sign in sign up
<<
Home , Caddie (CAD system), Windows Installer, Windows Media Center

Release Notes

Release Notes

October 19, 2009

Pointsec PC 6.3.1 HFA5 © Copyright Check Point Software Technologies, 1997-2009. This document contains product information about Pointsec PC for , XP, and Microsoft Vista.

Contents

About This Document ...... 2

Summary of Changes ...... 2

New in This HotFix Accumulator Release (6.3.1 HFA 5) ...... 2

System Requirements ...... 2

Tablet PCs That Support Touch-Pen Logon in Preboot ...... 4

IMPORTANT – Windows Integrated Logon (WIL) ...... 4

Upgrading ...... 4

Possible Security Risk When Using SSO with a Remote Desktop Application ...... 5

Fragmented Disks ...... 5

Modifying the Pointsec for PC.msi Package Not Supported ...... 5

About File Systems/Volumes/OS Upgrades...... 5

Software Incompatibilities ...... 6

Pointsec PC and VMware ...... 6

Pointsec PC and BitLocker Drive Encryption ...... 6

Known Limitations ...... 7

Fixed in This Release ...... 9

Known Issues in This Release...... 12

FYI ...... 36

Late-breaking Documentation ...... 36

1 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes About This Document This document contains information about Pointsec PC version 6.3.1 HFA5, such as what problems have been fixed since the previous release, and the system requirements. This document applies to both the EW version and the MI version of the product. In this document, the abbreviation N/A is used. N/A means Not Applicable.

Summary of Changes This version of the Release Notes (October 19, 2009) contains the following changes (compared to the previous version, November 19, 2008): • The text of CR00454539, under Known General Issues in This Release on page 12 has been updated. • The date is used to indicate the document version: to conform to Check Point standards, the date on the cover page or first page of any Pointsec PC documentation now indicates the document version. Letters are no longer used for this purpose.

New in This HotFix Accumulator Release (6.3.1 HFA 5) This HotFix Accumulator release, Pointsec PC 6.3.1 HFA5, contains: • The corrections to the product that are described under “Fixed in This Release” on page 9.

System Requirements The following sections describe , memory, and disk space requirements and limitations. It also describes other system software that is required.

Operating Systems Pointsec PC is supported when installed on an x86-compatible computer with: • Microsoft Windows Vista (32-bit only): Ultimate, Business, or Enterprise. • Microsoft Windows Vista (32-bit only) SP1: Ultimate, Business, or Enterprise • Microsoft Windows Vista (32-bit only) SP2: Ultimate, Business, or Enterprise • Microsoft Windows XP Tablet PC Edition. • Microsoft Windows 2003 (all variants and SPs) on /PCs only; that is, not on servers. • Microsoft Windows 2000 Professional SP4 UR1. • Microsoft Windows XP Professional (SP1, SP2, and SP3. SP3 is recommended).

2 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes Pointsec PC is NOT supported when installed on a computer with: • Microsoft Windows XP Home (all variants and SPs). • Microsoft Center Edition (all variants and SPs). Pointsec PC is NOT supported on Apple Macintosh computers.

Other Systems Required Microsoft . Framework 2.0 or later is required to be able to use the Pointsec PC Management Console (PCMC). If, however, the PCMC will not be used on a machine, it is not required to install .NET on that machine.

Operating System Requirements/Limitations Stripe/Volume Sets On Windows 2000/ Windows XP, Pointsec PC should not be installed on partitions that are part of stripe or volume sets. Compressed Root Pointsec PC cannot be installed if the root-directory (or root directories) is/are compressed. The root directory must be decompressed before Pointsec PC is installed. However, subdirectories of the root directory may be compressed. Windows User Account requirements for Installation and Uninstallation In order to install or uninstall Pointsec PC, the user account executing the action (either directly, through "Run As…", or as a service) must be authorized to perform installations, this usually means having Administrator permissions. Windows User Account Registry Permission Requirements In order to install, upgrade, change language and import profiles on a Windows 2000 PC, a user account needs the following registry permissions: Query value, Set value, Create subkey, Enumerate subkey, Notify, Create link, and Read control. In order to remove on a Windows 2000 PC, a user account needs the above registry permissions plus Delete.

Requirements for Dynamic Tokens Pointsec PC supports any dynamic token that supports the ANSI X.9.9 security standard if the DES algorithm is used together with these tokens.

Memory and Disk Space Requirements The current memory and disk space requirements are: Operating System Memory Disk Space Windows Vista 512 MB 100 MB, of which 2 MB must be contiguous, free RAM space. Windows XP 128 MB 100 MB, of which 2 MB must be contiguous, free RAM space. Windows 2000 64 MB 100 MB, of which 2 MB must be contiguous, free RAM space. Windows 2003 128 MB 100 MB, of which 2 MB must be contiguous, free Server RAM space.

3 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes Operating System Memory Disk Space Note: Not server hardware Windows XP 128 MB 100 MB, of which 2 MB must be contiguous, free Tablet Edition RAM space. Note: The disk encryption process does not require extra space on the hard disk.

Tablet PCs That Support Touch-Pen Logon in Preboot Pointsec PC 6.2 and all later versions support preboot authentication with touch pens on the following tablet PCs: • HP TC1100 • HP TC4200 • IBM X41 • Toshiba Portégé M200 • Toshiba Portégé M400 • Motion Computing LS800 • Motion Computing LS1600 • Motion Computing LS1700 • Motion Computing C5 • AMTek Smart Caddie SCA002

IMPORTANT – Windows Integrated Logon (WIL) When implementing Windows Integrated Logon (WIL), weigh the total cost of ownership (TCO) impact of implementing Pre-Boot Authentication against the need for strong security when accessing the encrypted data rest. WIL simplifies the user’s experience when logging on to encrypted machines at the cost of limiting the strength of the PC’s security configuration. Consider using Single Sign-On (SSO) in conjunction with proper Pre-Boot Authentication as an alternative to WIL. Carefully weigh the usage of WIL versus using user-authentication-based Pre-Boot Authentication according to the requirements of implemented enterprise security standards and goals.

Upgrading You can upgrade to Pointsec PC 6.3.1 from the following Pointsec for PC 4.x and 5x versions: • Pointsec for PC 4.1 sr 2.14 or later • Pointsec for PC 4.2 sr 1.4 or later • Pointsec for PC 4.3 • Pointsec for PC 5 x.x For information about upgrading from these versions, see the Administrator’s Guide.

4 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes For information about upgrading from Pointsec for PC 6.x.x to 6.3.1, see the chapter in the Administrator’s Guide devoted to this topic.

Possible Security Risk When Using SSO with a Remote Desktop Application Consider the possible security risk when using SSO with a remote desktop application. Normally this is not a problem because only Administrators have permission to connect to a remote computer via the remote desktop application.

