Revision Tracking Version A
Pointsec for PC 6.3.1 HFA4 – Revision Tracking © Copyright Pointsec Mobile Technologies AB, 1997-2008 This document contains information on changes and corrections implemented in previous versions of Pointsec for PC and Pointsec PC. For new functionality, changes, corrections and the latest information on the current release, see the Pointsec PC Release Notes.
Contents Pointsec for PC 6 ...... 4 New in Release 6.3.1...... 4 Changes and Corrections in 6.3.1 HFA3 ...... 4 Changes and Corrections in 6.3.1 HFA2 ...... 7 Changes and Corrections in 6.3.1 HFA1 ...... 8 Changes and Corrections in 6.3.1 ...... 12 New in Pointsec PC 6.2 ...... 20 Changes and Corrections in 6.2 HotFix Accumulator 1...... 21 Changes and Corrections in 6.2 HF2...... 23 Changes and Corrections in 6.2 HF1...... 24 Changes and Corrections in 6.2 ...... 24 New in 6.1.3 ...... 29 Changes and Corrections in 6.1.3 Hotfix 4 ...... 29 Changes and Corrections in 6.1.3 Hotfix 3 ...... 30 Changes and Corrections in 6.1.3 Hotfix 2 ...... 30 Changes and Corrections in 6.1.3 Hotfix 1 ...... 31 Changes and Corrections in 6.1.3 ...... 32 New in 6.1.2 ...... 47 Changes and Corrections in 6.1.2 ...... 47 Changes and Corrections in 6.1.1 ...... 47 Changes and Corrections in 6.1.0 ...... 51 New in 6.1.0 ...... 54 Changes and Corrections in 6.0.1 ...... 55 New in 6.0.1 ...... 56 Changes and Corrections in 6.0.0 ...... 56 New in 6.0.0 ...... 58 Pointsec for PC 5 ...... 58 Changes and Corrections in 5.2.2 ...... 58 Changes and Corrections in 5.2...... 59 Changes and Corrections in 5.1.3 ...... 60 Changes and Corrections in 5.1.2 ...... 60 New in 5.1.1 ...... 60 Changes and Corrections in 5.1.1 ...... 61 Changes and Corrections in 5.1 ...... 61 New in 5.0 ...... 62 Changes and Corrections in 5.0 ...... 62 Pointsec for PC 4.1 Releases...... 63
1 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections in 4.1 SR 2.19.1 ...... 63 Changes and Corrections in 4.1 SR 2.19 ...... 63 Changes and Corrections in 4.1 SR 2.18 ...... 63 Changes and Corrections in 4.1 SR 2.17b ...... 64 New Functionality in 4.1 SR 2.17...... 64 Changes and Corrections in 4.1 SR 2.17 ...... 64 New Functionality in 4.1 SR 2.16...... 64 Changes and Corrections in 4.1 SR 2.16FT...... 64 New Functionality in 4.1 SR 2.15...... 64 Changes and Corrections in 4.1 SR 2.15 ...... 64 New Functionality in 4.1 SR 2.14...... 65 Changes and Corrections in 4.1 SR 2.14 ...... 65 Changes and Corrections Made in Release 4.1 SR 2.1...... 65 Changes and Corrections Made in Release 4.1 SR 2.0.4...... 66 Changes and Corrections Made in Release 4.1 SR 2.0.3...... 66 Changes and Corrections Made in Release 4.1 SR 2.0.1...... 66 Changes and Corrections Made in Release 4.1 ...... 66 Changes and Corrections Made in Patch 4.0 SR 4.1...... 66 Changes and Corrections Made in 4.0 SR 4.1 ...... 66 Changes and Corrections Made in 4.0 SR 4 ...... 66 Changes and Corrections Made in Patch 4.0 SR 4 ...... 67 Changes and Corrections Made in 4.0 SR 3.5 ...... 67 Changes and Corrections Made in 4.0 SR 3.4 ...... 67 Changes and Corrections Made in 4.0 SR 3.3 ...... 67 Changes and Corrections Made in Patch 4.0 SR 3.3...... 