Loading...

Knowledge Center


Drive Encryption 7.x Known Issues
Technical Articles ID:   KB84502
Last Modified:  11/5/2019
Rated:


Environment

McAfee Drive Encryption (DE) 7.2.x, 7.1.x

For details of DE 7.x supported environments, see KB79422.

Summary

Recent updates to this article:
Date Update
November 5, 2019 A minor correction implemented.
September 19, 2019 Added DE 7.2.9 Hotfix 1 and 2 resolved issues. Hotfix 2 has only been released to support and supersedes hotfix 1.
August 13, 2019 Minor formatting correction implemented.
July 23, 2019 Added DE 7.2.9 General Availability release details and updated all entries resolved by this release.
Added reference MDE-4820 to the Non-critical known issues section.
Removed reference: 1049443 (no longer reproducible).
February 6, 2019 Reference 1251712 updated to change "restored and restarted" to "restored or restarted" in the Critical known issues section.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article is updated when new issues are identified post-release, or if additional information becomes available.

NOTE: All issues that are tagged as resolved are included in the latest release, which is available from the Product Downloads site using a valid Grant Number. Updates are cumulative; McAfee recommends that you install the latest one.

Contents
Click to expand the section you want to view:

Product Version Release Date
DE 7.2.9 Hotfix 2 - RTS 4 September 18, 2019
DE 7.2.9 Hotfix 1 (controlled release) Superseded by Hotfix 2 August 10, 2019
DE 7.2.9 (GA) July 23, 2019
DE 7.2.8 (GA) December 11, 2018
DE 7.2.7 (Repost) October 25, 2018
DE 7.2.7 (GA) October 9, 2018
DE 7.2.6Hotfix 1247725 (HF1247725) - RTS 4 August 20, 2018
DE 7.2.6 (GA) July 10, 2018
DE 7.2.5 (GA) April 10, 2018
DE 7.2.4 (GA) February 13, 2018
DE 7.2.3 Hotfix 1225186 (HF1225186) - RTS 4
January 17, 2018
DE 7.2.3 (Build 7.2.3.29) (Repost) December 22, 2017
DE 7.2.3 (Build 7.2.3.28) (GA) December 14, 2017
DE 7.2.2 (Build 7.2.2.14) (GA) November 13, 2017
DE 7.2.1 (Build 7.2.1.24) (GA) March 29, 2017
DE 7.2.0 (Build: 7.2.0.457) Repost 3 December 19, 2016
DE 7.2.0 (Build: 7.2.0.456) (GA) December 15, 2016
 
DE 7.1 Update 3 Hotfix 1241165 (HF1241165) 2 July 10, 2018
DE 7.1 Update 3 Hotfix 1208296 (HF1208296) 2 December 19, 2017
DE 7.1 Update 3 Hotfix 1148978 (HF1148978) 2 August 02, 2016
DE 7.1 Update 3 Hotfix 1131996 (HF1131996) 2 May 4, 2016
DE 7.1 Update 3 (GA) June 25, 2015
DE 7.1 Update 2 1 (GA) December 11, 2014
DE 7.1 Update 1 (GA) June 10, 2014
DE 7.1 (GA) December 16, 2013
GA = General Availability
n/a = not available
1 DE 7.1.2 is a server-side only feature pack release with no client component, and thus has no client build number.
2 Rollup hotfix that contains all previously released hotfix resolved issues.
3 After checking in the DE 7.2 (Repost), the DE 7.2.0 EEAdmin Extension appears as 7.2.0.457. But, another entry for EEAdmin also exists showing 7.2.0.456 for the (GA). All other extension versions remain unchanged.
4 The hotfix is only Released to Support (RTS). To obtain the hotfix, contact Technical Support. See the Related Information section for details.
McAfee investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request (https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR). Include this article number in the Problem Description field.

See KB51560 for detailed information on release cycles.

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.

Critical known issues - general
Reference
Number
Related
Article
Found
Version
Fixed
Version
Resolved Issue Description
MDE-5031 - 7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: Systems become Inactive after upgrading to DE 7.2.9.7. Upgrades fail when an EFI system partition file read access collision occurs.

Resolution: The DE Redirection Driver now successfully reloads to protect DE boot code from Windows Updates.
MDE-5030 - 7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: Preboot corruption occurs after a system restart due to an unclean shutdown during Window updates.

Resolution: The preboot registry is now only updated if the contents of the underlying files change.
MDE-5028 - 7.2.9 7.2.9
Hotfix 2
RTS)
Issue: The boot code is upgrading at every startup.
Resolution: The DE boot code is now only updated when necessary.
MDE-4808 - 7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: Preboot fails when the Windows BCD store becomes corrupted

Resolution: DE now successfully prevents reactivation of other unaffected encryption providers.
1267074
1268295
- 7.2.8 7.2.9 Issue: System crash (blue screen) "Driver Power State Failure," after installation of DE.
1249172 - 7.2.5 7.2.8 Issue: Systems enter Windows repair mode post upgrade to Drive Encryption 7.2.5 and after a system restart.
1258718
1259203
KB91094 7.2.7 7.2.8 Issue: [UEFI systems] After an upgrade, the "Go back to the previous version of Windows 10" functionality fails and after a reboot displays the Automatic Repair window.
1258267
1260742
KB91010 7.2.7

7.2.6
Hotfix 1247725
7.2.8

7.2.7
(Repost)
Issue: [UEFI systems]After Microsoft monthly updates have been applied on Windows 10 systems, the computer enters into Windows 10 recovery mode.
This issue is seen on systems with six or more partitions that exist in the primary disk. See the related article for more details.

Resolution: McAfee recommends that you upgrade to Drive Encryption 7.2.8 due to the additional Windows 10 UEFI issue found post release of DE 7.2.7. For details, see KB91094.
1221297
1240143
1242673
KB90939 7.2.1 7.2.7 Issue: The Drive Encryption host service (mfeepehost.exe) crashes during a user update on Intel Software Guard Extensions (SGX) platforms when using cold boot hardening policy.
1251712
1252775
1252982
1253488
1253633
KB90940 7.2.6 7.2.7 Issue: Keys can't be exported after the ePolicy Orchestrator Server is restored or restarted.
1227339
1234772
1239094
1239283
KB91034 7.2.1 7.2.6
Hotfix 1247725
Issue: After Microsoft monthly updates have been applied on Windows 10 systems, the computer enters into Windows 10 recovery mode.
This issue is seen on systems where the disk or volume layout has changed. See the related article for more details.
1249274 KB90794 7.1.3
Hotfix
1241165
7.1.3
Hotfix
1241165
(Repost)
Issue: The following issue is seen after installing Drive Encryption 7.1.3.634 Hotfix 1241165. After a system restart, the system fails to boot. The following error is displayed during the boot sequence.
"Secure Boot Violation - Invalid signature detected. Check Secure Boot Policy in Setup"
1241165 SB10242 7.1.3 7.2.6

7.1.3
Hotfix
1241165
Issue: An issue has been identified where the Trusted Platform Module (TPM) measurements did not include the BCD entries, in Drive Encryption versions 7.1.3 and later. This issue affects the TPM autoboot feature, where the vulnerability could allow a third party to boot the system and gain unauthorized access.

Resolution: For information about the vulnerability and remediation, see the Security Bulletin in the Related Article column.
1232451 - - 7.2.5 Issue: Activating with an Opal encryption policy when the system has two Opal disks, results in a black screen or error. This issue occurs after successfully authenticating at preboot (password or autoboot).
1222948 KB90145 7.2.3 7.2.4 Issue: System crash or blue screen occurs, after connecting some USB devices such as USB media, printers, and others.
Crash dump details include references to:
  • PAGE_FAULT_IN_NONPAGED_AREA
  • MfeEpeOpal.sys
Resolution:
NOTES:
  • Previously resolved by DE 7.2.3 Hotfix 1225186 (HF1225186). This release was only Released to Support (RTS).
  • This issue was addressed in DE 7.2.3 (Repost) for devices known to cause the issue.
1217681 KB90589 7.2.0 7.2.3 Issue: Unable to upgrade from the following because of a Drive Encryption registry key lock:
  • McAfee Agent 4.8.x
  • McAfee Client Proxy (MCP) 2.1.1.106
  • MCP 2.1.3.105
1195815 - 7.1.3 7.2.2
7.1.3
Hotfix
1208296
Issue: Surface Pro 4 firmware update fails, with DE 7.2.x installed and activated.
1204769 - 7.2.1 7.2.2 Issue: Upgrading a system that runs Opal encryption, from Drive Encryption 7.1.3.590 to 7.2.1 or 7.2.0, fails.
1207340 KB89786 7.2.1 7.2.2 Issue: The following error occurs when you upgrade from Endpoint Security 10.2 to Endpoint Security 10.2.1, with DE 7.2.1 or 7.2.0 installed.