Fragmented Disks 2 MBS of contiguous disk space is required for Pointsec PC installation. If this amount of continuous space is not available, the installation will fail. In general, it is considered good practice to avoid fragmented disks to enhance overall performance. It is also considered good practice to defragment disks prior to installing Pointsec PC.

Modifying the Pointsec for PC.msi Package Not Supported Do not modify the Pointsec for PC.msi in any way. For instance, do not attempt to modify the Pointsec for PC.msi package by using transforms. Modification of the Pointsec for PC.msi package invalidates the supportability of the product.

About File Systems/Volumes/OS Upgrades Resizing Partitions and Using Disk Management Features/Utilities Never use software that alters the ’s disk partitions when Pointsec PC is installed on the workstation. If you need to resize a partition, remove Pointsec PC completely first and then resize the partition. Overlapping Partitions When moving disks between computers where the computers have different head counts (e.g. H=64 --> H=16) may produce overlapping partitions. The operating system does not notice this. Pointsec PC will not encryption if overlapping partitions are found. This problem can sometimes occur on machines with multiple volumes. System on Volume without Drive Letter If the system partition is not accessible using a drive letter when Pointsec PC is installed, necessary changes cannot be made; and the installation cannot be completed.

Disk Utilities Do not use disk utilities to change file systems or resize any volumes on the hard disk if Pointsec PC is installed on the computer; in most scenarios, doing so leads to an unusable system and loss of system data.

5 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes OS Upgrades Do not upgrade from one operating system version to another while Pointsec PC is installed, for example upgrading from Windows 2000 to Windows XP. This may lead to an unusable system. However, you can install hotfix upgrades.

Software Incompatibilities

Remote Malfunctions on Slaved Hard Disk Drives Remote Help’s remote password change and one- logon do not function on slaved hard disk drives.

Anti-virus Software Pointsec PC is not fully compatible with some anti-virus software. The encryption process performed by Pointsec PC is performed in the background and does not affect computer performance noticeably. However, if anti-virus software runs a disk scan while Pointsec PC is encrypting the disk, performance will be impaired. BIOS anti-virus feature functionality should be disabled. If active, it will cause the system to hang when reloading from suspend mode.

Pointsec PC and VMware Pointsec PC does not support VMware in a production environment. VMware is supported only for testing and demonstrations. In addition, note that the use of smart cards and smart card readers together with Pointsec PC is severely restricted in VMware sessions.

Pointsec PC and Windows Vista BitLocker Drive Encryption Windows Vista BitLocker Drive Encryption cannot be used together with Pointsec PC.

6 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes

Known Limitations This section documents known limitations to Pointsec PC.

Unformatted Partitions Will Trigger the Cancellation of the Installation If computer on which Pointsec PC is being installed has an unformatted partition, the installation will be cancelled.

Multiple Drivers Can Hinder Upgrade Having multiple drivers allocated can cause upgrade to fail. Workaround: Reduce the number of drivers to one set of a card and a reader driver before upgrading. More drivers can be allocated after the upgrade is complete.

Smart Card Feature in the Pointsec Preboot Environment Systems that do not allow the disabling of USB Legacy support in the BIOS may be incompatible with the smart card feature in the Pointsec PC preboot environment.

Windows Vista’s ReadyBoost™ and ReadyDrive™ Are Not Supported Pointsec PC does not support the use of Windows Vista’s ReadyBoost™ and ReadyDrive™ technologies. Support for these technologies will be added to a future Pointsec PC release.

FIPS Compliant Dynamic Tokens Are Not Supported Pointsec PC does not support dynamic tokens that are formatted to be FIPS compliant.

Token Insertion/Removal Handling Feature The Pointsec PC Token Insertion/Removal Handling feature is unreliable except when using Aladdin eTokens.

Deployment Software When Pointsec PC is installed on a client using deployment software such as SMS or Tivoli, the software must be run as LOCAL_SYSTEM and have “Interact with desktop” activated. If the software is run as a normal user account, the installation will fail.

Alternative Boot Menu The options displayed in the alternative boot menu depend on what the BIOS of the machine supports and the hardware that is currently installed. Therefore, the fact that an option is listed in the menu does not mean it is supported by Pointsec PC.

SATA USB//DVD devices not supported in Alternative Boot Menu SATA USB/CD/DVD devices are not supported in the Alternative Boot Menu.

Dual Pointsec PC does not support dual boot environments.

7 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes Japanese Language Pack Does Not Contain All Japanese Characters The Pointsec PC Japanese language pack does not contain all Japanese characters. This means, for example, that if the computer name contains Japanese characters that are not contained in the Japanese language pack, these characters will be displayed as black boxes.

Multiple Hard Disks Pointsec PC 6.3.1 supports up to six hard disks, which together can have a maximum total of 12 volumes protected by Pointsec PC.

Recovery and Hibernation Do not attempt to perform recovery on a hibernated machine.

Hidden Volumes Pointsec PC cannot be installed on hidden volumes.

Mounted Volumes/Dynamic Disks Mounted volumes/dynamic disks are not supported.

USB and CD-ROM Limitations Devices with boot media should be removed while Pointsec Preboot Environment is loading. USB devices, bootable CD-ROMs, and bootable DVD-ROMS are not supported in the system during the Pointsec Preboot Environment and during preboot authentication.

Documentation Cosmetic errors exist in the documentation: some screen images can be “back-level” and/or do not match the text. Note that the text is correct; it is the screen captures that are back level.

8 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes

Fixed in This Release The following items have been corrected in Pointsec PC 6.3.1 HFA5: ID About Details 454660 Stop error when a A bluescreen would sometimes occur during the first second hard disk is startup after Pointsec PC installation when a second attached via a encrypted hard disk was attached via a MultiBay unit. MultiBay. 454604 Token removal Certain aspects of token removal handling have been handling. enhanced in Pointsec PC HFA5. 454457 The The text of the Administrator’s Guide has been Administrator’s updated to the following: Guide incorrectly Select the of authentication used by the account you stated that smart are using to provide Remote Help: cards can be used to authenticate to For a fixed password, select: Password; for a dynamic Remote Help. token, select: Dynamic Token. Helper authentication using smart cards/USB tokens is not supported. 454362 Update profiles not Update profiles would not be deployed if they deployed if they contained a Japanese character in the screen saver contained a text. The profile would disappear from the work Japanese character folder, and no error was logged in . in the screen saver text. 454322 The The text in the Administrator’s Guide has been Administrator’s updated, to say: Guide incorrectly ... stated that "Clients accept only Use the serial number of the local installation upgrade packages Select this checkbox when you upgrade from 4.x/5.x that have been and the same serial number is used on the local created with their machine and on the clients. See Serial number current serial currently used by clients, below. number". .... Serial number currently used by clients Enter the 4.x/5.x serial number used by the clients in this text box if the serial number used on the local machine is not identical to the serial number used by the clients. ... 4) Select the Use the serial number of the local installation checkbox if you are upgrading from 4.x or 5.x and the serial numbers used on the local machine and on the clients are identical. If the serial number used on the local machine is not identical to the serial 9 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details number used by the clients, ensure that the Use the serial number of the local installation checkbox is not selected, and then enter the serial number used by the clients in the Serial number currently used by clients field. 454316 Encryption did not When multiple recovery paths were specified in the start if the last installation profile with which Pointsec PC was specified recovery installed, and the last recovery in the list was not path is not accessible, encryption would not start even though the accessible. other paths were accessible. A log entry was created, warning that the recovery file creation failed.

