Software Update: Symantec Endpoint Encryption 11.4.0

Symantec, which is now part of Broadcom, has historically acquired two different companies that developed encryption software: GuardianEdge and PGP. Symantec has long released the software from these two acquisitions as two different encryption product lines. The GuardianEdge line was renamed ‘Endpoint Encryption’ and the PGP line was renamed ‘Encryption Desktop’ along with ‘Encryption Management Server’. To an outsider, it was confusing for one company to release two different encryption products that competed and couldn’t work with each other. With the release of Endpoint Encryption 11 largely came to an end in 2014. Since there is no easy way to upgrade from SED and SEMS to SEE, maintenance packs are still being released for the old PGP line. However, new feature development is focused only on the merged Endpoint Encryption line. The development team has released Endpoint Encryption version 11.4.0 with the following list of changes:

What’s new in this release

Symantec Endpoint Encryption Management Server Web Console

• Ability to view dashboard and reports and perform Help Desk Recovery using a new integrated Web Console Symantec Endpoint Encryption introduces a new web-based Management Server Web Console to view the compliance posture of your endpoints using dashboard and reports, as well as help managed users to regain access to their encrypted computers using the Help Desk Recovery feature. Using the Settings option, you can also set a new Management Password without using your existing password. For more information about each feature, click on the following links:
  • Dashboard
  • Reports
  • Help Desk Recovery
  • Reset Management Password
• Ability to reset Management Password using Management Server Web Console Using the Settings option on the Symantec Endpoint Encryption Management Server Web Console, administrators can reset the Management Password that was created while installing the Symantec Endpoint Encryption Management Server. To set the new password, administrators need not enter the old password. This avoids the re-deployment of Symantec Endpoint Encryption when an administrator forgets the Management Password. For more information, see the topic, Resetting Management Password using Management Server Web Console.

Symantec Endpoint Encryption Management Server Configuration Manager

• Ability to use OAuth based communication channel Symantec Endpoint Encryption introduces a new OAuth-based communication channel, which administrators can leverage for communication between the Symantec Endpoint Encryption Clients and the Symantec Endpoint Encryption Management Server. This new channel is provided in addition to the existing Windows authentication-based communication channel. The OAuth-based communication channel overcomes the issue of communication outages between the clients and the server when a Windows password expires. For more information, see the topic, Using OAuth for communication.

Symantec Endpoint Encryption Client

• Added compatibility with Apple M1 chip This release extends support for the installation of Symantec Endpoint Encryption for FileVault and Removable Media Access Utility on macOS systems that are based on the Apple M1 chip.

resolved issues

• Updated Symantec Endpoint Encryption to address security issues for greater data protection.
• On certain Dell systems (5400 and 6420 series) installed with Drive Encryption, users using PIV 8.1 cards with internal smart card readers can now authenticate at preboot successfully. [EPG-26289]
• When a Drive encryption endpoint is moved between different policies, the list of associated Client Administrators is now updated and displayed accurately under the Associated Users tab of the endpoint details. [EPG-25416]

Known issues

• The latest version of Microsoft OLE DB Driver for SQL Server is not yet supported. A Microsoft OLE DB Driver for SQL Server driver is required for installing Symantec Endpoint Encryption. Microsoft OLE DB Driver 19.0.0 for SQL Server is not yet compatible with Symantec Endpoint Encryption 11.4.0. Alternatively, use Microsoft OLE DB Driver 18.6.0 for SQL Server for installing and configuring Symantec Endpoint Encryption. For more information, see the article at [EPG-26312]
• The Change Web Access server command feature is not yet supported with OAuth based communication channel. The Change Web Access server command is used to create and distribute Internet Information Services (IIS) client/server communication credentials and server parameters to your client computers. If you have enabled OAuth for communication and want to use the Change Web Access server command feature for information distribution, switch over to the Windows Authentication communication channel. This can be done by setting the OAuth related option in the Advanced Setting page to False, and then distributing the update to all the endpoints. When the SEE clients have received and switched to Windows Authentication, send the Change Web Access server commands that you want. After the SEE clients have received the sent Change Web Access server commands, administrators can switch back to using the OAuth based communication channel by setting the OAuth related option in the Advanced Setting page to True, and then distributing the update to all the endpoints. [EPG-26319]
• Communication between Symantec Endpoint Encryption macOS client systems and Symantec Endpoint Encryption Management Server fails if the communication channels are configured to use OAuth for authentication, the protocol used is HTTPS, and the new security requirements for server certificates are not met. Workaround: Create the server certificate following the guidelines that are available in the article, , and then update the server certificate on the Configuration Manager.
• While running the web console on the Firefox browser, certain user interface elements of the web console may not be displayed properly. Ignore this issue as it does not impact the functionality. To work around this issue, use one of the supported browsers.