"RT - Error 1406. Could not write value dwIsFullScreen to key: \Software\McAfee\Endpoint\Common\
BusinessObjectRegistry\SYSTEMINFO"
1188533 KB89037 7.2.0 As
Designed
Issue: Unable to upgrade the Drive Encryption Help extension, from DE 7.x to DE 7.2.0 or later. The following error is displayed during check-in:
"Can't upgrade extension de_help to version 7.2.0.040 because version 710.100 is already installed"

Workaround: This behavior is expected because of the change in the version convention. Remove earlier versions of the DE Help file before you install DE 7.2.0 or later.
NOTE: Issue not seen after upgrading from DE 7.2.0 to later versions.
1156855 KB89035 7.1.3 7.2.1 Issue: (DE Agent / Host) System crash with DE and Seagate Opal HDD when Intel Rapid Storage Technology (RST) driver is installed.
1173642 KB88269 7.2.0 7.2.0
Repost
Issue: Corrupted text displayed when accessing the Single Sign On (SSO) section located under Policy Catalog, Drive Encryption 7.2, Product settings, Logon (tab).

Resolution: Download the reposted DE 7.2.0 (build 7.2.0.457) release.
NOTE: No actions are needed for customers who downloaded the original version (7.2.0.456) and do not use double-byte languages.
1130663
1142285
KB87429 7.1.3 7.2.0 Issue: Some Lenovo systems failed to boot with NVMe drives with software encryption enabled. Suitable compatibility options have now been added to alleviate the issue.
NOTE: Previously resolved by DE 7.1.0 Update 3 HF1148978.
1129908 KB87098 7.1.3 7.2.0 Issue: A continuous boot loop was seen when Out Of Band settings were enabled on systems with unsupported versions of AMT. Enhancements have been made to the DE PBA to prevent Out Of Band actions being applied to unsupported versions of AMT. See the related article for details about the specific issue with AMT 11.
NOTE: Previously resolved by DE 7.1.0 Update 3 HF1148978.
1064792 KB85765 7.1.3
ePO 5.3.0
ePO 5.3.1 Issue: The following error is displayed during the DE 7.1.3 check-in process on an ePolicy Orchestrator (ePO) 5.3.0 server:
Unable to install extension. java.sql.SQLException: Invalid object name 'OrionLdapItems'.

Resolution: Resolved in ePO 5.3.1. See the related article for details.
1117564 KB87297 7.1.3 7.2.0 Issue: System becomes unresponsive during preboot authentication on an HP EliteDesk 800 fitted with the Skylake chipsets. These chipsets do not include support for USB 2.0, and only include support for USB 3.0.

Resolution: Support added for USB 3.0 systems during preboot.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1095792 KB86246 7.1.0 7.2.0 Issue: After upgrade from Endpoint Encryption for PC (EEPC) 5.x to DE 7.x, any computer that contains an encrypted secondary disk might display the message unsupported.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1116599 - 7.1.0 7.2.0 Issue: BitLocker Encryption is not detected correctly when installing DEGO.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1092250 - 7.1.0 7.2.0 Issue: DEGO fails to upgrade if the major version numbers for DEGO match the preinstalled version and the upgrade version.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1077566 - 7.1.0 7.2.0 Issue: Improvements needed for connections between client and ePO to prevent the errors: Connection refused and Server busy.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1079378 - 7.1.0 7.2.0 Issue: Improvements needed to LDAP caching in DE to increase efficiency when processing new client activations.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1144648
1148797
KB87365 DE 7.1.0

MA 5.0.3
MA 5.04

MA 5.0.3
Hotfix
1148797
Issue: DE 7.1.x fails to add users on systems with 50 or more users assigned when McAfee Agent (MA) 5.0.3 is installed.
Workaround: Remove MA 5.0.3 and install MA 5.0.2.
Resolutions:
  • MA 5.0.4
  • MA 5.0.3 Hotfix 1148797
Both are available from the Product Downloads site. See the Related Information section for details.
- KB84690 7.1.0 n/a Issue: User attributes renamed while upgrading the McAfee ePO server from 4.6.x to 5.1.x with DE 7.1.x in place.

Resolution: See the related article for details.
1073719 KB85007 - n/a Issue: Removing the EEADMIN extension, DE/EEPC 7.0.4 extension, or both, and then trying to reinstall the same version or installing an earlier version of the EEADMIN/EEPC extensions, damages the database and is not supported. For example, you can't remove the EEADMIN 7.0.4 extensions and install the EEADMIN and EEPC 7.0 (GA).

Resolution: Do not downgrade extensions.
NOTE: If you must revert to an earlier version of the EEADMIN / EEPC extension, first perform an ePO disaster recovery by following the steps in KB66616.
1031617 KB83664 MA 5.0.0 MA
5.0.1
Issue: Client always shows the System State as Inactive after upgrading to MA 5.0.

Resolution: Download McAfee Agent (MA) 5.0.1 from the Product Downloads site using a valid Grant Number. See the Related Information section for details.
- - 7.1.0 n/a Issue: Hardware incompatibility incurred during deployment.

Resolution: Before you deploy DE to your site, McAfee recommends that you qualify the product first on a subset of the hardware used throughout your environment. If hardware compatibility issues are encountered during this test deployment, McAfee recommends using the Pre-Boot Smart Check feature. This feature can overcome several common compatibility issues. By performing the Pre-Boot Smart Check before the rollout, you can scope which computers might require this feature being enabled during production deployment.
For more information about the Pre-Boot Smart Check feature, see the DE FAQ article KB79784. For instructions to use Hardware Compatibility Settings tool for DE 7.1 Update 1 and later, see KB81900.
943277
943971
943973
KB81148 7.1.0 7.1.1 Issue: DEGO 7.1 Compliance Query is showing failures for all systems, even though individual system properties show all tests as Successful. Systems might fail to activate if the DE 7.1 Policy is set to activate only if the DEGO Health Check passes.
945213 KB81522 7.1.0 7.1.1 Issue: The error [0xEF000008] - Failed to load cryptographic module is occasionally seen when upgrading from EEPC 6.1.2, 6.1.3, 6.2.0, or 6.2.1 to DE 7.1.
1048264
1050039
KB84648 - ePO 5.1.0
Hotfix
1048264
Issue: Unknown User displays during preboot after DE users are deleted because of an exception being thrown while the LDAP sync task runs.

Resolution: To prevent the problem, install one of the following ePO hotfixes:
  • ePO5xHF1048264 for ePO 5.1.0, ePO 5.1.1, ePO 5.1.2, and ePO 5.3.
  • ePO46xHF1048264 for ePO 4.6.7, 4.6.8, and 4.6.9.
NOTE: The hotfix corrects the problem so that when the LDAP sync task encounters an exception, user data is not deleted. Download details are included in the related article.

Workaround: If you have this issue, use one of the workarounds documented in the related article.
1048264
1050039
KB83931 - ePO 5.1.0
Hotfix
1048264
Issue: Unknown User displays during preboot after DE user names are changed to FQDN format.

Resolution: To prevent the problem, install one of the following ePO hotfixes:
  • ePO5xHF1048264 for ePO 5.1.0, ePO 5.1.1, ePO 5.1.2, and ePO 5.3.
  • ePO46xHF1048264 for ePO 4.6.7, 4.6.8, and 4.6.9.
NOTE: The hotfix corrects the problem. If the LDAP sync task runs while the McAfee ePO server is still initializing, it does not result in corrupting DE user data. Download details are included in the related article.

Workaround: If you have this issue, use one of the workarounds documented in the article.

Back to top

Non-critical known issues - general
Reference Number Related
Article
Found
Version
Fixed
Version
Issue Description
MDE-5092   7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: Files are randomly locked in the EFI system partition, when other processes have the files open

Resolution: Checking for DE boot code changes now works, even when other processes have the files open for reading.
MDE-4773 - 7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: A black screen displays when the system restarts after a Drive Encryption deployment.

NOTE: Previously resolved by DE 7.2.9 HF1.
MDE-4810   7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: After enabling Caps Lock, characters remain in lowercase using an on-screen keyboard (OSK) on a UEFI system.

NOTE: Previously resolved by DE 7.2.9 HF1.
MDE-4819   7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: Preboot file system (PBFS) sync fails, showing the error:
"OS drive no longer available"

NOTE: Previously resolved by DE 7.2.9 HF1.
MDE-4820 - 7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: Unnecessary user updates are sent up to Agent Handler on every policy enforcement, if the user update acknowledgment is lost or discarded.

NOTE: Previously resolved by DE 7.2.9 HF1
1250486 - 7.2.8 7.2.9 Issue: User Certificate failing to import from Active Directory
1256659 - 7.2.1 7.2.9 Issue: Windows update error fails with error 0x80070490 because of an empty SetupConfig.ini file.
1268517 - 7.2.8 7.2.9 Issues:
  • Challenge Response recovery procedure failed.
  • Error seen when exporting recovery keys:
    "No machine key available for this system"
Resolution: To eradicate recovery issues, harden the export of recovery keys mechanism.
1269831 - 7.2.8 7.2.9 Issue: User certificate not found with ATOS (Siemens) CardOS 5.3 on UEFI systems.
1264395 - 7.2.4 7.2.9 Issue: User certificate not found with ATOS (Siemens) CardOS 5.3 on Legacy systems.
1247732 - 7.2.2 7.2.7 Issue: ePolicy Orchestrator (ePO) audit entries for saving the Drive Encryption policies, were not being suppressed
when a user changed the Server Settings, simple words, or hardware compatibility areas.

Resolution. ePO 5.9.x and ePO 5.10.0 with DE 7.2.7.
1249067 - 7.2.6 7.2.7 Issue: Installation or upgrade to DE 7.2.6.6 through ePO deployment reports as failed even though DE is properly installed and functional
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1216572 - 7.2.1 7.2.7 Issue: Windows 10 (version 1709) Fall Creators Update and later. Windows password fails to sync to preboot when the Computer has an internal or external smart card reader.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1228829 - 7.2.2 7.2.6 Issue: On rare occasions, at some point after upgrading to Drive Encryption 7.2.2, the following error is displayed when rebooting a legacy BIOS configured system:
"EEPC has been corrupted".