454228 Unclear description The text in the Administrator’s Guide has been of the requirement updated to: to reenter the The Update Validation Password Must Be Upgrade Reentered After Upgrade Validation Password after The security of the update validation password has upgrading. been enhanced, and because of this it has a new internal . This requires that you re-enter the update validation password that was used in the version from which you have just upgraded after upgrading to Pointsec PC 6.2.0 Hotfix Accumulator 1 (HFA1) or later. When you start the PCMC immediately after upgrading, you will be prompted to set the update validation password. You must specify the update validation password that was used in the version from which you have just upgraded because this is the password that the other machines you want to upgrade use to validate profiles. Otherwise, no profiles will be accepted on those machines. After entering this update validation password in the PCMC, you should immediately publish an update profile that contains this password (in its new format). 454153 Recovery/log path Paths are now displayed correctly. was not displayed correctly when it contained Japanese characters. 454110 When user account If the username of the end user that was attempting to name contained the receive the Remote Help contained the character '@', character '@', neither one-time logon nor password change Remote Help could functioned. After entering the response, the challenge not be invoked. was displayed as 'invalid'. 454108 The The description has been updated in multiple places, Administrator’s for example:

10 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details Guide description Specifies if a hardware hash derived from, among other of the Hardware things, IDs found in the BIOS and on the CPU will be Hash was calculated to ensure that the hard drive has not been incorrect. tampered with.

454082 Encryption did not When reinstalling on one volume when other volumes start during are already encrypted, and thus installation when ‘IgnoreOldInstallation’ is set to ‘Yes’ in precheck.txt IgnoreOldInstallati to enable the reinstallation, encryption did not start. on is set to ‘Yes’ in precheck.txt. 453989 Unable to complete When starting an upgrade from Pointsec for PC an upgrade from 4.x/5.x to Pointsec PC 6.3.1 HFA2 via Remote Pointsec for PC Desktop, the upgrade fails when trying to write the 4.x/5.x to Pointsec recovery file. PC 6.3.1 HFA2 via a Remote Desktop. 453725 EventID 1 error After installing 6.3.1 HFA2, the following error log issued in System was created in the system log/Windows event viewer: log after installing ‘The filter encountered the Pointsec PC 6.3.1 unexpected error '0xC0000034' while processing the HFA2. file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.’ 453111 Hard disk slaving After installing Pointsec PC 6.3.1 HFA1 on two PCs, caused an initial enabling slaving of hard disks, and slaving the second bluescreen: PC’s hard disk to the first PC, a prot_2k. 0x0000007E. 0x0000007E bluescreen occurred when logging on to Windows. If the PC was then rebooted the slaved disk was accessible. 452396 Precheck.txt value The value specified for InitalStartDelay in the InitalStartDelay precheck.txt file did not trigger the expected delay. malfunctioned. 418641 Blue screen When slaving a , if you allowed the occurred when slaving authentication to time out, you would get a slaving a hard disk. blue screen with the error: STOP: 0x05001545.

11 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes

Known Issues in This Release The following sections document known issues. There are three sections: Section On page Known General Issues in This Release 12 Known Hardware-related Issues in This Release 30

Known General Issues in This Release The following items are known general issues in this release: ID About Details 454901 Not possible to use If double-byte characters are used in the path Japanese characters specification during a master installation, the during a master characters will not be displayed correctly. installation. 454539 Too little free space The size of the Pointsec PC recovery media is left on recovery limited to 1.4mb to be able to fit onto a floppy media created on a media. This causes problems when there is a large USB. number of users in the Pointsec PC Database. When creating the recovery media, the following message can be issued: "Unable to write recovery information to recovery medium" This message is most likely issued because the Pointsec PC user database does not fit on the 1.4mb recovery image. Solution/workaround: To resolve this problem, a Pointsec PC recovery- image language file, Recovery.img, has been compressed to contain only the US English language, thus reducing the amount of space taken by languages and thereby freeing space. The Recovery.img, file is located in the folder: US only recovery image in the Tools folder on the installation media. This file can be used if this issue occurs on a system. To resolve the problem: 1) Place the Recovery.img file located in the US only recovery image in the Tools folder, together with the UseRec.exe file located in the Pointsec for PC installation folder. Note! Make sure that you do not overwrite the original Recovery.img file because you will 12 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details need this file to create recovery media with full language support. 2) Double click the UseRec.exe application and browse to the recovery file for the machine you need to decrypt. 3) Create your recovery media. 454423 Multiple certificates If tokens are initialized and more than one on token. certificate per token is added with "Aladdin eToken PKI Client 4.55.22", logon to Pointsec preboot malfunctions. This problem did not exist in the earlier Aladdin middleware the "Aladdin eToken Run Time Environment 3.65.26". 454222 Incorrect The description of Fixed Password (Kotei description of Password) in the Japanese version of the Fixed Password Administrator’s Guide incorrectly states that a (Kotei Password) in Fixed Password can be of length 6-31 characters. the Japanese The correct length is: ‘4-31’ characters. version of the Administrator’s Guide. 453737 MI recovery file is When changing "Uninstall" or "Create recovery not written when media" permissions at the user level, the recovery resetting values. file is updated by the client. But when resetting the value (by right-clicking and choosing "Reset value") in the MIMC, the update is deployed to the client and the client writes a log entry and the changes in permissions are implemented on the client, but the recovery file is not updated.

