External Media mode. [DDPC-10828, DDPSUS-2508] An issue resulting in a crash if Microsoft’s .Net Framework is corrupted on a computer protected by Dell Encryption is resolved. [DDPC-10871, DDPSUS-2519] A rare issue resulting in a crash during a Policy Based Encryption upgrade with Secureboot enabled is resolved. [DDPC-10954, DDPSUS-2572, DDPSUS-2534] Devices protected by Encryption External Media and white-listed no longer require a manual recovery of the encrypted files on the drive. [DDPC-10957] Pre-boot Authentication v10.3
When enabling the Pre-Boot Authentication environment for Dell Encryption, the boot order no longer reverts to PXE boot when it is enabled in BIOS. [DDPC-4334, DDPC-8377, DDPC-8378, DDPC-10961, DDPSUS-2176, DDPSUS-2456] An issue resulting in the Pre-boot Authentication environment failing to properly recognize some keys on non-English keyboards is resolved. [DDPC-8154, DDPC-10713, DDPSUS-1656, DDPSUS-2415] NOTE: This fix requires the BIOS update launched in late April 2019 or in May 2019. The BIOS revision and release date will vary based on the platform affected. If the BIOS update is applied before Dell Encryption v10.3 is installed on devices with US English keyboards, the Pre-boot Authentication environment may not properly translate all characters.
An issue resulting in an incorrect prompt when a new user attempts authentication with a smart card without connection to the Dell Server is resolved. [DDPC-9351] An issue that resulted in the Challenge Response screen displaying in place of the password authentication screen after exceeding recovery questions attempts on a Legacy computer with PBA active is resolved. [DDPC-9426] An issue resulting in sleep mode failing on an Optiplex 7060 when Dell Encryption and SED management are both activated after an upgrade to Windows 10 October 2018 update is resolved. [DDPC-10410] Valid certificates work as expected when a smart card is used. [DDPC-10512] An issue resulting in a malformed Pre-boot Authentication database due to incorrect updates to the Pre-boot Authentication
environment’s datastore is resolved. Primary and secondary datastores now properly validate data and rotate. [DDPC-10757, DDPSUS-2482] A delay during login when selecting the option to run as a different user in Windows with Pre-boot Authentication enabled is resolved. [DDPC-10956] [DDPSUS-2531] SED Management v10.3
Dell Encryption now allows registry-based overrides to prevent disabling third-party credential providers after the Pre-boot Authentication environment is enabled. To prevent Dell Encryption from disabling third-party credential providers, create the following registry key:
HKLMSOFTWAREDellDell Data Protection
“AllowOtherCredProviders” = DWORD:1

40

Technical Advisories

0=Disabled (default) 1=Enabled NOTE: This value may prevent the Dell credential provider from properly syncing credentials initially due to third- party credential providers being disabled. Ensure the devices using this registry key can properly communicate with the Dell Server. [DDPC-10542, DDPSUS-2410, DDPSUS-2412, DDPSUS-2506] Full Disk Encryption v10.3
Full Disk Encryption is now supported on Optiplex 7460 All-in-one and Optiplex 7760 All-in-one when SATA is set to AHCI. [DDPC-9224] Dell Encryption now allows registry-based overrides to prevent disabling third-party credential providers after the Pre-boot Authentication environment is enabled. To prevent Dell Encryption from disabling third-party credential providers, create the following registry key: HKLMSOFTWAREDellDell Data Protection “AllowOtherCredProviders” = DWORD:1 0=Disabled (default) 1=Enabled NOTE: This value may prevent the Dell credential provider from properly syncing credentials initially due to third-party credential providers being disabled. Ensure the devices using this registry key can properly communicate with the Dell Server. [DDPC-10542, DDPSUS-2410, DDPSUS-2412, DDPSUS-2506] An issue resulting in a malformed Pre-boot Authentication database due to incorrect updates to the Pre-boot Authentication environment’s datastore is resolved. Primary and secondary datastores now properly validate data and rotate. [DDPC-10757, DDPSUS-2482] Bitlocker Manager
An issue resulting in Bitlocker Manager detecting removable disks are fixed disks is resolved. Add the following registry key to enable this fix: HKLMSoftwareDellDell Data Protection “UseEncryptableVolumeType” = DWORD:1 0=Disabled (default) 1=Enabled [DDPC-10510, DDPSUS-2279] An issue resulting in one minute polling is resolved. [DDPC-10964, DDPSUS-2539] Technical Advisories v10.3
Encryption Enterprise for Windows
In rare occurrences, when the TPM is in a cleared state in BIOS, Dell Encryption may attempt to take ownership of the TPM and receives a null value. In this situation the Dell Encryption service may crash, resulting in an operating system crash. As a work around, if the TPM is in a cleared state, fully disable the TPM. [DDPC-11095, DDPSUS-2565] Pre-boot Authentication v10.3
When changing networks on a device with Pre-boot Authentication enabled, if static IP addresses are in use in either connection, users may be unable to connect to the Dell Server. To work around this issue, leverage cached credentials in the Pre-boot authentication environment. [DDPC-6829, DDPSUS-1788]