Workaround: Perform an emergency boot. For how to perform an emergency boot with the Drive Encryption DETech Standalone boot disk, see KB71868.
1234597 - 7.2.4 7.2.6 Issue: Previously encrypted volumes that had been resized, either manually or during a Windows upgrade could not be deactivated.
1219249 - 7.2.1 7.2.5 Issue: After first locking the computer (Ctrl+L), the Windows logon screen is not displayed after pressing Ctrl+Alt+Del to unlock the computer. Only a blank screen is presented to the user. Only after pressing Ctrl+Alt+Del multiple times, eventually it presents the required credential tile.
1226529 - 7.2.3 7.2.5 Issue: DE activates with software encryption instead of the expected Opal encryption when a fixed USB media is inserted during activation on a UEFI system.
1226707 - 7.2.3 7.2.5 Issue: Activation of Opal encryption fails when any USB device is inserted during activation. The Opal activation fails on legacy BIOS systems.
1228498 - 7.2.1 7.2.5 Issue: Noticeable delays when viewing systems at the ePO Organization Group level when the 'DE System' state column is selected.
1222947 KB90216 7.1.3 7.2.4 Issue: Systems fitted with a Micron MTFDDAK256MAM-1K12 Opal drive, fail to boot during startup, after disabling protection to deactivate Drive Encryption.
The following error is displayed after a system restart:
No bootable device found

Resolution:
NOTE: Previously resolved by DE 7.2.3 Hotfix 1225186 (HF1225186). This release was only Released to Support (RTS).
1221179 1214949 - 7.2.1 7.2.4 Issue: Balloon notification reports preboot password is not in sync even though the password sync was successful.

Resolution:
NOTE: Previously resolved by DE 7.2.3 Hotfix 1225186 (HF1225186). This release was only Released to Support (RTS).
1183032 KB89462 7.2.0 7.2.2 Issue: SSO no longer functions for new Smart Card users in DE 7.2.x, if the policy Must Match Username is enabled.
1189124 KB89061 7.2.0 7.2.2 Issue: Autoboot fails, if the policy TPM If Available is enabled in DE 7.2.x.
1187815 - 7.1.3 7.2.2
7.1.3
Hotfix
1208296
Issue: USB Floppy Drives are not displayed in the DETech Standalone Recovery File Explorer.
1212685   7.1.3 7.2.2 Issue: Hewlett Packard (HP) 640, 650G2, 820, 840, and 850G3 computers stop responding, if the policy is set to Turn off when at preboot for a specified period of time.
1204410 - 7.2.0 7.2.2 Issue: A version mismatch is detected between DETECH/WinTec and the installed version of Drive Encryption.
1152041 - 7.1.3 7.2.2
7.1.3
Hotfix
1208296
Issue: On some Dell systems, characters appear in the user name and Password fields, by moving the mouse in preboot.
1178391 - 7.2.0 7.2.1 Issue: (DE Agent / Host) Incorrect agent version is stored via the Drive Encryption MA plug-in. This fact causes automatic attempts to install after a successful activation.
1176891 KB88764 7.1.3 7.2.2
7.1.3
Hotfix
1208296
Issue: (Credential Provider) The Smart Card credential provider is presented as Windows logon instead of Password credential provider.
NOTE: This issue is only partially resolved with the 7.2.1 release. With this release, an issue is still seen when a user logs out, but then tries to log back into Windows. If the user simply locks the computer, it unlocks as expected.
1177130 - 7.1.3 7.2.1
7.1.3
Hotfix
1208296
Issue: (Extension) When you use the Quick Search field in ePO, a user is not listed in the results if the name contains a period (.).
1168125 - 7.1.3 7.2.1
7.1.3
Hotfix
1208296
Issue: (PBA UEFI) Double characters display in PBA if a user presses the Shift key.
1177102 KB89314 7.1.3 7.2.1
7.1.3
Hotfix
1208296
Issue: (PBA UEFI) Internal Broadcom Smart Card readers are not detected in PBA on several Dell systems.
1177618 - 7.1.3 7.2.1
7.1.3
Hotfix
1208296
Issue: (PBA UEFI) Caps Lock or SHIFT state is not maintained when using the DE On-Screen Keyboard.
1162360 KB89038 7.1.3 7.2.1 Issue: (DE Agent / Host) The following registry keys remain after uninstalling DE. McAfee Agent on the client under About continues to report is as installed: HKLM\SW\WOW6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\EEPC

Workaround:
Delete the registry key.
1180037 - 7.1.3 7.2.1
7.1.3
Hotfix
1208296
Issue: [Surface Pro 4] On Screen Keyboard (OSK) does not function unless the policy option 'Always Display OSK' is also enabled. Enabling the policy option 'Enable OSK' is sufficient to enable the OSK. Having to select both policy options causes the OSK to also display on systems that do not need it.

Resolution: NOTE: You must also check in the latest Hardware Compatibility XML. For details, see KB81900.
1111238 - 7.1.3 7.2.0 Issue: EEPC v5 users were unexpectedly matched to different DE v7 user directory users. An improvement has been added to the LDAP attribute rules to prevent this issue.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1125075 - 7.1.3 7.2.0 Issue: Systems might fail to display the credential provider tiles after a system is locked. A fix allows the tiles to be seen as expected.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1140743 - 7.1.3 7.2.0 Issue: An enhancement has been added to fix a null point exception caused when no System Users were assigned during the EE:SystemUser Report generation.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1145547 - 7.1.3 7.2.0 Issue: A fix has been implemented to increase boot times for Opal-activated systems that use Legacy BIOS where the DE disk controller was not being reset correctly.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1146025 - 7.1.3 7.2.0 Issue: Improvements have been made to Opal driver messaging to help prevent incompatibilities seen with Intel RST infrastructure.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1116131 - 7.1.0 7.2.0 Issue: Onscreen Keyboard is not available for recovery after a user becomes locked out because of exceeding the expiry threshold.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1115632 - 7.1.0 7.2.0 Issue: NumLock synchronization at preboot is not applied correctly on systems that require the AMI key code protocol.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1084527 KB85469 7.1.0 7.2.0 Issue: A system in UEFI BIOS mode might appear to hang at preboot if the "out of band" policy is enabled and no user input is made.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1043660 - 7.1.0 7.2.0 Issue: The query for System Users does not display correctly.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1073980 - 7.1.0 7.2.0 Issue: Double-byte characters cause preboot to crash when used for user recovery.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1038880 - 7.1.0 7.2.0 Issue: Pie chart query displays incorrect number of systems.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1012722 KB82801 7.1.0 7.2.0 Issue: The requirement for a certificate when applying LDAP attributes is inconsistent with the implementation used in older product versions. The administrator is unable to delete the Drive Encryption User Certificate field from the task 'LdapSync: Sync across users from LDAP'.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1094366 - 7.1.0 7.2.0 Issue: Trying to obtain a DE recovery key via key check value in ePO might return Null output.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1110473   7.1.0 7.2.0 Issue: 'OptIn user' inheritance fails to add user to new systems added to an existing machine group in ePO.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1103427 KB86260 7.1.0 7.2.0 Issue: No User attributes are shown when creating a User Directory User via ePO 5.1.3 or 5.3.1.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
955755 - 7.1.0 7.1.3 Issue: When performing a system recovery, the following error was shown when obtaining a challenge response code Unknown Error has occurred. This issue occurs when one or more of the ePO database Display Name fields contains the string NULL.
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 1005393 (Build 7.1.1.470), which is no longer available.
986808 KB83333 7.1.0 7.1.3 Issue: The ePO Application Server Service periodically failed to shut down in a timely manner.
983564 - 7.1.0 7.1.3 Issue: With the policy setting Cold-Boot Protection on standby enabled, systems fail to transition into sleep mode (S3).
996316 - 7.1.0 7.1.3 Issue: On selected UEFI-enabled computers, removing a USB device when in PBA causes the computer to become unresponsive.
1013841 - 7.1.1 7.1.3 Issue: Number of days for password expiry is blank at PBA on Japanese operating systems.
1026472 - 7.1.0 7.1.3 Issue: UTC +13 time zones not supported.
1028821 - 7.1.0 7.1.3 Issue: Reports of high CPU utilization when activating McAfee Device Encryption.
1028753 - 7.1.0 7.1.3 Issue: UEFI Opal activated devices randomly boot to the Windows Recovery Console.
1040854 - 7.1.1 7.1.3 Issue: Logon time-out message appears incorrectly with Japanese language applied.
937778 KB82986 7.1.0 7.1.3 Issue: The Windows logon input mechanism fails to appear after a successful DE preboot authentication. This failure occurs when using a Windows Live ID user on a Windows 8 or 8.1 platform with smart card capability. The user can't log on to Windows.

Workaround: See the related article for details.
1009953 KB83375 7.1.0 7.1.3 Issue: Incorrect decryption time continually shows one (1) minute when using DETech to decrypt a system.
1017262 - 7.1.1 7.1.3 Issue: When using Temporary Autoboot on a system that is configured to use the TPM for Autoboot, the operation always uses the TPM.