13 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 452500 Removing a user Deleting a user account via MIMC fails to trigger account via MIMC the writing of a new recovery file. does not trigger the The following scenario will produce the problem: creation of a new recovery file. 1) Pointsec PC is installed, running, and configured. 2) Add a user account which has uninstall and recovery permissions via MIMC. 3) A new recovery file that includes the new user account is written. 5) Remove the user account via MIMC. 6) A new recovery file is not written. Workaround: To trigger the creation of a new recovery file, change the password of an existing user account that has uninstall and recovery permissions. 451763 Token removal Token removal function "Lock workstation" fails malfunctions when when using a SafeNet iKey 2032 USB token. using a SafeNet Lock workstation works when the token is iKey 2032 USB removed, but when it is reinserting nothing token. happened and the smart card error dialog displays: "An internal error occurred". Environment: Middleware: SafeNet AS470MU20 PC: Lenovo T61p Partition set: 9 volumes Algorithm: Blowfish 451753 Possible problems if If you deploy Pointsec PC to non-tablet EW/MI HID drivers are clients, and the deployment contains HID drivers; deployed to non- the clients might not be able to boot into PPBE. tablet PC EW/MI Workaround: disable the HIB drivers in the double- clients. shift menu on the non-tablet PC EW/MI clients that have experienced the problem. 451750 Password If you log on to Windows Vista using an UNC synchronization username for example, fails when a UNC "[email protected]", username is used in Windows Vista. password synchronization will not function. Workaround: Log in as, for example, "maer\pmt- test.pointsec.com" and password synchronization will function correctly.

14 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 451653 2048 bit certificates A 2048 bit certificate will fail on the ActivIdentity fail in PPBE when Activkey Display token. The token supports 2048 using an ActivKey bit certificates, and you can install the certificate on Display token. the token; but when authenticating in preboot the message "Invalid logon - The token or reader

driver entered an unexpected error condition" is displayed. With a 1024 bit certificate, the ActivIdentity Activkey Display token works without problems. 451535 Event ID 1002 was When an update profile is successfully deployed to not logged in the a PC, event ID 1002 'Configuration update by central log. profile' is logged in the local event database. However, it was not logged on the central log. 451435 Pointsec PC-to- The scenario that produces the problem is: Windows password 1. Install Novell Client 4.91 SP3. synchronization and Novell single sign- 2. Install Pointsec PC. on (SSO) do not 3. Enable "Synchronize Preboot Password to work together. Windows" and "Enable SSO" on a user account. 4. Make sure to initially have the same password in Windows, Novell and Pointsec PC. 5. Establish the SSO chain between Pointsec PC and Novell. 6. Change Pointsec PC password in preboot. During logon to Novell/Windows you get the message that Windows password has been synchronized with Pointsec PC. 7. Reboot and logon with new password in preboot. During logon to Novell/Windows a message that SSO is enabled pops up (this is ok) but authentication halts on the Windows credentials (since it has been synchronized). Enter the new Windows password and you will logon but SSO will not re-establish. Reboot and re-enter the new Windows password several times but SSO chain will still be down. Note: The other password synchronization feature "Synchronize Windows to Preboot Password" works with SSO.

15 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 429292 Hibernating a A bluescreen (stop error) occurs when a computer computer during is hibernated during the encryption after installing encryption causes a Pointsec PC on Vista SP1. bluescreen. Workaround: do not initiate hibernation until the encryption is complete. 417558 Exceeding Max Exceeding Max failed logon in Windows failed logon in Integrated Logon triggered Pointsec PC error Windows Integrated 0x5000000 followed by a blue screen. Logon triggered Error 0x5000000. 416560 Possible to record It is possible to record the credentials for an SSO credentials for an user in Windows logon screen via Radmin. The SSO user in credentials are recorded in the SSO chain after Windows logon logging on with an SSO, connecting via Radmin, screen via Radmin. and rebooting. 400016 A memory error If Pointsec EW/MI is installed on a Dell D830 that delays booting of uses a Flash Cache module, a memory error occurs Pointsec PC on the first reboot after installing. If the PC is immediately after turned off after the error message is displayed and installation on a then is started again, the PPBE code is written, and Dell D830 laptop Pointsec PC is installed successfully. with Flash Cache This occurs on Dell D830s with the flash cache active. module enabled in BIOS. 399936 Recovery file not After setting 'Logon Authorized' to 'No' for a user written after account, a new recovery file is written. But if you resetting the value then change this setting by right clicking and of the 'Logon selecting 'Reset value' so that you once again authorized' setting. inherit the value (in this case YES) from the group, a new recovery file is not written. If you however set the value to YES you will get a new recovery file. Resetting the value does not seem to trigger the writing of a new recovery file even though the value has changed from 'No' to 'Yes'.

16 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 399894 Sanity check The sanity check which appears when closing warning is issued PCMC warns that fewer then two user accounts when it should not have permission to perform uninstall in the be issued. following scenario: 1. For the System group, specify the "Uninstall" and "Create recovery media" to: No. 2. On two user accounts in the System group, set "Uninstall" and "Create recovery media" to: Yes. 3. According to the new inheritance rules, the user account settings should override the group settings. 4. Close PCMC, and a Sanity check will be displayed warning that fewer than two user accounts have permission to perform uninstall. 399878 Cannot install Sometimes it is not possible to install Pointsec PC Pointsec PC on 6.3.1 on a Windows 2000 client which previously some Windows had Pointsec PC 6.3.1 installed and subsequently 2000 clients if successfully decrypted and removed. This problem Pointsec PC has only occurs if the client had been upgraded first previously been from version 5.2.3 to 6.3.0 and then to 6.3.1. installed. 399872 Recovery file not If you add new additional recovery paths after written to recovery installation, new recovery files should be written to paths added after the directories addressed by the new paths. Three the installation. new paths were added after installation but recovery files were not written to the paths. Neither logging on to Windows several times nor running crerec.exe manually resolved the problem. The recovery file was written only after changing a value that triggers a recovery file update.

17 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 399820 Exception occurs The scenario that produces the error is: when upgrading Upgrade from Pointsec PC 6.2HF2 to 6.3.1 on a from the Pointsec Dell Inspiron 9400 with Vista installed. PC 6x series if a USB memory stick Insert a USB memory stick (in this case, a SanDisk is inserted on Dell Cruzer). Inspiron 9400. Reboot. An exception occurs (green screen) prior to display of the PPBE. Press a key and the PPBE is displayed and normal operation proceeds. Thus the green screen occurs only once. The problem also occurs when trying to upgrade from 6.1.1 to 6.3.1 on same type of PC but with Windows 2K as the OS. The green screen you only get once. When the USB memory stick is removed and you boot the machine, a black screen is displayed. This can be fixed by rebooting and disabling USB legacy in the BIOS. 399732 Error message in When providing Remote Help from PCMC and Remote Help navigating with the keyboard and Tab key (the session in PCMC. mouse is not used) you got an error message with code 1280. The scenario that produces the error is: 1. Open the PCMC. 2. Go to Remote Help. 3. Enter the End user account name and Helper account name. 4. Select Dynamic token in the Type of helper authentication field. 5. Use the keyboard and tab to generate the response. 6. Press Enter. 7. Error with code 1280 is displayed.