67 Changes and Corrections Made in 4.0 SR 3.2 ...... 67 Changes and Corrections Made in Patch 4.0 SR3.1...... 68 Changes and Corrections Made in 4.0 SR 3.1 ...... 68 Changes and Corrections Made in 4.0 SR 3 ...... 68 Changes and Corrections Made in 4.0 SR 2.3 ...... 69 Changes and Corrections Made in 4.0 SR 2.2 ...... 69 Changes and Corrections Made in 4.0 SR 2.1 ...... 69 Changes and Correction in 4.0 SR 1 and SR 2 ...... 69 Features Introduced in Pointsec 4.0 ...... 70 Pointsec for PC 4.2 Releases...... 71 Changes and Corrections in 4.2 SR 1.8 ...... 71 Changes and Corrections in 4.2 SR 1.7b ...... 71 New Functionality in 4.2 SR 1.7...... 71 Changes and Corrections in 4.2 SR 1.7 ...... 71 New Functionality in 4.2 SR 1.6...... 71 Changes and Corrections in 4.2 SR 1.6FT...... 71 New Functionality in 4.2 SR1.5...... 72 Changes and Corrections in 4.2 SR 1.5 ...... 72 New Functionality in 4.2 SR 1.4...... 72 Changes and Corrections in 4.2 SR 1.4 build 193...... 72 Changes and Corrections in 4.2 SR 1.4 ...... 72 Changes and Corrections Made in Release 4.2 SR1.3...... 72 Changes and Corrections Made in Release 4.2 SR1.1...... 73
2 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections Made in Release 4.2 SR 1...... 73 Changes and Corrections Made in Release 4.2 SR 0.4...... 74 Changes and Corrections Made in Release 4.2 SR 0.3...... 74 Changes and Corrections Made in Release 4.2 SR 0.1...... 74 Changes and Corrections Made in Release 4.2 ...... 74 Changes and Corrections Made in Patch 4.0 SR 4.1...... 74 Changes and Corrections Made in 4.0 SR 4.1 ...... 74 Changes and Corrections Made in 4.0 SR 4 ...... 74 Changes and Corrections Made in Patch 4.0 SR 4 ...... 74 Changes and Corrections Made in 4.0 SR 3.5 ...... 75 Changes and Corrections Made in 4.0 SR 3.4 ...... 75 Changes and Corrections Made in 4.0 SR 3.3 ...... 75 Changes and Corrections Made in Patch 4.0 SR 3.3...... 75 Changes and Corrections Made in 4.0 SR 3.2 ...... 75 Changes and Corrections Made in Patch 4.0 SR3.1...... 75 Changes and Corrections Made in 4.0 SR 3.1 ...... 76 Changes and Corrections Made in 4.0 SR 3 ...... 76 Changes and Corrections Made in 4.0 SR 2.3 ...... 77 Changes and Corrections Made in 4.0 SR 2.2 ...... 77 Changes and Corrections Made in 4.0 SR 2.1 ...... 77 Changes and Correction in 4.0 SR 1 and SR 2 ...... 77 Features Introduced in Pointsec 4.0 ...... 78
3 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Pointsec for PC 6 This section contains information on changes and corrections made in the previous releases of Pointsec for PC (called Pointsec PC from 6.2 onward).
New in Release 6.3.1 The following new functionality and enhancements are included in Pointsec PC : • This Release Notes covers both the EW version and the MI version of Pointsec PC. • The way Pointsec PC groups and user account groups inherit the values of settings has changed, and the way specified values, default values, and effective values work has also changed. See the Administrator’s Guide for more information. • How updates to the recovery file are triggered, and how Pointsec PC writes recovery files locally and to shares has changed. See the Administrator’s Guide for more information.