Resolution: This behavior has been changed. Now when using Temporary Autoboot, the operation is performed using standard autoboot.
969812 - 7.1.0 7.1.3 Issue: On a BIOS system, with large numbers of USB interfaces, one or more USB devices might not be recognized.

Resolution: The number of USB interfaces no longer interferes and the device is recognized.
962167 - 7.1.0 7.1.3 Issue: During preboot authentication, pressing the Shift key does not alternate characters when in UEFI mode.
956714 - 7.1.0 7.1.3 Issue: Users that are removed from ePO are not deleted from the AD lookup cache table.
1005524 - 7.1.0 7.1.3 Issue: The ePO services do not shut down as expected with DE is installed.
1013878 - 7.1.1 7.1.3 Issue: After you upgrade to DE 7.1 Update 1, users are not assigned to the endpoint until the ePolicy Orchestrator (ePO) Tomcat server is restarted.
968772 - 7.1.1 7.1.3 Issue: When using Policy Assignment Rules, a user that has been initialized might become uninitialized when assigned to another system.

Resolution: The user state is correctly preserved and the user remains initialized on the new system.
1014198 KB83469 7.1.1 7.1.3 Issue: Disk is not formatted error is reported after using the Machine key reuse feature and restarting the system.
1059766 - 7.1.1 7.1.3 Issue: System becomes unresponsive when a user enters a double-byte character, such as backslash (\) in Japanese locale, when populating the self-recovery registration questions.
1049956 - 7.1.1 7.1.3 Issue: When you run the core.help API command using ePO 5.1.1, core.help does not return ee commands even when DE extensions are correctly installed.
976549 KB82152 7.1.1 7.1.3 Issue: Remediation images are not loaded correctly when installing the DE 7.1.1 EEDeep Extension. The ePO orion.log file records the following error:

"[org.xml.sax.SAXParseException; lineNumber: 22; columnNumber: 4; The element type "version" must be terminated by the matching end-tag "".]]"

Workaround: See the related article for details.
1051179 - 7.1.1 7.1.3 Issue: [Microsoft Surface Pro 3] On Screen Keyboard (OSK) inputs are not accepted.
936030 KB86540 7.1.0 7.1.3 Issue: Some DE 7.1.x error codes relating to the Trusted Platform Module (TPM) Autoboot and Policy Hardening appear as Unknown. The reason is because of missing error strings in the localization file.
Without the error strings, the user sees, for example, 0xEE160004 Unknown in the preboot or in the log file. This issue affects all locales.
926415
925531
926418
KB85015 7.1.0 ePO 5.1
Update 1
Issue: Policy assignment rules do not function correctly for users from Child and Grandchild domains.

Resolution: This issue has been addressed in ePO 4.6.7 and an ePO 5.1 hotfix (EPO510HF1b.zip). This hotfix is available from the Product Downloads site using a valid Grant Number. See the Related Information section for details.
1199622 KB90055 DPSSP 1.3.0.12 DPSSP 1.3.1.1 Issue: Data Protection Self Service Portal (DPSSP) fails to load correctly on ePolicy Orchestrator 5.3.3.

Workaround: Enable multiple tab support via the ePO console. See the related article for details.
1024827 KB83617 - DPSSP
1.2
Issue: During stress testing, the ePO administrator was unable to log on to the ePO console. This issue occurred when multiple users tried to perform a system recovery using the Data Protection Self Service Portal (DPSSP). DPSSP is not able to restrict the number of concurrent connections to ePO.

Resolution: This issue is resolved with the release of DPSS1.2, which is bundled with DE 7.1.3. With the release of DPSS1.2, the port is now set to 8444.

Workaround: The potential impact of multiple connections can be mitigated by changing the port used by DPSSP to connect to ePO. See the article for further information and details about how to set up DPSSP to use an alternate port.
MDE-4820 - 7.2.9 - Issue: Meaningless user updates are sent up to Agent Handler on every policy enforcement, if a user update acknowledgment is lost.
Resolution: A solution has been found and will be included in a future hotfix release.
1227222 - 7.2.1 - Issue: Some registry keys are left behind after uninstall.
1226294 - 7.2.3 - Issue: System fails to activate Opal disk after initially trying to activate with software encryption, until the system is restarted.
1226305 - 7.2.2 - Issue: Disabling BitLocker after DEGO has detected incompatible product, is reported incorrectly.
1226290 - 7.2.3 - Issue: After configuring the Opal preboot size via a policy, is not enforced on the client.
1226706 - 7.2.3 -
Issue: The WinPE version of the OpalTech recovery tool fails to remove DE if a USB device is inserted during the removal process.
1173338 - 7.2.0 - Issue: No information is displayed after clicking the Help option to open the help page from the General tab. The issue has been reported to occur when using Internet Explorer and Chrome systems. This issue does not occur on any other page.

Workaround: Click any other tab located in the Product Settings policy, then return to click the General tab again to display the help content.
1145868 - 7.2.0 - Issue: Event 30113 - User Password Synchronized is generated on every Windows logon even though the user logs on with the same synced Windows password.
1149478 - 7.2.0 - Issue: [Localization] Settings name displayed on the Policy Comparison page for the policy Harden against coldboot attacks on system supports SGX is not localized.
1165207 - 7.1.0 - Issue: OPAL activation failure resulting from an incompatible version of EFI firmware fails to fall back to PC software encryption provider.
1145455 - 7.2.0 - Issue: DE preboot shows misleading information to cancel Password Sync and Single Sign On (SSO), on the next system restart after enforcing the policy with Integrated Credential Provider (ICP), SSO and password synchronization enabled.
1169186 - 7.2.0 - Issue: On using EEOpalTech, during token authentication the following error is displayed:
"Error EE050005 Unsupported Token Type"

Workaround: Cancel or ignore the error and continue with the EEOpalTech actions you want.
1137953 - 7.1.0 - Issue: Drive Encryption/DEGO fails to detect BitLocker as an incompatible product if awaiting a hardware test.
1143292   - - Issue: Drive Encryption/DEGO fails to detect Symantec Endpoint Encryption v11 as an incompatible product.
924903 - 7.1.0 - Issue: The Machine Recovery Script fails with an exception when the user data upgrade task is successful. This issue occurs when performed after the user data upgrade task has completed, but before the upgrade of EEAdmin to DE 7.1.0.
1052112 - 7.1.0 - Issue: DE keeps prompting the user with the notification balloon message "Preboot password needs updating". This issue occurs on setting a password at Windows that does not follow UBP rules for an initialized user.
1046611 - 7.1.0 - Issue: The McAfee tile on the Credential Provider screen keeps appearing even after the Single Sign On (SSO) is captured for a user.
1051002 - 7.1.0 - Issue: Windows Active Directory (AD) polling Balloon notification remains until the time-out period expires, even after synchronizing the new credentials by lock/unlock.
1061101 - 7.1.0 - Issue: Windows AD Polling balloon appears even with no Single Sign On (SSO) captured for a user in SSO + Must Match user name scenario.
953651 - 7.1.0 - Issue: After configuring the permission set in either ePO 4.6.7 or ePO 5.1.0 for DEGO, and selecting change and view DEGO settings, the ePO system shows the error: EEGO____1000.EEGO____1000.admin 
Permission set is then not enforced and no policies can be viewed or edited for any user where this permission is applied.
- - 7.1.0 - Issue: [Dynamic and RAID disks in Windows]
Software RAID: DE works at the sector level, and so it does not support software-based dynamic disks and software-based RAID.
Hardware RAID: DE is untested in this mode, but works properly in environments where pure Hardware RAID has been implemented. But, EEPC can't support diagnostic or disaster recovery in this situation.
921227 - 7.1.0 - Issue: Hot-plugging a non-Opal drive into an active system and then activating DE on the system causes the non-Opal drive to be left unencrypted. This issue does not occur if the non-Opal drive is plugged into the system when the system boots.
918870 - 7.1.0 - Issue: Upgrading or uninstalling an ePO-deployed DEGO install from the command line fails silently because MSI installs Per-User and not Per-Computer.
814790 - 7.1.0 - Issue: Offline activation always uses software encryption, even on an Opal drive.
1024913 - 7.1.2 - Issue: Audit for an unprivileged user has the incorrect action for eedeep.resetUserPassword. Instead of showing the localized name, the command name is shown.
1025071 - 7.1.2 - Issue: Audit for an unprivileged user has the incorrect action for eedeep.emergencyBoot. Instead of showing the localized name, the command name is shown.
925733   7.1.0 - Issue: Queries still show as EE: Out-of-band Action Queue after upgrading the client successfully to DE 7.1.0 or later (including EEDEEP extension).
909730 - 7.1.0 - Issue: After upgrading to DE 7.1.0 or later, the queries still show Endpoint Encryption instead of Drive Encryption.
914170 - 7.1.0 - Issue: After disabling the policy option Save machine info, the Save machine info button is still available in the UI for a few seconds. This fact causes the progress bar to become unresponsive on the screen, if an option is clicked.
929618 - 7.1.0 - Issue: The Help extension page is missing for the Manage LDAP attribute link under Server Settings.
788370 - 7.1.0 - Issue: It is not possible to force EEPC version 5 migrated users to change their password until they have logged on through DE 7.1.x preboot at least once.
805262 - 7.1.0 - Issue: In some rare cases, a client UEFI system might not activate because the C: partition can't be shrunk to make way for the DE 7.1.0 or later partition.