18 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 399654 The Windows If Windows Integrated Logon (WIL) is enabled on Integrated Logon an MI client, and then WIL is temporarily disabled (WIL) setting on the using the tray, WIL is re-enabled by any manual client is overridden update sent from the MI Framework to the client. by any manual Note: If you want to use WIL, ensure that the WIL update from the MI setting in the MIMC is enabled. It is not enough to Framework. enable WIL for an end user using only the WIL switch in the PPBE. 399600 The keyboard and If "Mouse support" is enabled in the PABM on a mouse do not both HP DX2000MT either the USB/PS2 Keyboard or work in PPBE if the USB mouse works, but not both, in PPBE. If "Mouse support" is you disable "Mouse support", the keyboard works. enabled in PABM If "Mouse support" is enabled and BIOS "USB on HP DX2000MT. legacy support" is disabled, both the mouse and the keyboard work in PPBE. 399560 The Wake-on-LAN After a Wake-on-LAN (WOL) logon, the number (WOL) setting "Set of remaining allowed WOL logons is not reported Max Number of to the MI Framework. The next time an update is Logons Allowed" is sent to the MI client, the number of logons allowed not updated in the on the client will be erroneously reset to the MI Framework. original number of allowed WOL logons. 399120 Hibernation start The scenario that produces the error is: fails when using 1) Install Pointsec and encrypt the system volume 3DES. using the 3DES algorithm. 2) Once encryption has finished, hibernate the PC. 3) Start the PC, and log on to PPBE. Note that it says "Starting Windows" instead of "Resuming Windows" as it should. Apparently the PC can be hibernated, but it can not be restored afterwards. Unsaved documents etc. at the time of hibernation are lost. Hibernation using the CAST algorithm on XP SP2 and using the AES algorithm on 2000 UR1 works fine. Environment: OS: 2000 UR1 FS: FAT32/NTFS HDD/: 1/3 (First hidden) Algo: 3DES PC: Dell D830 and Dell D600.

19 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 399058 After upgrading, the The scenario that produces the problem is: CreRec.exe fails 1) Install Pointsec for PC 6.0.0. upon start of the tray application. 2) Upgrade to Pointsec PC 6.2 HFA1. A few seconds after the first start of the Pointsec tray application after the upgrade, CreRec.exe fails with the following message: "CreRec.exe has generated errors and will be closed by Windows...". After a minute or two, the error message disappears. The error can be reproduced by logging off and on again. If CreRec is run manually, the error message isn't displayed any more. 397785 Token removal Tested different settings of the token removal handling does not feature on three different PC's using two different function with all sets of smart cards/readers. Only the token removal tested smart cards setting "Do nothing" worked. It seemed to work and smart card only the first time because only the first attempt readers. was added to the logs. This feature has been tested earlier on Windows 2003 Server and Windows Vista with Alladin eToken middleware, and was reported that it worked. Environment info: PC1: Dell D370 PC2: IBM T60 PC3: Dell D620 OS: Windows XP SP2 on all PC's Middleware 1: RSA authenticator 1.0B25 Middleware 2: AuthentIC 3.6.2 Smart card 1: RSA 5200 Smart card 2: Oberthur Cosmo 64 RSA v5.3

20 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 397774 Clearing System Create a profile (e.g. upgrade) and base it on an (9958) Settings when Upgrade profile and clear the System Settings creating a profile check box when creating it. All System settings are based on another blank in the new profile. profile or on local When using this profile, Pointsec upgrades; but the settings creates an installation crashes when a user tries to use any of installation that the System Settings. fails. Workaround: When making an upgrade profile, make sure to include all settings if it's based on another profile or on the local installation’s settings. Do not clear any of the ‘Base on’ check boxes. 397727 Impossible to create Description: recovery media on Administrators cannot use the UseRec.exe an MI server. application directly on the MI server to create recovery floppy disks, etc. Two problems: 1. In the directory: 1_Pointsec for PC\Tools\Reco_img\6.3.0, ccore32.bin is missing. This makes it impossible to run the UseRec tool directly from, for instance, a Pointsec installation CD. 2. The Visual Studio 2005 runtime files are not installed with the Pointsec PC 6 module. They need to be added as merge modules in the installer in order to run UseRec.exe. This means that the admin has to use a deployed client to create recovery media for other clients.

21 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 395374 Novell SSO needs 3 If the SSO chain between Pointsec and the Novell reboots to re- Client is established and password synchronization establish the SSO is performed, it will take 3 reboots to re-establish chain. SSO. The scenario that produces the problem is: 1. Establish the SSO chain between P4PC and Novell Client. 2. Activate password sync. with Windows. 3. Change password in Novell/Windows. 4. Reboot and SSO chain will be broken. It will take two additional reboots before SSO is established again. Note that performing the same scenario with Windows GINA instead of Novell GINA requires only 2 reboots. Environment info: P4PC version: 6.1.3 build 1108 PC: HP T3350 USB controller: OHCI OS: XP SP2 FS: NTFS MSI: 3.1 .NET: 1.1 & 2.0 Novell Client: 372217 Pointsec PC and A blue screen is displayed when Windows boots Imprivata after installing Pointsec PC, Imprivata, and the compatibility issue. registry has been modified. 9975 Cannot use "&" in An ampersand (&) cannot be used in a profile the profile name name when creating a profile. when creating a Workaround: use only English upper- and profile. lowercase characters and the digits 0-9.

22 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 9958 Clearing System Create a profile (e.g. upgrade) and base it on an (397774) Settings when Upgrade profile and clear the System Settings creating a profile check box when creating it. All System settings are based on another blank in the new profile. profile or on local When using this profile, Pointsec upgrades; but the settings creates an installation crashes when a user tries to use any of installation that the System Settings. fails. Workaround: When making an upgrade profile, make sure to include all settings if it's based on another profile or on the local installation’s settings. Do not clear any of the ‘Base on’ check boxes. 9935 DoD CAC Smart When a smart card user is configured with "Use Card user with Pointsec Token Insertion / Removal Handling" Token Removal enabled, and uses a DoD CAC with ActivCard Handling enabled is Gold for DoD CAC middleware, once the system locked out of takes the setting, the removal of the smart card Windows after takes a short while to lock the system (a few approximately 5 minutes), but then locks the system. If the card is min. inserted, the system will automatically "lock" (i.e. go to screen saver mode) after a few minutes (about 3-5 minutes), regardless of user activity, so it is not behaving like the screen saver. The screen saver setting is configured for 10 minutes, but changing that value has no effect. 9872 Unable to change Under Windows XP and Vista, if, for example, you installed win install the Europe1 language pack and then realize language pack that you wanted Europe2; you will not be able to install the Windows part of the Europe2 pack. When running the command shell as an administrator, you run the pscontrol command "install-win-language" and it fails with the error message "Cannot create the file when that file already exist" Workaround: Remove the existing plang32. file from C:/Program files/Pointsec/Pointsec for PC/ and from C:/Windows/System32/, and run the command again.