Technical Advisories

41

In rare instances, when using Recovery Questions in the Pre-Boot Authentication environment, the expected workflow of a password reset is not properly presented once the device transitions into Windows. [DDPC-11660] SED Management v10.3
After logging in through the PBA, the Data Security Console may appear when hotkeys are leveraged within the operating system to close applications. [DDPC-9344] Full Disk Encryption v2.3
No technical advisories exist.
Bitlocker Manager v10.3
No technical advisories exist.
New Features and Functionality v10.2.1
No technical advisories exist.
Resolved Technical Advisories v10.2.1
Encryption Enterprise for Windows v10.2.1
An incompatibility issue with Windows 10 March Cumulative Update that resulted in UI errors and missing activation information is resolved. [DDPC-10944, DDPSUS-2537] Pre-boot Authentication v10.2.1
No resolved technical advisories exist.
Full Disk Encryptionv10.2.1
No resolved technical advisories exist.
Technical Advisories v10.2.1
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v10.2.1
No technical advisories exist.

42

Technical Advisories

SED Management v10.2.1
No technical advisories exist.
Full Disk Encryption v2.2.1
No technical advisories exist.
Bitlocker Manager v10.2.1
No technical advisories exist.
New Features and Functionality v10.2
Following Windows 10 feature upgrade, a restart is required to finalize Dell Encryption. The following message displays in the notification area after Windows 10 feature upgrades:

Resolved Technical Advisories v10.2
Encryption Enterprise for Windows v10.2
An issue that caused operating system crash following an Windows update is resolved.[DDPC-5664, DDPC-9457, DDPSUS-1356, DDPSUS-1409, DDPSUS-2216] An issue with the Dell Authentication Service resulting in the inability to register recovery questions is resolved. [DDPC-9972, DDPC-10503, DDPC10528, DDPC-10620] Added 3/2019 – Check for Policy Updates now triggers policy polling as expected with Policy Based Encryption v10.2 and later. [DDPC-9800, DDPSUS-2416] Encryption sweeps now process as expected following upgrades. [DDPC-10168] An issue that resulted in encryption sweeps pausing after new policies were received is resolved. [DDPC-10025,
DDPSUS-2414, DDPSUS-2458] An issue resulting in inaccessible files protected by Encryption External Media is resolved. [DDPC-10251, DDPSUS-2318,
DDPSUS-2408] An issue that resulted in activation loss on Windows 7 has been resolved. [DDPSUS-2459] An issue that resulted in repeated activation attempts, inaccessible encrypted files, and activation loss on computers
leveraging Deferred activation is resolved. [DDPC-10570, DDPSUS-2445, DDPSUS-2435, DDPSUS-2442] An issue resulting in loss of smart card functionality with previously activated users is resolved. [DDPC-10592,
DDPSUS-2402, DDPSUS-2425] An issue that resulted in intermittently inaccessible Microsoft Office documents following an upgrade to Dell Encryption is
resolved. [DDPC-10606, DDPSUS-2392] An issue resulting in operating system crash following an encryption policy update is resolved. [DDPC-10610, DDPSUS-2451,
DDPSUS-2483] An issue that resulted in crashes following an update to Dell Encryption v10.1 is resolved. [DDPC-10676, DDPSUS-2469] An issue that resulted in excessive logging is resolved. [DDPC-10679, DDPSUS-2449]