Workaround: Running CHKDSK might resolve the problem. If not, manually shrink the C: partition by a small amount (about 1 MB). Activation must then continue as normal.
808920 - 7.1.0 - Issue: Preboot theme and dialogs might appear incorrectly scaled on Cathode Ray Tube (CRT) monitors on some UEFI booting systems. This issue does not affect non-CRT displays.
809043 - 7.1.0 - Issue: Using the mouse excessively with preboot USB support and accessibility enabled might cause preboot to stop responding on legacy BIOS booting systems.
778521 - 7.1.0 - Issue: [Activation] Uninstallation of DE via ePO fails to clean up the DE folder under Program Files.
847307 - 7.1.0 - Issue: [Policies] With Reactive Autoboot enabled, Windows 8 Local Account/User with blank password fails to lock the workstation.
812088
817898
- 7.1.0 - Issue: Policy assignment rules are not enforced for users from child domains where the client system communicates with a specified Agent Handler defined by an Agent Handler assignment rule. This fact can cause missing user-based policies on client systems.
817646 - 7.1.0 - Issue: IDE-redirection is not supported under UEFI. The effect of this is that there is no DE 7.1.0 or later Out-of-band remote remediation capability for UEFI implementations.
835090 - 7.1.0 - Issue: [PBA. EE Logon, UEFI only] - When trying to sync Password (SSO+SYNC) with a European character (ALTgr character) during Preboot authentication (PBA), the operation fails because the characters can't be entered in the password field.
911159   7.1.0 - Issue: Endpoint Encryption (EE) and other EE shared empty query groups are not deleted on upgrade from ePO 4.6.6 to 5.1.0.
931113 - 7.1.0 - Issue: An Unexpected error occurs when a client is hard booted while creating PBFS (activation).
921766 - 7.1.0 - Issue: Change in the PBFS size is not applied when a system reactivates from recovery state after an emergency boot on UEFI systems.
917757 - 7.1.0 - Issue: DETech is sometimes unable to detect a recovery file while authenticating with a file using DETech standalone on a UEFI platform.
921905 - 7.1.0 - Issue: DETech does not currently support Remove DE from secondary (data) Opal drives.
927142 - 7.1.0 - Issue: DETech: Unable to detect USB drives on some systems when trying to select a recovery file in DETech Standalone.

Workaround: Hot-plug the USB drive, then refresh the drive list.
849461 - 7.1.0 - Issue: DETech (Standalone) Operating system fails to load after performing the Remove DE action on a UEFI system with two disks.
762979 - 7.1.0 - Issue: DEGO DC Ping Status still displays a Success message in the DEGO Dashboard after the removal of DEGO from the client.
913595 - 7.1.0 - Issue: EEGO is displayed instead of DEGO in the ePO 5.1 console under Queries & Reports, Shared Groups after you upgrade from EEPC 7.0.
809262 - 7.1.0 - Issue: [Acer Iconia Tab w500] USB mouse does not work on the DETech (Standalone) screen on this model.
927145   7.1.0 - Issue: [Windows 8.1] Single Sign On (SSO) might not replay and stops at Windows logon screen where the Win 8.1 smart card service is running.

Workaround: Disable the smart card service.
930283 - 7.1.0 - Issue: When you check in the EEDeep extension (EEDeep.zip) that is shipped with DE 7.1 before the ePO Deep Command (eDC) 2.0 extension via an ePO 5.1 console, the following incorrect error message is displayed:
"Missing dependencies are required by EEDEEP.EPO.AMT:1.5.0.511. The messages must show that the required supported eDC version is 2.0."

Workaround: Check in eDC version 2.0.
908934 - 7.1.0 - Issue: [ePO 5.1] The DEGO policies in the Policy comparison page have an incorrect prefix named General.
 
Non-critical known issues - expected behavior
Reference Number Related
Article
Found
Version
Resolved
Version
Issue Description
1226268
1219749
KB89945 7.2.1 n/a Issue: Unable to create a DEOpalTech standalone bootable disk. One of the following errors is reported:
  • Bootdisk.exe EEOpalTech.RTB imageopal.dsk
    Writing application to disk image.....image file too large
  • c:\eetech\723>Bootdisk.exe EEOpalTech.RTB Image.dsk
    RTB file too large to fit on a 1.44MB floppy image
Support for DETech on floppy disks is no longer provided.
- - 7.1.0 n/a Issue: Out-of-band User Management does not work when the action is performed on the client system at preboot authentication through Client Initiated Remote Access (CIRA).
- - 7.1.0 n/a Issue: The RemoveDE feature is not supported in the UEFI version of the standalone DETech for Opal.
Workaround: Use the WinPE version of DETech to remove DE on a UEFI system.
- KB82160 7.1.0 n/a Issue: The built-in track pad, mouse pad, or touch interface might not work in preboot on UEFI booting systems. The reason is that some OEMs might not bundle a suitable UEFI driver for the device in the firmware. The track pad/mouse pad requires the UEFI Simple Pointer Protocol and the touch interface requires the Absolute Pointer Protocol to work correctly. To view the requirements to fully support installation on UEFI systems with Drive Encryption, see the related article.
811080 - 7.1.0 n/a Issue: When trying an Emergency Boot of a client system using DETech (Standalone), if a recovery file from a different system is used, Windows automatic repair starts. This behavior is expected because the recovery file contains the wrong key and can't successfully unlock the disk.
789575 - 7.1.0 n/a Issue: A client system with an unlocked Opal drive that has a running Windows session does not show preboot if the system is rebooted using the DeepCommand Options Normal Boot/Reboot feature. This fact is because the system is hard-booted, but power to the drive is not lost and the drive does not lock.
774109 - 7.1.0 n/a Issue: After initiating an out-of-band password reset action, the pre-existing password must be used to log on until the client receives the new password.
801084 KB76329 7.1.0 n/a Issue: Registering an LDAP server as a Global Catalog hides the memberOf attribute. This fact might lead to issues when migrating User Groups in child domains from EEPC 5 to DE 7.1.0 or later. The reason is because DE is unable to determine memberOf relationships. See the related article for details.
798122 - 7.1.0 n/a Issue: After deactivation of Opal systems, you must restart the system before trying to reactivate.
802547 - 7.1.0 n/a Issue: Remove DE is not supported in EEOpalTech (Standalone) for UEFI.
770024 - 7.1.0 n/a Issue: Touchscreen pen support might not function correctly if Always enable pre-boot USB support is not enabled.

Resolution: Ensure Always enable pre-boot USB support is enabled on tablets configured to run in legacy BIOS mode.
965239 KB82028 7.1.0 n/a Issue: Lenovo ThinkPad with ExpressCache software installed is incompatible with all Full Disk Encryption (FDE) software and OPAL Self Encrypting Drives (SED).

Workaround: Lenovo advises users to uninstall the ExpressCache software. See the article for details.
See also the Lenovo article: http://support.lenovo.com/us/en/documents/ht074986
804145 - 7.1.0 n/a Issue: Upgrade from HP Protect Tools 2012 (V8) is no longer supported.
- - 7.1.0 n/a Issue: Removing the EEADMIN and DE extensions, and then installing an earlier version of the EEADMIN / EEPC extensions, damages the database and is not supported.

Workaround: Do not downgrade extensions.
IMPORTANT: If you must revert to an earlier version of the EEADMIN / EEPC extension, first perform an ePO disaster recovery by following the steps in KB66616.
928218 - 7.1.0 n/a Issue: Mac-specific properties are shown as Unknown after checking in the DE 7.1 EEAdmin extension. Examples of the affected Mac parameters: Model Identifier (Mac only), McAfee Preboot Partition Status (Mac only), McAfee Recovery Partition Status (Mac only).
IMPORTANT: The DE 7.1 EEAdmin extension can manage EEMac 7.0 systems. This issue is a cosmetic and will not be resolved because EEMac is EOL.
Non-critical known issues - not a DE issue
Reference Number Related
Article
Found
Version
Resolved
Vendor
Issue Description
1109682 KB86256 7.1.3 Microsoft Issue: The following error is displayed when you run the EEPC 7.0.4 upgrade task:

"Failed with exception 'ResultSet may only be accessed in a forward direction'"

Resolution: Change the SQL Cursor Threshold value to 1, then at the McAfee ePO server run EE: User Data Upgrade task again. See the article for details.
816600 - 7.1.0 Microsoft Issue: MfeEpeHost.exe might sometimes cause the system to become unresponsive on a Windows 8 client that boots using UEFI if the following Microsoft Windows update is not installed: KB2756872 Windows 8 Client and Windows Server 2012 General Availability Cumulative Update.

Resolution: Install the Windows 8 update from http://www.microsoft.com/en-us/download/details.aspx?id=34908.
792096 - 7.1.0 Hardware Issue: On BIOS booting systems, DETech is unable to decrypt large GPT disks (> 3 TB) if the BIOS does not support large disks (> 3 TB).
797652 - 7.1.0 Microsoft Issue: Opal activation might occasionally fail because the Microsoft defragmentation API fails to defrag the PBFS file.
817645 - 7.1.0 Intel Issue: A known issue exists in Intel Active Management Technology (AMT) firmware that can cause a 20-second delay before Client Initiated Local Access (CILA) events leave the endpoint. The effect of this issue on EEPC is that it might take over 20 seconds for an Out-of-band unlock to occur in a CILA environment.