23 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 9864 Ctrl+Alt+Delete In some circumstances even though SSO is enabled required when in Pointsec PC, Vista forces the logged in user to logging on in Vista press “Ctrl + Alt + Delete”. After pressing “Ctrl + with SSO. Alt + Delete”, the user is l automatically logged in. To eliminate the “Ctrl + Alt + Delete” step, go to the -> User Accounts. Click "Manage User Accounts" and click the "Advanced" tab. To eliminate the need to press “Ctrl + Alt + Delete”, clear the “Require users to press Ctrl + Alt + Delete” check box. 9752 Issue with RSA The Pointsec Token Insertion/Removal handling smart cards and does not work with RSA smartcards. The problem Pointsec Token is due to incompatibilities with the RSA Insertion/Removal middleware used to access the RSA smart cards. handling. Workaround: Utilize similar Token Insertion/Removal handling in RSA middleware. 9607 Upgrade only silent Pointsec PC 6.2 contains an Automatic upgrade in Vista. function. This function is used to for perform upgrade by distributing an Upgrade package to the "Upgrade path" or the "Work folder". In Windows 2000 and Windows XP, the end user is notified of the progress of the Automatic upgrade and is notified when the upgrade has been finalized. In Vista the upgrade does not display this information. 9411 PME setting "Use The PME setting "Use SSO with P4PC" works SSO with P4PC" only when Pointsec PC is installed before PME. issue. 9403 PPBE hangs when a The PPBE hangs if a docking station is attached to docking station is the PC Acer TM 4400 and USB is enabled. If USB attached to the PC is disabled, the PPBE does not hang. However, in Acer TM 4400. this latter case, the keyboard and mouse attached to the docking station do not work. Workaround: Disable USB support in PPBE via the PCMC setting "Enable USB". 9137 Cannot perform Cannot perform SSO with Entrust smart card user SSO with Entrust The reason for this is that an error occurs when an smart card user. attempt is made to store an Entrust profile required for SSO, on the smart card.

24 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 8980 The windows driver The Windows driver (prot_2k.sys) crashes if the (prot_2k.sys) system contains only 4.x/5.x volumes. This crashes if the situation may occur if an upgrade is aborted in the system contains PPBE and recovery is not performed on all only 4.x/5.x volumes. volumes. The situation can be fixed by performing recovery on all volumes. 8965 Possible failure of A user account with password authentication and Remote Help with the setting Case sensitivity = No or to legacy users uppercase in 4.x/5.x = Yes may experience trouble providing Remote Help if he/she has not entered the password in uppercase letters. Workaround: Request that the person providing Remote Help use capital letters when entering the password in his/her system. 8811 Incorrect message When disabling WIL via the tray menu, the displayed when message “Access to your user account failed” is disabling WIL displayed. This message is incorrect; the message should request the user to log off. 8183 Proventia Desktop The installation of Pointsec PC is stopped if the stops the Pointsec Proventia Desktop version 8 or 9 is installed. PC installation. Workaround: There are two possible workarounds for this issue: 1. Disable the Proventia Desktop during installation of Pointsec PC. 2. Add prot_ins.sys to Proventia Desktop exclusion list during installation. 8012 No PPBE logon No PPBE logon screen is displayed if an eToken displayed on Dell NG Flash USB smart card is used on a Dell Inspiron when using Inspiron 9400. After PC boot, the screen goes an eToken NG black and the PPBE screen is displayed. Flash Workaround: Set the BIOS setting "USB Emulation" under POST behavior to "OFF" to avoid the problem. 7813 A Pointsec for PC Hibernation should not be allowed to start during upgrade fails if the an upgrade, but Pointsec for PC does not inhibit it. machine is Workaround: Disable hibernation during upgrade. hibernated.

25 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 7773 Unable to read logs If you upgrade directly from Pointsec for PC 6.0.0 after upgrading to 6.1.3, the system, local, and remote logs will be from Pointsec for unreadable. PC 6.0.0 to 6.1.3. Workaround: Upgrade from 6.0.0 to 6.0.1 first, then upgrade from 6.0.1 to 6.1.3, and the logs will be readable. 7510 Re-establishing If the single sign-on (SSO) chain between Pointsec single sign-on after for PC and a Novell Client is established and the password following password synchronization scenario synchronization occurs, it will take three reboots to re-establish requires three SSO. reboots when SSO Here is the scenario: chain is between Pointsec for PC and 1. Establish the SSO chain between Pointsec for a Novell Client. PC and a Novell Client. 2. Activate password synchronization with Windows. 3. Change the password in Novell/Windows. 4. Reboot and the SSO chain will be broken. It will take two additional reboots before SSO is established again. The same scenario with Windows GINA instead of Novell GINA requires only two reboots. 7367 Deselected volume While deselecting volumes one of the volumes disappears from list. suddenly disappeared from the list. The "lost volume" reappears after any key is pressed. 7261 PPBE - Machine Due to architectural difference between Pointsec stops during the for PC and Computrace software, there is Pointsec for PC compatibility issue between Pointsec for PC and load screen -- Computrace software when Computrace is run in compatibility issue software persistence mode. with Computrace Workaround: Rewriting the master boot record software. makes the machine boot normally, for example, fdisk /mbr.

26 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 6934 Access to Local and Note that when upgrading from 6.0.0 or 6.0.1 to Access to Remote 6.1, the values of Access to Local setting and settings Access to Remote setting are, by default, set to “Yes”. These settings can of course be set to “No” after installation. Workaround: Deploy a profile where you set this permission to NO for your end-users as soon as you have successfully upgraded your clients. 6905 Interoperability When creating recovery media to a USB memory problem with PME stick while having PME installed, there may be a and recovery media problem after the first part of the creation is done. creation After unplugging and re-inserting the USB memory as instructed by the program, a blank (all white) PME will sometimes pop up after you have pressed OK. Both windows (PME and Pointsec recovery media) will stop responding, and you will have to close the applications via the . 6844 RRU boots before When ordering a restore from within the Windows PPBE when part of RRU, the computer restarts and then boots ordering restore into RRU before allowing you to authenticate in from Windows. PPBE. If you reboot from within RRU, you will get to PPBE; and then you will boot into RRU and it will perform the requested restoration. 5437 Difficulties when You can experience difficulties when creating an creating an installation profile that is based on local settings installation profile when you are required to provide new based on local authentication for the profile and you want to use a settings for smart smart card you have used previously. In this case, card users. Pointsec requires that you re-associate the smart card (plus certificate) and the user; and this it may not always be possible to acquire all the certificates needed for all the users. Workaround: Rather than trying to re-assign the smart card to the user, assign the user a fixed password and switch to smart card and certificate later. Alternatively, define a temporary smart card user so the user can reassign the certificate him/herself on the next boot of the PC.