Changes and Corrections in 6.3.1 HFA3 The following items were corrected in Pointsec PC 6.3.1 HFA3: ID About Details 453353 Token removal Token removal handling was not consistent. When handling failed unplugging an Aladdin Etoken PRO 32K, the workstation intermittently. was not locked if the etoken was ejected within less than a minute after its insertion. 453083 HP Compaq 6910p An unrecoverable error occurred intermittently in preboot blue screened on HP Compaq 6910p Notebook laptops. intermittently in preboot. 452953 Unable to tab the After passing preboot authentication, user was unable to cursor to ‘Show Log’ tab to 'Show Logs'. in the preboot environment. 452786 Windows Logon An application error occurred, terminating Windows Logon User Interface Host User Interface Host when using PKI Client v4.55 for crashed upon eToken PRO 32k and Aladdin eToken PRO 32K drivers. eToken PRO logon. 452774 A "Missing" error When choosing a language that is not a Legacy language was displayed in the and logging in with a user (SSO enabled) you would get a single sign-on (SSO) "Missing" error in the SSO dialog instead of the translated dialog. text. 452684 The “slash” special If you used de-DE/sv-SE in PBE and typed the a slash (/) character (/) on the on the numeric keyboard, you got a dash (-). If you enable numeric keyboard NumLock, you got an underscore (_). did not work properly. 452682 Characters were Various characters were missing from the French keyboard missing in the layout in preboot, and the keys of the virtual keyboard were French keyboard in empty. preboot. 452675 Caps Lock was not When Japanese keyboard was specified in PBA, the user
4 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details available with could not activate "Caps Lock". Japanese keyboard in PBA. 452665 Removing a user Deleting a user would fail to trigger the writing of a new failed to trigger the recovery file even though the user had been deleted from writing of a new the machine. recovery file. 452653 Use of tab key in Some customers were confused by the use of the tab key WebRH during the challenge/response interaction when receiving Challenge/Response remote help. not obvious. 452629 AES algorithm was The AES algorithm was used for encryption when Blowfish used instead of had been specified in a silent installation profile and an Blowfish. algorithm-specific license was used.. 452563 Error issued when An error was issued if the MSRC.MSI or InstallRRU.msi installing the files were installed before the Pointsec PC installation had MSRC.MSI or completed with a restart of the computer after the Pointsec InstallRRU.msi PC installation. before the Pointsec
PC installation had completed. 452558 Unable to After Pointsec PC 6.1.3 was uninstalled, the error change/set Windows message was displayed while trying to change setting in : XP welcome screen Control Panel -> User Accounts -> Change the way users after Pointsec PC log on or off] had been Error Message: ‘A recently installed program has disabled uninstalled. the welcome screen and fast user switching. To restore these features, you must uninstall the program. The Following file name might help you identify the program that made the change: msgina.dll’. 452529 License handling - Customers were prevented from using their Pointsec for Some Pointsec for PC 4x license numbers in upgrade profiles. PC 4.x license
numbers were not accepted in 6.x upgrade profiles. 452360 The ‘Disable expire Once a user account had expired, it was not possible to date’ checkbox did disable the expiration date by selecting the ‘Disable expire not work if the user date’ checkbox. account had expired.
452359 Not possible to It was not possible to remove the expiration date of a user disable expire date account at the group level. This would have made it from group level. impossible to manage users created from temp users on the group level.
452358 An expired account If you provided remote help to an expired account, the behaved account had access to Windows, but after Windows logon inconsistently in a dialog was displayed saying that the account has expired Windows. and the account was logged out of Windows after a couple of seconds or after several minutes. In addition, if you clicked OK on the ‘Your account has expired’ dialog, you would still be able to logon to the machine to work for several minutes (perhaps hours) before the dialog