Resolution: Resolved in AMT 9 and later. The 20-second delay remains a limitation with earlier AMT releases.
Product Ideas
To submit a Product Idea, see the Related Information section of this article.
Reference Number Related Article Found
Version
Resolved
Version
Issue Description
1217489 - - 7.2.3 Issue: Request to suppress the error that occurs in ePO logs during addition of attribute.
Example of the error logged in the Orion log:

"ERROR [scheduler-TaskQueueEngine-thread-32] attributes.OrionLdapCustomAttributeHelperImpl - Failed to add attribute with id EEADMIN.attribute.activedirectory.certificate, Failed to write value to attribute com.mcafee.orion.ldapsync.exception.LdapSyncException: Failed to write value to attribute"
1154082 KB89035 - 7.0.4 Issue: Support for Opal Hard Disk drivers or firmware that do not support the status_pending” function, resulting in a System Crash (Blue Screen).
799359 - - n/a Issue: With the current releases, logging is not enabled for DEGO by default.

n/a = not available

Back to top

Reference Number Related
Article
Model Found
Version
Fixed
Version
Issue Description
ASUS Hardware
1253129 - P2540UB 7.2.4 7.2.9 Issue: Touchpad not working in the preboot authentication (PBA) window on ASUS P2540UB in EFI mode.
1061665 - X551MA 7.1.0 7.1.3 Issue: SHIFT key does not function during preboot authentication (PBA).
Dell Hardware
1049804 KB83703 Latitude Exx50 7.1.0 Dell Issue: Fatal ERROR 0xEE800004 or 0XEE020006 (displayed during preboot on Dell Latitude Exx50)

Resolution: Dell is providing (since April 20, 2015) BIOS updates on their public download pages at http://www.dell.com/.
791201 - DELL 990 7.1.0 Dell Issue: Out-of-band emergency boot does not work under Client Initiated Remote Access (CIRA) on DELL 990.
789762 KB76801 Latitude E651,
E6420,
E6410-ATG
7.1.0 Dell Issue: These models require a firmware update to support remote-remediation under BIOS boot.

Resolution: Contact Dell Technical Support to obtain a BIOS update.
797616 - Latitude E6520 7.1.0 Dell Issue: The DELL PBADRV.SYS driver might cause logon issues with DE 7.1. The logon issues might cause a blank screen when you press Ctrl+Alt+Del to resume the system from hibernation.
947992
947943
948556
KB81357 Venue 11 Tablet 7.1.0 Dell Issue: DELL On Screen Keyboard (OSK) does not accept any input during preboot authentication.

Resolution: Contact Dell for assistance to allow the Absolute Pointer Protocol (APP) to be available during preboot after normal start operation. DELL needs to change its BIOS/Firmware to ensure that this protocol is available during startup.
801209
824263
- Latitude E6420 7.1.0 Dell Issue: Stops responding after providing credentials at preboot authentication (PBA) after migrating from v5.

Resolution: Upgrade to the latest DELL Latitude E6420 BIOS.
Dell Hardware
1243007 - Latitude 5580 7.2.5 7.2.8 Issue: A few systems do not display the authentication window that should be displayed during preboot.
1228264 - Optiplex 7050 - 7.2.8 Issue: Dell loops back to authentication after authenticating with smart card.
1243710 - Latitude e5480 7.2.4 7.2.7
Issue: Dell e5480 becomes unresponsive at preboot when using a mouse connected to a Dell WD15 docking station.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1230861 - Latitude 5580 7.2.3 7.2.7
Issue: Latitude 5580 does not shut down automatically at preboot when “Pre-boot power management” is configured to automatically shut down preboot after a period of inactivity.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
  - Latitude 7480
Precision 7720
7.1.2 7.2.5 Issue: System locks up at preboot when docking or undocking.
1052002 KB85076 Latitude 3340 7.1.0 7.2.0 Issue: With this model, after activation, the system boots to black screen before the preboot authentication (PBA) screen can be displayed.

Workaround: After installing DE 7.1.3, the system will be identified as incompatible. This identification prevents the system from being activated and negates the need to perform a recovery.

Resolution: Install DE 7.1.3 Hotfix 1131996.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
978458
981152
KB82876 Latitude E5440 7.1.0 7.1.3 Issue: This model was fitted with an Opal drive, and the hard disk was successfully activated and encrypted. But, on the first system restart, the system shows the following error on a black screen: Fatal Error: [0xEE7F0001] Failed to Connect. This issue occurred because, on this model, the disk is on Port 1 instead of the more usual Port 0 of the Advanced Host Controller Interface (AHCI).
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 1005393 (Build 7.1.1.470), which is no longer available.
1036688 KB84494 Alienware 17 7.1.1 7.1.3 Issue: System does not boot when this model is encrypted by DE. System becomes unresponsive at preboot.

Resolution: Required the default IRQ handlers to be disabled at PBA to support systems that use aligned memory. Fix included in the DE Compatibility XML Version 11.
962183 - XPS 13 7.1.0 7.1.3 Issue: When in legacy BIOS mode the internal mouse does not work after a warm restart.
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 977150 (Build: 7.1.1.461), which is no longer available.
1006343 KB84552 Venue 11 7.1.0 7.1.3 Issue: When trying to authenticate at preboot on this model, multiple characters are displayed in the authentication field. This display occurs when you press a single key via the On Screen Keyboard (OSK) when multiple USB devices are attached.
923842 - Latitude 10 7.1.0 - Issue: System becomes unresponsive for about 10 minutes during preboot authentication when using a USB token (for example an etoken Pro 72k).
904073 - Latitude E6510 7.1.0 - Issue: After entering your credentials when booting from a DETech Standalone media, you see the error: Please insert your smart card.
926898 - Latitude E6410 7.1.0 - Issue: On Windows 8 X64 UEFI systems, users see this message during preboot: Please insert your smartcard.
824264
801574
- Latitude ST Tablet 7.1.0 - Issue: System becomes unresponsive during the Windows loading screen, after selecting the option: Always enable pre-boot USB Support.
924904
920465
- Latitude XT3 7.1.0 - Issue: The following error is shown after booting the system from a DETech USB media, successfully authenticating, selecting File authentication, and providing the correct recovery file for the platform: Failed to retrieve key check from the primary disk.

Workaround:
The problem can be avoided by creating a bootable DETech CD.
920537 - Optiplex 990, 755 7.1.0 - Issue: A compatibility issue exists with the listed models Master Boot Record (MBR) BIOS. This issue causes the systems to fail to boot using a standalone DETech USB recovery media.
802785
824266
- Optiplex 990 7.1.0 - Issue: System can fail to boot to the PBA screen if set in ATA mode.

Workaround: Use AHCI mode; in some BIOS editions, the code path for ATA/AHCI travels through different code segments and exhibits different outcomes.
904075 - Latitude E6420 7.1.0 - Issue: After entering your credentials when booting from a DETech Standalone media, you see the error: Please insert your smart card.
811780 - Latitude E6420, E6520 7.1.0 - Issue: When you perform the Remove DE action, using DETech (Standalone) booted from USB device might show the following error while the system is decrypting or while deactivation is in progress: [EE020001 Error Reading Disk Sector.
Fujitsu Hardware
1266253
1263433
- Fujitsu Celsius H780 laptop - 7.2.9 Issue: Internal keyboard doesn't work in preboot on Fujitsu Celsius H780 laptop when in UEFI mode.
1220944 - Lifebook 757 7.2.1 7.2.7 Issue: A black screen is displayed until a USB device is inserted.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1235158 - Lifebook E756 7.2.5 7.2.7 Issue: Internal smart card readers not working on this model.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1034556 - A547H
A547K
7.1.0 7.2.0 Issue: Internal mouse moves erratically in preboot if a USB mouse is also attached.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
963601 - Biblo Loox U/G90 7.1.0 7.1.3 Issue: System becomes unresponsive during preboot authentication.

Resolution. Default IRQ handlers are now disabled at PBA. Fix included in the DE Compatibility XML Version 11.
990018 - Stylistic Q584 7.1.0 7.1.3 After a successful authentication at preboot, the system becomes unresponsive when booting into Windows.
Getac
1168353 - T800 7.1.0 7.1.3 Hotfix
1208296
Issue: On-Screen Keyboard display is too small.
Hewlett Packard Hardware
1243007 - 840 G3 7.2.5 7.2.8 Issue: A few systems do not display the authentication window that should be displayed during preboot.
- KB79998 HP Notebooks 7.1.0 HP Issue: Some HP Notebook PC systems with the hard drive access configured in SATA mode exhibit errors.

Resolution: This issue is resolved by obtaining BIOS version F.10 or later through your HP support service. See the article for details to identify the HP models incurring this issue and where to download the BIOS update.
960320 - Compaq Elite
8300 SFF
7.1.0 7.1.3 Issue: Preboot screen is not displayed when Out of Band (OOB) policy is enabled.

Resolution: Required the default IRQ handlers to be disabled at PBA to support systems that use aligned memory. Fix included in the DE Compatibility XML Version 11.
1018977
1020153
- EliteBook 725 EliteBook 745 G2 7.1.1 7.1.3 Issue: The HP systems have been added to the list of computers that require default settings.

Resolution: Fix included in the DE Compatibility XML Version 11.
1005672 - ProBook 640 G1 7.1.0 7.1.3 Issue: System does not boot when this model is encrypted by DE. System becomes unresponsive at preboot.