27 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 5239 Do not remove Do not remove the PCMCIA reader or smart card PCMCIA reader or while authenticating. They can be removed when smart card until authentication has been completed in PPBE. authentication is completed in PPBE. 5233 Changing the When single sign-on is enabled, if you change your password in password in Windows, single sign-on will be Windows temporarily be disabled. The next time you log on, temporarily disables a message will be displayed saying that Pointsec single sign-on. cannot log on to Windows - please enter your Windows password. After you correctly enter your Windows password, single sign-on will again function. 5135 Problems when Users can encounter problems when attempting to opening a recovery open a file by double clicking it. file. Workaround: Start the recovery program, and open the recovery file there.

28 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 5019 Password rules The following password rules conflict with full conflict with Unicode support: Unicode support * "Require letters and integers".

* "Allow Special Characters". The current description in the PCMC of this setting is: "Besides a-z, A-Z and 0-9, allow the use of the semicolon and the following other special characters: ! " # $ % & ' ( ) * + , - . / : < = > ? @ { }". As described, the setting would not allow the full range of Unicode characters to be used whether set to “On” or “Off”. With regards to actual Pointsec functionality, the following is a more accurate description: “Allow use of the following special characters: ; ! " # $ % & ' ( ) * + , - . / : < = > ? @ { }.” If this setting is set to “No”, these special characters are not allowed in passwords. However, all other Unicode characters are allowed regardless of the setting.

* "Require upper and lower case". This only makes sense in alphabets that have case forms.

* "Allow password of adjoining characters." This is meant to prevent entering series of characters from adjoining keys on the keyboard. However, only western-style keyboard layouts are used to detect adjoining characters. 4679 RRUinstall.msi The RRUinstall.msi installer installs the driver installer installs required by Pointsec for PC to support RRU, on the driver on wrong wrong volume. volume. Workaround: specify the target drive with the MSI Property TARGETDIR=C:\ For example: msiexec /i InstallRRU.msi TARGETDIR=C: 4298 Difficulties If you lose mouse functionality when running the recovering selected recovery program individual volumes cannot be volumes when selected. running the Workaround: Recovery program all volumes rather than selected volumes.

29 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes

Known Hardware-related Issues in This Release The following items are known hardware-related issues in this release: ID About Details 398232 No support for Description: hybrid disk If ‘NV cache’ is enabled, the installation will fail to install. The Pointsec SA seems to be written on a cache part. So the SA seems to be flushed and the installation fails. Disable NV cache and install Pointsec, then enable NV cache gives database corrupt randomly in preboot. Environment info: Znote 6224w Vista Ultimate HDD: Samsung HM16HJI ATA Hybrid Hard Disk 398074 The Preboot authentication using the combination of an Axalto (10259) combination of Cyberflex Access 64K Pegasus v2c smart card and a an Axalto Schlumberger USB Reflex 1. smart card reader fails. Cyberflex Access 64K Pegasus v2c smart card and a Schlumberger USB Reflex Version 1. smart card reader fails in preboot. 7909 Dell D410 does Connecting a Dell D410 to a Dell external USB bay can prevent not always boot the machine from booting into PPBE. If the bay is connected in into PPBE when PPBE, the machine can terminate with a black screen connected to a immediately after PPBE logon. Both behaviors are intermittent, Dell external and both occurred when a CD-ROM (with no CD) was USB bay. connected to the bay. 7891 Blinking cursor Using a smart card on an MCP ClientPro 365 machine with the on the MPC following BIOS settings, will cause the cursor to blink: ClientPro 365. plug and play os = no legacy usb = disabled

Workaround: Use the factory BIOS settings, which are: plug and play os = yes legacy usb = enabled.

30 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 7633 PPBE The PPBE authentication window freezes when both a smart authentication card reader and an Iomega USB BXXU0130 floppy disk drive window freezes are attached to the machine. Removing the Iomega USB floppy when both a disk drive will activate the PPBE authentication window again, smart card and you can proceed. reader and This problem has occurred on the following PCs: Dell Inspiron Iomega USB 9400, Dell Latitude D600, Sony Vaio Z1. BXXU0130 floppy disk drive are present. 7532 PCMC crashes Logon in Windows environment with the Setec EID IP2 smart after logon in card will crash the PCMC/tray because of problems with the the Windows CSP. environment with a with Setec EID IP2 smart card. 7464 Mouse does not When creating a recovery file with a USB memory stick on work when Acer TM4401 the mouse does not work. When the recovery creating a menu is displayed, neither the keyboard nor the mouse works recovery file on for the first 2-3 minutes. After this delay, it is possible to use a USB memory keys and to tab but it is not possible to select volumes to recover stick on an Acer -- you have to select all volumes. TM4401. 7396 USB optical The USB mouse does not work in PPBE on the Acer Ferrari mouse 3200. The optical USB mouse has its light on in the BIOS, the malfunction in operating system, and in the Pointsec alternative boot menu; but the PPBE. not in the PPBE. 7388 Unregistered If setting for USB is enabled in PCMC (under Hardware) and a characters when keyboard with built in smart card reader is used, the following entering behavior occurs in the PPBE: when entering the user account keystrokes with name, the first character is not registered or visible. For a USB enabled example, if the user account name is ADMIN you must enter keyboard with AADMIN for it to be interpreted as ADMIN. built in smart Tested on Hewlett Packard T3350 and T3350-2. card reader. 7215 Hot plugging of Hot plugging of USB devices does not work on the IBM- USB devices Lenovo ThinkPad T60. does not work You can log on with a USB token if it is plugged in from start. on the IBM- Lenovo ThinkPad T60.

31 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 7164 PCMC logon The PCMC crashes when trying to read the certificates stored fails when using on smart card "Setec EID IP2". The PPBE does not recognize a Setec EID IP2 any certificates stored on smart card "Setec EID IP2" when smart card using smart card reader: CardMan 4040 (PCMCIA) together together with a with the following drivers: CardMan 4040 cm4040.bin and opensc.bin. reader.