5 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details appeared again. 452336 An old password was If case sensitivity was set to 'No' for a user group, and a accepted after the new user account was created and the ‘Force change of first authentication. password at next logon’ box was selected, the password that was initially used could be used at the next logon. 452305 PPBE did not In the preboot authentication when entering a user account respond immediately name that contains a space character, PPBE did not to space key input. respond immediately to the space keystroke. It seemed as if nothing occurred. However, when you press another key, the stored space character was displayed. 452275 'Set Temporary When installing Pointsec PC 6.3.1 with a converted Lockout Time' installation profile created in Pointsec PC 6.1.3, even became though 'Set Temporary Lockout Time' was set to 'Disabled' '2147483647' in a in the original profile, the temporary lockout time was set to converted installation '2147483647' after conversion. profile. 452268 Slaving of a hard A hard disk drive encrypted with Blowfish could be slaved disk drive was on an AES-encrypted machine and accessed without the allowed when the Allow Hard Drive To Be Slaved setting being set to Yes. Allow Hard Drive To Be Slaved setting was set to ‘No’. 452156 An update profile An update profile based on an installation profile was not based on an imported from the Work folder. No log entry was produced. installation profile was not imported. 452081 The word The word "Credentials" was misspelled in the PCMC’s "Credentials" was ‘Change credentials’ dialog. misspelled in the PCMC. 452005 Unable to use the Customers were unable to use the keyboard or mouse in keyboard or mouse PBE when turning USB = ON in Pointsec PC. No options in PBE on an Acer were available in the BIOS for ‘USB legacy support’. TravelMate 6410. 451712 HP 6220 smart card The smart card reader built into the HP 6220 did not work reader not working. when either PCMCIA was enable or when it was disabled. 451701 SSO fails on Vista SSO failed on Vista when using the ‘@’character in the when using the ‘@’ Vista username. The operating system seemed to loop. character in the Vista username. 451608 The volume The volume protection information was missing from an protection installation profile based on an update profile. If the profile information was was saved, no warning was displayed about volume missing from an protection not being set, and if this profile was used to installation profile install, it failed with the error: 'Disk Configuration not based on an update Supported'. profile. 416025 Centrallog.exe The Centrallog.exe crashed intermittently, and the crash crashed led to corruption of the database after the next reboot. intermittently. 408057 Windows Integrated Windows Integrated Logon did not shut down the machine Logon did not shut in a timely manner: after a failed logon, the machine would
6 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details down the machine in hang if the message box was not acknowledged. Nor a timely manner. would it reboot immediately. 407825 Problem booting When using Bart’s PE with a new filter driver for Pointsec from Bart PE. PC 6.3.1.and booting directly to the Bart disk, the machine would blue screen. 400068 An unhandled An unhandled exception would occur when creating a new exception would profile, immediately after configuring a new set and clicking occur when creating ‘Finish’. a new profile. 399604 The encryption The encryption status in Japanese was confusing when status text in booting from a recovery disk. This was an error in the Japanese was translation from the English. confusing when
booting from a recovery disk. 399343 An USBSTOR error, An USBSTOR error, Event ID 6, was logged in the Event ID 6, was Windows event viewer (system log) every time the user logged in the inserted a USB memory stick on a Pointsec PC-protected Windows event system. viewer (system log)
every time a user inserted a USB memory stick. 396303 The Windows event The Windows event log settings could not be changed or log settings could not saved because all the registry entries that are required for be changed or saved the Windows event log to work properly were not created. due to missing registry entries. N/A Deploying Pointsec When deploying Pointsec PC 6.x with a software PC 6.x with a deployment tool that installs under the local machine’s software deployment system context, a problem could occur when executing the tool that installs CheckProfile custom action. The problem was specific to under the local XP SP2 because certain changes to DCOM permissions machine’s system were introduced with XP SP2. The problem was caused by context an InstallShield InstallDriver account that was set to run as the interactive user rather than as the launching user.
Changes and Corrections in 6.3.1 HFA2 The following items were corrected in Pointsec PC 6.3.1 HFA2: ID About Details 452773 SSO credentials not When using a Windows legal notice functionality or third- cleared after 4 min. party application at logon, the SSO session was not cleared if halted during a process longer than 4 min. This has now been corrected. 452772 Possible for remote When connecting to a Windows Vista Client with SSO in desktop session to use progress, you were able to logon with SSO credentials via SSO session (Vista). remote desktop. This has been corrected so that a remote desktop must use the normal Windows authentication.