Resolution: Required the default IRQ handlers to be disabled at PBA to support systems that use aligned memory. Fix included in the DE Compatibility XML Version 11.
1032420 KB84492 Pavilion DV7 7.1.0 7.1.3 Issue: System fails to boot when this model is encrypted by DE. System becomes unresponsive at preboot.

Resolution: Required the default IRQ handlers to be disabled at PBA to support systems that use aligned memory.
1037900 - EliteDesk 800 G1 7.1.0 7.1.3 Issue: With this model, if the Out of Band policy is enabled, the system does not display the preboot authentication dialog.

Resolution: Added to the hardware compatibility list. This setting sends the serial interrupt request to the BIOS; when that happens the system no longer becomes unresponsive and presents the preboot authentication dialog. Fix included in the DE Compatibility XML Version 11.
1018122 - Elite Pad 1000 G2 7.1.0 7.1.3 Issue: The state of NumLock LED is not represented / initialized correctly.
1018977 - EliteBook 725 G2 7.1.0 7.1.3 Issue: System does not boot when this model is encrypted by DE. System becomes unresponsive at preboot.

Resolution: Required the default IRQ handlers to be disabled at PBA to support systems that use aligned memory. Fix included in the DE Compatibility XML Version 11.
783882 - Compaq 8200 7.1.0 - Issue: Can fail at preboot with the error: Failed to load cryptography module.

Workaround: Configure the system to run in AHCI mode.
825789 - EliteBook 6460W,
8560P, 8740W
7.1.0 - Issue: The on-screen keyboard can cause some models to become unresponsive at PBA.
807163 - ProBook 6550b 7.1.0 - Issue: DETech (Standalone) Remove Drive Encryption becomes unresponsive during decryption on HP6550b under BIOS boot.

Workaround: Use DETech (WinPE) option to Remove DE on this system.
919218 - Revolve 810 Tablet 7.1.0 - Issue: After entering your preboot credentials, you will see the error: Please insert your smart card.
797864 - Slate 2 Tablet 7.1.0 - Issue: Enabling the option Enable pre-boot USB support causes USB devices to fail on this tablet model.

Workaround: On this platform, disable the Enable pre-boot USB support option to allow USB devices to function normally.
924904
920465
- Spectre UltraBook 7.1.0 - Issue: The following error is shown after booting the system from a DETech USB media, successfully authenticating, selecting File authentication, and providing the correct recovery file for the platform: Failed to retrieve key check from the primary disk.

Workaround: The problem can be avoided by creating a bootable DETech CD.
924030 - Spectre UltraBook 7.1.0 - Issue: (Win 8 UEFI platforms only) After creating a standalone DETech USB recovery media, the following error is shown when trying to remove DE 7.1: Error EE020001: Error reading disk Sector.
920537 - Z220 Workstation 7.1.0 - Issue: A compatibility issue with the listed models Master Boot Record (MBR) BIOS causes the systems to fail to boot using a standalone DETech USB recovery media.
Lenovo Hardware
1250930 KB91343 USB-C dock 7.2.5 7.2.9 Issue: Keyboard and mouse don't function when connected to Lenovo USB-C dock on DE activated systems.
1268921 - P52 7.2.8 7.2.9 Issue: Keyboard language does not change when language other than English-US is selected.
1214579 - P50 7.2.1 7.2.3 Issue: System crash or blue screen, with references to MfeEpePc.sys.
893472 KB78632 Helix Tablet 7.1.0 - Issue: System becomes unresponsive on a Lenovo Helix Tablet at preboot after enabling USB 3.0 Mode (Emulation) in the UEFI Firmware.

Resolution: Install the Lenovo Firmware and BIOS update. See the related article for details.
768448 - ThinkPad T520 7.1.0 - Issue: BIOS does not support DETech (Standalone) booted from a USB drive. Contact Lenovo for assistance.
988843 - Yoga 7.1.1 7.1.3 Issue: When returning from sleep mode on systems fitted with an Opal drive, the system becomes unresponsive.
978555
988823
- ThinkPad x240 7.1.0 7.1.3 This model becomes unresponsive when fitted with an Intel SSD Pro 1500 Series Opal Drive, when booting from a DEOpalTech recovery media and authenticating from a file.
1041508 - Think Centre 93P
Lenovo Think Centre M82
7.1.0 7.1.3 Issue: With this model, if the Out of Band policy is enabled, the system does not display the preboot authentication dialog.

Resolution: Added to the hardware compatibility list. This setting sends the serial interrupt request to the BIOS. When that happens, the system no longer becomes unresponsive, and presents the preboot authentication dialog. Fix included in the DE Compatibility XML Version 11.
1030200 - Helix ThinkPad 10 7.1.1 7.1.3 Issue: No input displayed at the preboot authentication screen when an external (USB) keyboard is attached to this model.

Resolution: Fix included in the DE Compatibility XML Version 8.
952778 - ThinkPad Helix 7.1.0 - Issue: Input provided via an attached keyboard during preboot is not processed. You can't authenticate in preboot using the attached keyboard.

Workaround: Use the On Screen Keyboard (OSK).
824261 - ThinkPad T420 7.1.0 - Issue: Emergency boot might fail when using an Opal 2 drive.
921944 - ThinkPad W530 7.1.0 - Issue: When in UEFI mode with certain models of Opal drive, the firmware incorrectly shows the ATA Security drive lock screen preventing preboot authentication from occurring.
807183 - ThinkStation E30 7.1.0 - Issue: DETech (Standalone) becomes unresponsive after finishing the Remove DE action on this system when under UEFI boot. On restart, DE 7.1 has been successfully removed.
Microsoft Hardware
1067219 - Surface Pro 3 7.1.0 7.2.0 Issue: eToken fails to be recognized at preboot.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1047480 - Surface Pro 3 7.1.0 7.2.0 Issue: The policy “TPM Autoboot” is not applied correctly on a Microsoft Surface Pro 3 because of Algorithm requirements.
1051179 - Surface Pro 3 7.1.1 7.1.3 Issue: On-Screen Keyboard (OSK) input is not accepted by touch input.
Panasonic
1213737 - Let's Note 7.2.1 7.2.3 Issue: Keyboard layout changed to English.
Samsung Hardware
1221188 - Samsung systems
with NVMe controller
7.2.3 - Issue: Random system crash (blue screen) occurring during activation, making the drive unbootable. The issue was seen on Samsung systems fitted with a Non-Volatile Memory Express (NVMe) host controller interface.
824296 - Slate Tablet 7.1.0 - Issue: Pen digitizer for finger sensing touch support is not working when using smart card policy.
810778 - Slate Tablet 7.1.0 - Issue: File-based authentication might fail at DETech (Standalone) on this tablet model when using a USB device.
Sony Hardware
990465 - Vaio Pro 13 7.1.0 7.1.3 Issue: When resuming from sleep mode, system crash or blue screen occurs.
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 1005393 (Build 7.1.1.470), which is no longer available.
Toshiba
1235158   Portage Z30-C
Tecra 250-C
7.2.5 7.2.7 Issue: Internal smart card readers not working on these Toshiba models.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1221189 - Toshiba systems
With NVMe controller
7.2.3 n/a Issue: Unable to remove DE using a DETech (WinPE) Opal bootable media on Toshiba system fitted with a NVMe host controller interface. The following error is displayed during the removal "Error EE020001 Error reading disk sector".
NOTE: Removal of DE using the WinPE recovery media, is not supported on this Toshiba Drive.

Resolution: Use a DETECH Standalone image to perform DE recovery/removable operations. These images are not based on any Windows components.

Back to top

Reference
Number
Related Article Found
Version
Resolved
Version
Issue Description
Token - expected behavior
692466 - 7.1.0 - Issue: PKI token certificate rules are not verified against the certificate rule on the token user-based policy.
Resolution: This issue has been resolved for all PIV and CAC tokens and for Gemalto .Net V2 and Gemalto IDPrime .Net 510 tokens. This functionality is not be ported for other tokens.
Token - general issues
1268379 - 7.2.6 7.2.9 Issue: SafeNet Java 72k token fails to obtain detected on preboot with HP EliteBook X360 1030 G3.
1249152 - 7.2.6 7.2.7 Issue: YubiKey is not working when token type is set to “PIV PKI smart card”.
NOTE: Previously resolved by DE 7.2.6 Hotfix 1247725.
1063428 KB85496 7.1.1 7.2.0 Issue: The following error is reported during preboot authentication:

"Error EE0F000C - Token failure with Omnikey 3121 from HID"

Resolution: Support for HID Omnikey 3121 smart card reader is provided with DE 7.1 Update 3 HF1131996 and 7.2.0.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1085224 - 7.1.0 7.2.0 Issue: HASP Token is incorrectly recognized as an E-Token preventing logon at preboot.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1105830 - 7.1.0 7.2.0 Issue: Windows credentials are not captured, preventing SSO with a smart card user Tokens Reference Issue description.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1066560 - 7.1.0 7.2.0 Issue: User token data is reset when importing via User Migration Task.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1013137 - 7.1.1 7.1.3 Issue: When a certificate changes, the password token is changed to a default password token.
984650 - 7.1.1 7.1.3 Issue: When using SafeSign JCOP41 PKI tokens, the message EE0800009 Smart Card not present appears.
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 1025171 (Build 7.1.1.485), which is no longer available. The token is correctly recognized.
996335 KB84209 7.1.0 7.1.3 Issue: After an upgrade to DE 7.1.x, if a certificate change occurred, password token users are unexpectedly reinitialized.
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 1025171 (Build 7.1.1.485), which is no longer available.
928837 - 7.1.0 - Issue: Trying to authenticate using a token or file on a system that is decrypting with DETech gives the error: System not activated.
904095 - 7.1.0 - Issue: [Lenovo X60]: Card token authentication fails on DETech Standalone.
768499 - 7.1.0 - Issue: [Lenovo T520, Lenovo X220] (With UPEK fingerprint readers installed). After you initialize the UPEK token, the Token Initialization Event (Event ID 3003) is not recorded for the UPEK token user in ePO.
774473 - 7.1.0 - Issue: [Lenovo T520, Lenovo X220] (With UPEK fingerprint readers installed).