Technical Advisories

43

Pre-boot Authentication v10.2
An issue that resulted in a parity error after activating pre-boot authentication with Dell Encryption installed on a Latitude 7404, Latitude 7204, or a Latitude 5404 Rugged computer in Legacy boot mode is resolved. [DDPC-9493, DDPC-10748, DDPSUS-2225] The K13A Rugged dock (only compatible with Rugged computers) no longer requires the an open lid to display on external monitors. [DDPC-10093] A network connectivity issue on the Lenovo Thinkpad T560 with BIOS version N1KET39W (1.26) 2018-05-28 in UEFI mode is resolved. [DDPC-10498] Recovery question user experience is improved. [DDPC-10544, DDPC-10543, DDPC-10640] The Sign In button is no longer enabled following initial activation of the pre-boot authentication. [DDPC-10615] An issue in the pre-boot authentication environment that resulted in various keys on Japanese keyboards not displaying or
displaying incorrectly on the Latitude E7280 is resolved. [DDPC-10639, DDPSUS-1656] Users logging in with recovery questions are now able to change their Windows password as expected. [] Full Disk Encryptionv10.2
Performance is improved on computers protected by Full Disk Encryption. [DDPC-9748, DDPC-9787, DDPC-9802, DDPC-9821, DDPC-9889] Peripherals no longer experience a delay when waking from hibernation on a computer leveraging Full Disk Encryption. [DDPC-10602, DDPSUS-2418] Technical Advisories v10.2
Encryption Enterprise for Windows
No technical advisories exist.
Pre-boot Authentication v10.2
No technical advisories exist.
SED Management v10.2
No technical advisories exist.
Full Disk Encryption v2.2
No technical advisories exist.
Bitlocker Manager v10.2
No technical advisories exist.
New Features and Functionality v10.1
Added 12/2018 Dell Encryption is now supported with Windows 10 October 2018 Update (Redstone 5 release). SED management and Bitlocker manager are now supported with Windows 10 October 2018 Update (Redstone 5 release).