7 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections in 6.3.1 HFA1 The following items were corrected in Pointsec PC 6.3.1 HFA1: ID About Details 452256 Upgrade from Pointsec The following scenario will produce the problem: 5.x to 6.2 HFA1 1. Before applying the upgrade package make sure that freezes prior to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window completion. s NT\CurrentVersion\Winlogon -> "GinaDLL" is set to something other than pssogina.dll, for example, msgina.dll 2. Start the upgrade from Pointsec 5.x to 6.2 HFA1 (set UpdateSSO=0 in precheck.txt in the 6.2 package). 3. During upgrade, Pointsec PC will freeze. Customer environment: - Pointsec PC 5.x - McAfee HIP (Host Intrusion Prevention). McAfee suite to prevent access to McAfee registry keys. 452232 Certain special When the PC is set to English Canada language, you are characters do not work not able to use some of the special characters in preboot. in the preboot If you try to type them, it will not show the character you environment with are typing. The following characters do not work Canadian English {}",/<>=?@ language. If you use the Virtual keyboard with the en-CA setting, (English Canada) instead of a physical keyboard, the following characters are available and can be used ",/<>=? The same issues is found with DE-AU (German Austrian) keyboards. 452198 Password history is Environment: The 'Password History' setting is set to case insensitive. greater than 1, and password is set to be case sensitive. When the user changes the password to something which is only a change of case from the previous password (for example, 'passWORD' => 'PASSword'), it is not accepted. It seems to be recognized as an existing password in the password history. However password is set to be case sensitive so it should be treated as a brand new password. The following text has been added to the Administrator’s Guide: Pointsec PC’s Password History function does not consider case sensitivity when assessing password uniqueness. Thus, if you change a password that is recorded in Password History by changing only the case of one or more of its letters, it will not be accepted as unique, and therefore that altered password will not be allowed. 452191 Customer name found The customer name is erroneously found in a Pointsec PC in PTD.INF file. token driver file, PTD.INF. 452173 Installing Pointsec PC When installing Pointsec PC 6.3.1 on a Dell XT Tablet, the 6.3.1 on a Dell XT installation stalls when installing the system code. Tablet fails. 452163 Invalid Profile causes An install profile causes problems after install. exceptions in PCMC. The following scenario will produce the problem: 1) Install version 6.3.1 with a profile that has an erroneous
8 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details “Set Max Failed Logons” value. 2) In Windows, start PCMC and go to Local. 3) You will receive a error. 4) Press OK and you will get access to the Local settings but both buttons on bottom right are blank. 452011 It is possible to find the Data in DRAM actually fades out gradually over a period of encryption key in RAM seconds to minutes after the system shuts down. This after system shutdown enables an attacker to read the full contents of memory by (if done within x cutting off power and then rebooting into a malicious minutes.). operating system. When the memory content has been dumped, it can be analyzed; and by using a known algorithm it is possible to find the expanded partition key in memory. When a probable key is found, it could be used to try to decrypt a sector from the encrypted disk, and since this can be automated with a tool there is a high risk that the correct encryption key can be found. 451958 Driver may overrun When the system boots (from scratch or from hibernation), memory at startup. the driver may be interacting with memory which is not within the driver’s scope. This can cause unexpected behavior such as a stop error (BSOD). 451815 SideBySide errors are SideBySide errors appear in the event viewer during listed in the event Pointsec PC installation. They are caused by a Microsoft viewer during Visual Studio Manifest bug. Workaround: install the latest installation. Visual Studio Service Pack on the client machine before installing Pointsec PC. 451555 If USB is enabled in If USB is enabled in Pointsec, the computer will hang after Pointsec PC, the Pointsec progress bar is displayed. Even if USB legacy computer will hang support is disabled in the BIOS, it will still hang with a black after the Pointsec PC screen after the Pointsec PC progress bar is displayed. progress bar is The following scenario will produce the problem: displayed. 1. Install Pointsec PC 6.2 HFA1 with smart card drivers (set USB to Yes). 2. Reboot, then get the Pointsec PC system code installation, then do a second reboot. 3. The progress bar will appear and load. 4. After it is loaded, it will halt with a black screen. Environment: Toshiba Tecra M9, but the problem has also been reported on other Toshiba models such as the A200 and the A8. Pointsec PC 6.2 HFA1 451499 Remote Help (RH) If the name of a Remote Help (RH) helper account is challenge code identical to one of the group names, the challenge code becomes
9 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details User Group: USER User account 1 : POINTSEC (RH recipient) --> challenge code becomes
Example 2: System Group :SYSTEM User account 1 : USER (helper account) User account 2 : ADMIN User Group: USER User account 1 : POINTSEC (RH recipient ) --> challenge code becomes
10 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 3. Enable the "Smart Card Triggers Windows SSO logon" setting for the smart card user account. 4. Reboot the machine. When logging on to Windows, the user will be asked to enter account/password. SSO does not work. 399093 Upgrade from Pointsec Upgrade from 4.x/5.x is normally performed via the 4.x/5.x for PC 4.x not aborted upgrade functionality. In this case the upgrade is triggered when the MSI is by storing an upgrade package in the work folder/software executed manually. update folder on an installation. It should not be possible to perform an upgrade by executing the Pointsec PC MSI package (which is part of upgrade packages) manually. When this is done on a 5.x installation, the upgrade is aborted with an MSI error dialogue. However, on a 4.x installation the upgrade progresses quite far (at least if an upgrade profile is available), for example, the upgrade fails during the recovery file handling. 398155 USB keyboards do not When “Legacy USB Support” is active in the BIOS on a (10341) work when “Legacy Hewlett Packard Compaq dc7700 Small Form Factor PC, USB Support” is USB keyboards do not work. enabled on Hewlett Workaround: (1) Disable USB Legacy Support in the BIOS, Packard Compaq or (2) use a PS/2 keyboard, or (3) connect a USB dc7700 Small Form keyboard and a PS/2 keyboard (and both will work). Factor PCs. 398122 'Record New When SSO is disabled and then enabled again, a 'Record Credentials' dialog box New Credentials' dialog box should be displayed. But is not displayed when under Windows Vista it is not displayed. SSO is re-enabled.