Workaround: the certificate to Windows the personal store using smart card middleware. 6883 USB keyboard The USB keyboard intermittently stops functioning in PPBE on intermittently a Hewlett Packard T3350. This happens in the following malfunctions in environment: PPBE on a - USB mouse was connected and worked flawlessly in PPBE Hewlett Packard - USB was enabled in PCMC T3350 - USB legacy support was enabled in BIOS - Plug n Play OS was disabled in BIOS

Workaround: Unplug the keyboard in PPBE and then plug it in again. 6854 Not possible to The following scenario produces the problem: log on in PPBE with RSA SID 1. Install Pointsec for PC using an interactive profile with one 800 and Ferrari smart card account. The files: msc_p11.bin and prd_ccid were 3200 added to precheck.txt. 2. Middleware was installed after installation of Pointsec for PC. 3. After reboot, with the smart card inserted, no pin code dialog box is displayed in the PPBE. 4. Nor is the pin code dialog box displayed when the smart card is inserted after reboot but before logging in to PPBE. This problem concerns RSA SID 800 and Ferrari 3200. 6779 USB hub The USB hub Targus PAUH210 does not work with the HP Targus T3350 in the PPBE (the Pointsec for PC preboot environment). PAUH210 does not work with the HP T3350.

32 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 6701 HP T3350 When USB smart card support is enabled, and no PPBE smart hangs before card drivers are installed, the HP T3350 desktop PC may hang PPBE with USB before the PPBE authentication is displayed. smart card Workaround: support enabled Specify the following BIOS settings: • PNP operating system should be set to YES • USB legacy support should be set to ON Note that the above settings are the factory settings. 6693 Recovery fails The recovery program can fail when creating a recovery when using medium on certain USB devices. For example, the recovery certain USB program failed when using a USB memory stick on an IBM devices on some x60s machine, but it ran successfully on the same machine machines using a USB floppy disk. Workaround: BIOS upgrade to 2.10 resolves this issue. 6690 Not possible to On a Fujitsu Siemens 7020, a USB mouse/keyboard will not use USB work in PPBE if they are connected via a Targus PAUH210 mouse/keyboard hub. USB mouse and keyboards did work when connected via in PPBE when other hubs. they are connected via USB hub Targus PAUH210 to a Fujitsu Siemens 7020. 6679 Error with When USB media is used to perform recovery on the IBM A51, recovery using an error occurs when you boot into the recovery program. The USB media on error message is as follows: IBM A51. Divide error ***Program terminated, rc=03*** This seems to have to do with the startup device menu, where the USB media must come before the HDDs instead of after them. Workaround: It is possible to perform recovery with USB media if you ensure that the USB device comes before the HDDs in the startup device menu. 6570 Keyboard Unable to use the keyboard in the preboot customization menu function lost after USB smart card support has been enabled on an ACER TM 4401 notebook. The keyboard does not function in the PPBE either, so you cannot logon. The problem does not occur on each reboot. It appears more frequently when other USB devices are connected or used or both during preboot.

33 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 6553 Wrong smart In the PPBE smart cards are handled via loadable drivers. card driver for The driver that is used for a specific smart card is set up via smart cards with registry (.inf) files. The registry files may contain one or more identical ATR smart card entries. Each entry consists of the smart card ATR string in PPBE. string and the name of the PPBE driver that will be used for the smart card. Unfortunately, several smart cards may use the same ATR string, and therefore the same ATR string may be present in several entries, which each identify a different driver. When a smart card is detected in the PPBE, the ATR string is extracted. The first driver, according to the registry file, that is available in the PPBE is thereafter loaded and used to handle the smart card. This means that if several smart card drivers which support the same ATR string are available in the PPBE, the wrong driver may be used. To minimize the probability of this happening, the number of smart card drivers in the PPBE should be minimized. 6266 Error if a If a SanDisk CompactFlash® PC Card Adapter is present at SanDisk preboot authentication, a fatal error occurs with error code CompactFlash® 0x50010DA during Windows boot. This occurs even if PC Card PCMCIA support is disabled in preboot. Adapter is present at preboot authentication. 6255 RSA SecurID An RSA SecurID dynamic token is not detected on an Acer dynamic token Ferrari 3200, a Dell Inspiron 6400, and a Dell P670 when not detected on inserted in PPBE. Acer Ferrari Workaround: insert the RSA SecurID dynamic token before you 3200, Dell turn on the PC. Inspiron 6400, and Dell P670 when inserted in PPBE.

34 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes ID About Details 6199 Pointsec for PC On certain machines, Pointsec for PC does not detect the preboot presence of a smart card token and does not display the PIN environment dialog in the preboot environment. This can happen in the does not detect a following two scenarios: smart card Scenario one: token, for 1. The machine is on and the preboot logon dialog is example´, an displayed. RSA SecurID 800 2. Insert the smart card token, but no PIN dialog is authenticator. displayed. Workaround: With the smart card token still inserted, turn the power off and wait a few seconds. Then turn the power on while the smart card token is still inserted, and the PIN dialog will be displayed. Scenario two: Insert the smart card token and turn the machine on. The preboot logon dialog is displayed, but the PIN dialog is not displayed. Workaround: Remove the smart card token, turn the power off, and wait a few seconds. Turn the machine on again. The Pointsec PC preboot logon dialog is displayed. Insert the token and the PIN dialog will be displayed. 6035 Booting from a Booting from a USB memory stick recovery medium created by USB memory the create recovery program fails on the HP dx5150. The stick fails machine hangs after you have entered your user account name immediately and password. after Workaround: using a floppy disk in a floppy disk drive authentication connected via the USB port. on an HP dx5150. 5513 eTokens do not eTokens do not function on Acer Ferrari 3200 PCs. function on Acer Ferrari 3200 PCs.

35 Pointsec PC 6.3.1 HFA5 October 19, 2009 Release Notes

FYI This section contains information that may be valuable in certain situations. ID Short Description Description/Info 397163 Errors when Errors may occur during installation of the Pointsec copying files to a PC 6 module into the MI framework when copying local copy during files to a local copy. If the error message says "The the installation of file name is too long" and "Fails to copy files to the Pointsec PC 6 specified directory", the problem is due to long module into the paths to the installation package. MI framework If the error occurs, the installation cannot be stopped. You will have to copy the Pointsec PC 6 files manually from the installation package afterwards. The folder containing the Pointsec PC files is called “PPC6 MI Client”.

Workaround: Initiate the installation from C:\ or from a CD. 2291 Issue with Pointsec PC handles Windows XP restore points in Windows XP the following way: restore points. - Restore points that exist prior to the installation of Pointsec are removed. - Restore points created after Pointsec has been installed can be used to restore Windows. If Pointsec is uninstalled, these restore points are removed.

Late-breaking Documentation The following is late-breaking documentation which will be added to the relevant guide as soon as possible: ID Description/Info

36 Pointsec PC 6.3.1 HFA5 October 19, 2009