44

Technical Advisories

Full Disk Encryption is now supported with Windows 10 October 2018 Update (Redstone 5 release). Dell Encryption v10.1 and later defaults to leveraging a new cryptographic library, provided by RSA, as well as multiple new
options for cryptographic libraries. For more information, see http://www.dell.com/support/article/us/en/19/SLN301500. HP EliteBook 840 G4 and HP EliteBook 1040 G3 have been validated with SED and FDE when running in UEFI Boot mode. To
ensure full functionality, set the following BIOS settings: In BIOS, navigate to the Advanced tab, select Secure Boot Configuration, then select the check boxes labeled Import
Custom Secure Boot keys and Enable MS UEFI CA key. From the drop down menu, select Legacy Support Disable and Secure Boot Enable. In BIOS, navigate to Advanced tab > Option ROM Launch Policy and select All UEFI from the drop down menu. Automated in-place upgrades are now supported for Windows 10 on Bitlocker manager, Full Disk Encryption and selfencrypting drives.
Resolved Technical Advisories v10.1
Encryption Enterprise for Windows
EMS Explorer is now working as expected when connecting an encrypted USB with EMS on a computer without Dell Encryption. [DDPC-5585, DDPSUS-2401] Resolved an issue that resulted in the loss of user activation on reboot. [DDPC-6572, DDPSUS-1844] Local users can now activate with Dell Encryption installed with Opt-in mode on a computer running Windows April 2018
update and not joined to a domain. [DDPC-9377, DDPSUS-2365, DDPSUS-2387, ] The PBA Recovery Question authentication works as expected. [DDPC-9671] A timeout no longer occurs for user credentials when waiting some time to provide a new password after passing the
recovery questions screen on a computer with Windows April 2018 update in UEFI more and FDE enabled. [DDPC-9818] When child installers fail to install successfully, Dell Encryption will also fail to install and will log these errors. [DDPC-10110,
DDPSUS-2379] LastSyncTime in the report results for Device Detail is now working as expected. [DDPC-10184, DDPSUS-2388] SDE plugins, PBE plugins and Encryption plugins now display the correct versions on the Management Console.
[DDPC-10531, DDPSUS-2416] Preboot Authentication v10.1
An issue resulting with a computer running Windows 7 becoming unresponsive during decryption with PBA activated and FDE enabled has been resolved. [DDPC-9237, DDPC-10121] Full Disk Encryption v2.1
An issue resulting with a computer running Windows 7 becoming unresponsive during decryption with PBA activated and FDE enabled has been resolved. [DDPC-9237, DDPC-10121] Technical Advisories v10.1
Encryption Enterprise for Windows
Usernames with symbols may result with a “System Lock Required” pop-up message after a successful Single Sign On. To work around this issue, unlock and log back into the computer.[DDPC-10485] In rare occurrences, users may be unable to enroll in recovery questions due to an unresponsive Dell Authentication Service. To work around this issue, reboot the computer. [DDPC-10503] After installing Dell Encryption, an error in DellAgent.log stating “Could not locate saasManager plugin” may be safely ignored. [DDPC-10509] When attempting to upgrade Windows to a newer feature update, the feature update processes as expected, but registration is lost after the update. To work around this issue, reboot the computer. [DDPC-10569]

Technical Advisories

45

Preboot Authentication v10.1
While using a K13A Rugged dock (only compatible with Rugged computers), an open laptop lid may be required for the operating system to populate on some monitors. [DDPC-10093] With the latest version of Encryption client installed, an Optiplex 7040 may not properly return from a hibernation or sleep. [DDPC-10181] Sleep mode may fail on an OptiPlex 7050 while Full Disk Encryption is in the process of encrypting. [DDPC-10261] Network connectivity may not be available when running on Lenovo Thinkpad T560 with BIOS version N1KET39W (1.26)
2018-05-28 in UEFI mode. To work around this issue, connect to a network with a USB dongle that uses Realtek USB GbE Family Controller. [DDPC-10498] SED Management v10.1
No technical advisories exist.
Full Disk Encryption v2.1
No technical advisories exist.
Bitlocker Manager v10.1
No technical advisories exist.
New Features and Functionality v10.0.1
Resolved customer issues.
Resolved Technical Advisories v10.0.1
Encryption Enterprise for Windows
Added 12/2018 – Resolved an issue with Dell Encryption and Digital Persona credential providers conflicting. [DDPC-10120] The installation of Dell Encryption on a domain controller no longer changes the local machine policies set in the “Default
Domain Policy” Group Policy Object. Dell Authentication can handle logging in with no password set when a 0 password length policy is enabled. For more information, see https://www.dell.com/support/article/us/en/19/sln313561/dell- encryption-enterprise-and-dellendpoint-security-suite-enterprise-security- bulletin-082018?lang=en . [DDPSUS-2364] Technical Advisories v10.0.1
Encryption Enterprise for Windows
No technical advisories exist.
Preboot Authentication v10.0.1
No technical advisories exist.