The following scenario will produce the problem: 1. Install P4PC 6.2 on Windows Vista. 2. Enable SSO for a user account. 3. Restart the PC, and login as the user account with SSO box selected. 4. At Windows startup, the SSO welcome screen is displayed. 5. After logging onto Windows, restart the PC. 6. Login at PBA as the same user, account but this time with the SSO box cleared. 7. After logging into Windows, restart the PC. 8. Login as the same user account, selectng the SSO check box again to re-enable SSO. 9. The 'Record New Credentials' dialog box should be displayed, but it is not. The- user account is logged onto Windows directly. 380812 Logs are one hour When viewing logs in management console (PCMC), the behind in PCMC. logs are incorrectly an hour behind the correct time. But if the logs are exported to a CSV file they are correct.
11 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections in 6.3.1 The following items were corrected in Pointsec PC 6.3.1: ID About Details 399639 SSO chain is lost while When a user attempts to use SSO functionality in offline logging on in NOVELL mode in NOVELL, the entire SSO chain is lost. First, the in offline mode. user receives verification that the SSO chain is working while connected to NOVELL. But if a user then unplugs the network cable and tries to log on in offline mode, the SSO chain is lost for the online mode, and SSO does not work at all in offline mode. The scenario that produces the error is: 1. Install Novell 4.90 SP2. 2. Install Pointsec for PC 6.2 HFA1. 3. Enable SSO and set 'Synchronize Windows Password' to Yes. 4. Verify that you have a working SSO chain when the network cable is plugged in. 5. While in Windows and connected to Novell, press Ctrl+Alt+Delete and change the password. 6. Shut down the computer. 7. Unplug the network cable. 8. Start the computer, enter credentials in Pointsec, and verify that SSO is selected. 9. The system halts at the NOVELL log on; choose to log on with a local account. 10. A Pointsec message appears prompting for 'Enter Pointsec password to Sync with Windows password'. 11. Enter the password. 12. Windows loads, and the SSO chain should be saved (but no message confirming this is displayed). 13. Restart the computer, and log on to Pointsec. 14. The system now halts at the NOVELL log on, thus SSO is not working. The same is true if you plug in the network cable and reboot, the SSO chain has been lost. 399570 The "Don't show this If the user enables the "Bypass PPBE WIL Message" (see message again" setting in the PCMC, the PPBE WIL message dialog will 399566) checkbox in the PPBE not be displayed during the next PBA even if the user has WIL message dialog not selected the "Don't show this message again" box is active even checkbox in the PPBE WIL message dialog box during the when it has not been previous preboot authentication (PBA). checked.