You are not able to retrain the user's fingerprints in Windows using the Fingerprint Reader Registration screen when you take the following actions:
  1. Remove a user's fingerprints from the reader on the client system.
  2. Delete the user and user-based policy from the client system on ePO.
  3. Later add the user and policy back and reinitialize the user on the client
650103 - 7.1.0 - Issue: [Generic] Self-recovery or any other recovery that involves resetting of the PIN is not supported.
662247 - 7.1.0 - Issue: [Generic] Single Sign On captured on Windows XP (Gina logon) can't be automatically pushed to a Windows Vista or Windows 7 system (Credential Provider).
665526 - 7.1.0 - Issue: [Generic] Single Sign On data for a token user is not updated after the PIN has been changed.
661590 - 7.1.0 - Issue: [Generic] PIN Content rules might differ on Policy Settings and on Card Token settings. So, the most secure Password or PIN length policy combination might not be enforced.

Reference
Number
Related
Article
Found
Version
Resolved
Version
Issue Description
Reader - product ideas
To submit a Product Idea, see the Related Information section of this article.
709016 - 7.1.0 - Issue: [Dell E6510] - The PCMCIA card reader does not work at preboot authentication (PBA).

Resolution: Resolving this issue requires a major rewrite of the preboot code. There are currently no plans to perform this work.
Reader - general issues
MDE-4593 - 7.2.9 7.2.9
Hotfix 2
(RTS)
Issue: A USB transfer occurs with the Alcor reader on HP ProBook 650-G2 and other HP models.

NOTE: Previously resolved by DE 7.2.9 HF1
1224553   7.2.1 7.2.9
(UEFI)

7.2.8
(MBR)
Issue: USB transfer errors are seen with smart card readers that do not perform automatic protocol negotiations and reject the communication parameters specified by the smart card ATR (Answer to Reset) settings.

Resolution: A change has been applied to work around the smart card reader limitation.

IMPORTANT: This approach cannot be applied to smart card readers that perform their own automatic protocol negotiations. For such smart card readers, contact the manufacturer.

NOTES:
  • DE 7.2.9 delivers the change for UEFI systems.
  • DE 7.2.8 delivers this change for legacy BIOS (MBR) systems.
1265394 - 7.2.8 7.2.9 Issue: "0xee0b001 CCID protocol error" during preboot authentication (PBA), with Oberthur ID-One PIV cards, after upgrading DE from 7.2.6 to 7.2.8.
1124258 - 7.1.0 7.2.0 Issue: Support for internal Broadcom smart card readers installed on Dell platforms.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1011666 - 7.1.0 7.1.3 Issue: On Windows 8.1, if a smart card reader is attached and McAfee Device Encryption Single Sign On is enabled, the logon window defaults to smart card instead of password.
NOTE: Previously resolved by DE 7.1 Update 1 Hotfix 1044054 (Build: 7.1.1.1044054), which is no longer available.
968748 - 7.1.0 7.1.3 Issue: When using the Safesign generic implementation, if using a smart card reader that allows PIN changes, the PIN cannot be changed in preboot. PIN changes in Windows remain unaffected.

Workaround: Change the PIN in Windows.
969812 - 7.1.0 7.1.3 Issue: [HP EliteBook 8460P] The internal smart card reader on this model fails to read a smart card in preboot.
809285 - 7.1.0 - Issue: [Acer Iconia Tab w500] Unable to log on to DETech (Standalone) with EToken Smart Card or Starcos Smart Card.
919250 - 7.1.0 - Issue: [Dell E4200] After giving credentials at preboot using a smart card, the following error message is displayed: Please insert your smart card.
919238 - 7.1.0 - Issue: [Dell Latitude 10/SAM Series 5 Ultra]: After authenticating at preboot with a smart card, users see the error: Please insert your smart card.
904097 - 7.1.0 - Issue: [Dell D620] Smart card is not being recognized during preboot.
904100 - 7.1.0 - Issue: [Del 6430u] A soft reboot does not allow the Smart Card to be seen at preboot, whereas a hard reboot does.
705882 - 7.1.0 - Issue: [Dell Precision M4500] The PCMCIA card reader does not work at preboot authentication (PBA).
720395 - 7.1.0 - Issue: [Dell Optiplex FX160] After you provide credentials at PBA and attempt to log on with USB Token or CardToken user, you receive the error: Please insert your smart card.
873039 - 7.1.0 - Issue: [HP4540s] smart card not detected on HP ProBook 4540s in UEFI mode. Error Please insert your smart card appears at preboot.
905258 - 7.1.0 - Issue: [Lenovo W520] Internal card reader fails to work during preboot authentication when in UEFI Mode.
838544 838221
837946
837596
- 7.1.0 - Issue: [Validity Finger Print Sensor - VFS471] Varied errors can appear if a fingerprint has already been enrolled for a user and an attempt is made to re-register the fingerprint against this user.
Critical known issues - general
Reference
Number
Related
Article
Found
Version
Resolved
Version
Resolved Issue Description
1251020 - 7.2.6 7.2.7 Issue: Single Sign On (SSO) on Windows 10 (version 1803) can't bypass the authentication (Ctrl+Alt+Del) screen.
- KB86009 7.1.3 7.2.0 Issue: Device Guard support on Windows 10.
NOTE: Previously resolved by DE 7.1.0 Update 3 HF1148978.
1087741 KB85514 7.1.0 7.2.0 Issue: Drive Encryption Go (DEGO) 7.1.3 fails to install on Windows 10.
NOTE: Previously resolved by DE 7.1 Update 3 HF1131996.
1113478 KB87070 7.1.0 7.2.0 Issue: DEGO fails to install correctly on Windows 10 Professional.
Non-critical known issues - general
Reference Number Related
Article
Found
Version
Resolved
Version
Issue Description
1209546 KB89857 7.2.2 - Issue: Single Sign-On fails on Windows 10 Fall Creators Update, for users in a Workgroup

Resolution: See the related article for details.
1214124 - 7.2.1 7.2.2 Issue: Upgrade from Windows 10 version 1703 fails, when Drive Encryption is in FIPS mode.


Upgrading the Windows operating system to Windows 10
There is a process to refresh the Windows operating system without having to decrypt the hard drive and uninstall DE. The three upgrade articles listed below provide instructions for the Windows 10 releases. See the appropriate required article for detailed instructions. The table below helps you use the correct article, based on the Windows 10 variant that you are upgrading to and the version of DE that is installed.
Microsoft Windows 10 Release Upgrade Method
  DE
7.1 Update 3
(7.1.3)
DE
7.1.3
HF1148978

HF1208296
DE
7.2.0
DE
7.2.1 and later
Windows 10 (version 1507) OS Refresh 1 OS Refresh 1 OS Refresh 1 OS Refresh 1
Windows 10 (version 1511)
November Update
OS Refresh 1 OS Refresh 1 OS Refresh 1 OS Refresh 1
Windows 10 (version 1607)
Anniversary Update
OS Refresh 1 Reflect Drivers 2 Reflect Drivers 2 SetupConfig 3
Windows 10 (version 1703)
Creators Update
OS Refresh 1 Reflect Drivers 2 Reflect Drivers 2 SetupConfig 3
Windows 10 (version 1709)
Fall Creators Update
OS Refresh 1 Reflect Drivers 2 Reflect Drivers 2 SetupConfig 3
1 See KB84962[operating system (OS) Refresh method] The operating system Refresh method is a script method. It is a more manual method developed to handle the first upgrade to Windows 10 (version 1511). Easier methods were developed later together with Microsoft. See below for details.
NOTE: Scripts are required for this upgrade method and are attached to the KB article.
2 See KB87909. – [Reflect Drivers method] An improved method to upgrade the operating system to Windows 10 Anniversary Update (Build 1607) with DE 7.1 Update 3 or later.
NOTES:
  • Scripts are required for this upgrade method and are attached to the KB article.
  • Microsoft provided a new command-line switch, /ReflectDrivers, which is available only in Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image, during the setup and installation phase, via configuration file (*.inf).
3 See KB89000. – [SetupConfig method] A superior method that was developed with Microsoft.
NOTES:
  • OSUpgrade packages are included with the DE download package with DE 7.2.1 and later
  • Microsoft provided a new command-line switch, /ConfigFileswitch which is available only in Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image, during the setup and installation phase, via configuration file (*.inf).

NOTE: For information about Windows 10 compatibility with McAfee products, see KB85784.

Back to top

Previous Document ID

KB83540 KB79753 KB81902

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.