46

Technical Advisories

SED Management v10.0.1
No technical advisories exist.
Full Disk Encryption v2.0.1
No technical advisories exist.
Bitlocker Manager v10.0.1
No technical advisories exist.
New Features and Functionality v10.0
Improvements to Windows Update handling in Self-Encrypting Drives and Full Disk Encryption is supported. Full Disk Encryption Device Guard compliance The following non-Dell computers have been validated with SED and FDE when running in Legacy Boot mode:
HP EliteBook 1040 G3 Lenovo ThinkPad T560 The following non-Dell computers have been validated with SED and FDE when running in UEFI Boot mode: HP EliteBook 840 G3 Lenovo ThinkPadP50 Encryption Enterprise is versioned to 10.x to realign client and Server versioning.
Resolved Technical Advisories v10.0
Encryption Enterprise for Windows
Added 09/2018- Files synced via OneDrive with “Files On-Demand” enabled, work folders, and other technologies leveraging new APIs for file handling from Microsoft, introduced in a cumulative update for Windows 10 1709 and later, on a system running Dell Encryption are no longer displayed as erroneous text. For more information on OneDrive Files On-Demand, see https://www.dell.com/support/article/us/en/19/sln309779/dell-encryption- support-foronedrive-files-on-demand?lang=en. [DDPC-8568] The “enroll’ button no longer disappears for recovery questions with encryption client installed on a Windows 10 32-bit machine. [DDPC-8938, DDPC-9199] Added 09/2018-Resolved an issue with Dell Encryption and Symantec Endpoint Protection resulting in an intermittent Operating System failure [DDPC-9510] Preboot Authentication v10.0
The mouse now works during the PBA login screen on a Precision M4800 and Latitude 5290 computer with Windows 10 installed in UEFI mode and PBA enabled. [DDPC-6978, DDPC-7032, DDPC-8841] The mobile keyboard and touchpad work as expected during the PBA login screen on a Latitude 5290 2-in-1 machine with Windows 10 installed in UEFI mode and PBA enabled. [DDPC-7032] An issue resulting with the user name being changed to ”SYSTEM” while the password is in the process of being changed using Alt + Ctrl + Delete and PBA is active on a Windows 7 computer has been resolved. [DDPC-8948] Multiple “Other User” tiles are no longer created on the Windows 7 login screen after successfully answering Recovery questions and with PBA active. [DDPC-9343] An issue resulting with the message of “Username or password is incorrect” on the Windows screen when entering updated credentials after authenticating in PBA with a newly changed password has now been resolved.[DDPC-9483]

Technical Advisories

47

Smartcard is no longer the default login option when password authentication is set for PBA and SmartCardEnabled is set within Windows. The default is PBA authentication. [ DDPC-9497, DDPSUS 2301] SED Management v10.0
Machines with Coffee Lake-H Xeon processors activate with currently shipping enterprise-class or OEM Samsung drives. [DDPC-9348] Full Disk Encryption v2.0
Multiple disks in the computer no longer caused partitioning failures when Legacy fill disk encryption in preview. [DDPC-7986] FDE activation no longer fails if the primary partition on the disk is over 1.5TB. [DDPC-8020] Technical Advisories v10.0
Encryption Enterprise for Windows
In some cases, after changing passwords in Windows, the computer may experience slower logins during the first login or auto-reactivation may occur. To work around this issue, run WSDeactivate after changing the password. [DDPC-9459] In rare occurrences, when updating to v10.0, an error may present if the user interface is used for the update. This can be safely closed with no impact to the install. [DDPC-9555] Multiple users are given the option to change the password on the Windows login screen when a user has logged into the computer after successfully completing the PBA Recovery Questions. If an account other than the one that authenticated through the PBA with recovery questions is selected, an error message displays “The specified network password is not correct.” [DDPC-9650] Single Sign On fails when a user authenticates PBA after entering a password into the console using copy+paste with more than the allowed 32 characters for Windows. [DDPC-9700] Added 11/2018 – Dell Encryption may introduce changes to how data is protected on your device. To ensure your endpoints are protected, running the “WSProbe” application that is included with Dell Encryption will perform a validation that all files on the computer are properly encrypted. This may result in a slight performance degradation, but it is generally unnoticed. [DDPC-10168] Added 11/2018 – Windows 10 Work Folders may fail to sync when attempting to sync encrypted files. To work around this issue, manually sync each file. [DDPC-10400, DDPSUS-2269, DDPSUS-2394, DDPSUS-2407] Preboot Authentication v10.0
In some cases, the touchpad becomes unresponsive during the PBA login screen on a Precision 7520 and Precision 7720 computer with Windows 10 or Windows 7 installed in legacy mode and PBA enabled. To work around this issue, attach an external mouse or use the tab key to switch through fields. [DDPC-8646] Added 11/2018 – Password resets after a local PBA user answers recovery questions is disabled after a minute, 30 seconds. [DDPC-9707] In some cases, non-Dell devices have to manually import the Microsoft SecureBoot certificates when these devices are configured for UEFI boot mode with SecureBoot enabled. This process may vary based on the manufacturer and is recommended to refer to the device’s documentation for instructions on performing this process. [DDPC-9828] Deactivating the PBA needs to be completed before sending the policy to re-activate the PBA. Failure to wait for the deactivation to complete means the subsequent activation may not start. To work around this on a system that is in a bad state, issue another decryption policy to the endpoint. Once that policy has been consumed, re-issue a policy to re-activate either Self-Encrypting Drive Management or Full Disk Encryption management. The endpoint will begin encrypting again. [DDPC-9971] SED Management v10.0
No technical advisories exist.

48

Technical Advisories

Full Disk Encryption v2.0
When upgrading from Windows 10 to Windows April 2018 update by using the ISO file with FDE installed and the drive encrypted, the Windows Feature Update may fail. To work around this issue, upgrade using Windows 10 installation media tool located at https://www.microsoft.com/en-us/software- download/windows10. [DDPC-10021] During an operating system upgrade, PBA bypass fails if a policy update is received from the server. [DDPC-10026] Bitlocker Manager v10.0
No technical advisories exist.
New Features and Functionality v8.18
All clients are now supported with Windows 10 April 2018 Update (Redstone 4 release). As the security landscape becomes more complex, administrators are finding themselves needing to layer encryption
solutions. Dell Data Security has modified how entitlements are consumed to meet this change in the landscape. Dual Encryption is now offered through volume license as a solution to customers who want to encrypt data on Windows computers using two Dell Encryption technologies. The following products can be installed and run with the Dell Encryption client on the same computer: SED Manager Full Disk Encryption BitLocker Manager
To install and run Dell Encryption with one of these products, the computer hardware and operating system must meet the Requirements for both products before installation. For more information, see Encryption Enterprise Advanced Installation Guide or Encryption Enterprise Basic Installation Guide.
Each Dell Encryption technology will now consume one Disk Encryption license per technology on a single device, meaning if SED Manager and Policy Based Encryption are both installed on a single device to allow for two-layers of security, two Disk Encryption (DE) entitlements will be consumed for that device.
The Dell Encryption client and Full Disk Encryption are supported only on Windows 10 in UEFI mode.
Operating system upgrade is not supported with Dual Encryption in this release. Dell recommends deferring Windows 10 Feature Updates.
When using any encryption technologies in combination, it is best practice to back up data before encryption and at regular intervals.
NOTE: Dell does not currently support these combinations of encryption products:
SED Manager and Full Disk encryption SED Manager and BitLocker Manager Full Disk Encryption and BitLocker Manager
The Windows 10 update process and compatibility with Windows Defender are improved when System Data Encryption is enabled . The encryption client can now identify and encrypt user files without the need to hardcode exclusion of system-generated files when System Data Encryption is enabled. This behavior is configurable and can be overridden by the administrator, if necessary. For more information on the Windows 10 Feature Update process, refer to http://www.dell.com/ support/article/us/en/04/sln298382.
The Encryption client can now identify and encrypt user files without the need to hardcode exclusion of system files. SED Manager is now compatible with HVCI. SED Manager has been qualified on the following non-Dell computers:
HP ProBook 450 G2 (Legacy) HP ProBook 450 G5 (Legacy) HP ProBook 840 G4 (Legacy) HP Elitebook 840 G3 (Legacy) HP Elitebook 840 G4 (UEFI) Lenovo ThinkPad (Legacy) Lenovo T560 (UEFI) Full Disk Encryption is now supported with a FIPS-compliant crypto library on Windows 10.

Technical Advisories

49

Full Disk Encryption has been qualified on the following non-Dell computers: HP ProBook 450 G2 (Legacy) HP ProBook 450 G5 (Legacy) HP ProBook 840 G4 (Legacy) HP Elitebook 840 G3 (Legacy) HP Elitebook 840 G4 (UEFI) Lenovo ThinkPad (Legacy) Lenovo T560 (UEFI)
Starting with the Encryption Client v8.18, the authentication provider component has been fully replaced. This installer will leverage a new Dell built-in credentials provider that is part of the Client Security Framework installer. The old Digital Persona credentials provider is set to a disabled state. If leveraging the fingerprint or smart card contact-less authentication, these will no longer work after an upgrade of Encryption Client v8.18.
Resolved Technical Advisories v8.18
Encryption Enterprise for Windows
Resolved an issue with longer than usual boot times when leveraging the Policy-Based Encryption client. [DDPSUS-1950, DDPSUS-2081] With Fast User Switching enabled and being leveraged no longer causes Dell Encryption to fail to communicate to the Dell Security Management Server. [DDPSUS-2163] Re-mapped libraries no longer cause an immediate failure during install. [DDPSUS-2166] Resolved an issue with high disk utilization with Dell Encryption and Carbon Black Defense. [DDPSUS-2206] USB external media provisioned with Dell Encryption can now be accessed on Windows or Mac computers interchangeably
without loss of key material. [DDPC-6592] The Dell Data Security Console shows Protection and encryption status for Policy-Based encryption. [DDPC-7046] Resolved an issue with the inability to white-list a device with Dell Encryption. [DDPC-7717] Volumes now display during recovery. [DDPC-7794] A memory leak no longer occurs when inserting external devices to the computer. [DDPC-8297] Preboot Authentication v8.18
Resolved an issue with Thunderbolt based docking stations with the Dell Encryption Pre-Boot Authentication environment. [DDPSUS-1923] Resolved and issue with Pre-Boot Authentication displaying an initial access code, even though connectivity to the Dell Security Management Server is present. [DDPSUS-2198. DDPSUS-2200] An issue resulting with the backslash/pipe ( |) key on an Arabic behaving differently than expected has been resolved. [DDPC-6529] The Windows 10 upgrade process with PBA activated is improved. [DDPC-8031] SED Management v8.18
An error message no longer displays during an upgrade of Digital Persona’s Auth when the Dell Data Security Console is also open during the upgrade. [DDPC-7836] Oberthur chip only smart card ID-One COSMO V7.0 works as expected on a UEFI copmuter. [DDPC-7985] Smart card readers are now detected on legacy machines. [DDPC-8030] Full Disk Encryption v1.2
An error message no longer displays during an upgrade of Digital Persona’s Auth when the Dell Data Security Console is also open during the upgrade. [DDPC-7836] FDE is now supported on Dell Optiplex 5055, XPS 13 9365, or Latitude 5495. [DDPC-7970]

50

Technical Advisories

Re-activation failures no longer occur when re-imaging a device that was protected by Dell’s software based Full Disk Encryption. [DDPC-8265] Legacy Boot Mode FDE
Windows 7 machines boot successfully after activating PBA. [DDPC-7496] There is no longer a delay when switching between PBA authentication and Windows login screen on a windows 7 machine.
[DDPC-7677] Touchpad now works after a PBA activation. [DDPC-7758] There is no longer a touchpad functionality issue with dual interfaces such as PS/2 and I2C. [DDPC-7865] A machine with a non-SED drive, is able to detect the hard drive after enabling FDE and activating PBA. [DDPC-7999] Bitlocker Manager v8.18
An error message no longer displays during an upgrade of Digital Persona’s Auth when the Dell Data Security Console is also open during the upgrade. [DDPC-7836] Technical Advisories v8.18
Encryption Enterprise for Windows
Dell Encryption logs do not specify if insufficient disk storage caused installation failure. [DDPC-2994] Single Sign On is

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>