12 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 399566 PPBE Failure WIL The scenario that produces the error is: (see Message continues to 1. Set the following. 399570) be displayed. Windows Integrated Logon: "Enabled". Set PPBE Failure WIL Message to: "Test!". Enable Network Locational Awareness: "Yes". Set Network Locations: "with an IP". 2. Reboot the PC and see that WIL is working. 3. Disconnect the PC from the network. 4. Reboot the PC --> After Windows authentication, PC shut down. 6. Reboot the PC 7. PPBE Failure WIL Message is displayed at PBA --> Login. 8. Check that WIL is disabled and reboot the PC. 9. PPBE Failure WIL Message continues to be displayed. 399565 Intermittent Error code Intermittently after Windows authentication, the customer 0x5001400 leading up gets an error message, code 0x5001400, and the P95Tray to tray-crash. crashes right after that.
In the Windows Event Viewer, there is only one error logged:
plantage de P95tray : (French) > Faulting application P95tray.exe, version 6.0.2.1207 faulting module > [...] fault address 0x0004F485. 399554 WIL - One-time logon The "Enable WIL" switch does not work with one-time does not enable WIL. logon.
The scenario that produces the error is: 1) Set "Max failed logon attempts" to 5. 2) Fail to login to Windows 5 times (the computer will shutdown). 3) Boot up machine, PPBA will be enabled. 4) Select the "Enable WIL" switch; then provide one-time logon remote help to the user.
Outcome: WIL will still be disabled after next reboot.
13 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 399510 If changing UVP after The scenario that produces the error is: upgrade to HFA1, if you upgrade 2 machines having the same UVP, to HFA1, profiles are not open up the PCMC, you are then prompted to set your accepted. UVP. If you set the UVP to a NEW password, and don't reuse the old UVP, the profiles created will not be accepted.
Machine A and B are installed with same UVP Machine A and B are upgraded from 6.1.3 to 6.2 HFA1. PCMC is opened on machine A. Admin gets prompted to set a UVP. If the password is a brand new one, machine B will not accept the update profiles from machine A. Machine B will only accept profiles from machine A if the UVP is set to the 6.1.3 UVP... 399463 Slow keyboard in Keyboard response is slow in PreBoot Authentication, and PreBoot this results in the user entering the wrong credentials. Authentication.
This problem has been reported as occurring on the following computers: - OEM / Manufacturer: Dell - Model: D620 - Processor: Intel Centrino Duo T2400 @1.83GHz - Graphics: Nvidia Quadro NVS 110M - Memory: 2048 MB - BIOS Version: A08 and IBM/Lenovo T40. 399409 Pointsec PC On certain hardware, it has been found that, after installation failure on installation of Pointsec PC, the system can crash during Sony Vaio. Vista’s start sequence.
The unrecoverable error occurs: 1. On the first reboot after Pointsec PC installation, or 2. After several (less than 10) reboots after Pointsec PC installation, or 3. On the 6th reboot after Pointsec PC finishes encrypting the HDD 100%.
Environment: Hardware model: SONY VGZ-SZ94NS and SONY VGZ- SZ93NS Number of disk: 1
14 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details Number of partition: 1 OS: Windows Vista Timing of error: while Windows is loading. 399307 The Windows Screen This issue seems to occur only in Windows XP. It does not Saver Timeout setting occur in Windows Vista. is enforced although it The scenario that produces the error is: is set to “disabled” in management console 1. Install P4PC. (PCMC). 2. Set 'Allow Windows Screen Saver' to Yes in the Local settings. 3. Check that by default, Set Screen Saver Timeout is set to 10 minutes for the logged in user. 4. Select 'Disabled' in the check box in the 'Set Screen Saver Timeout' window, in order to disable the timeout setting. 5. In Windows, change screen saver to 'Windows XP' and set the timeout to 9 minutes. 6. Reboot the PC. 7. Even though Set Screen Saver Timeout setting is disabled, 'Windows XP' screen saver timeout is reset to 10 minutes. 399147 Converting a When converting a temporary account to a normal temporary user account, the new user account name can consist of only a account to a normal single space character, even though a space is not one of user account whose the special characters that is allowed. This user account name consists of only that is created is unable to receive remote help. a single space. The scenario that produces the error is: 1. Install 6.2 HFA1 and create a temporary account. 2. Login as the temporary account, and when prompted for a new username set it as a single space character (space is not visible on the screen, but it is accepted). 3. From next reboot, logging in as this user is possible if a single space is entered in the username filed. 399075 Changing 'Name and A customer has P4PC 5.2.3 installed on their client PCs, Authentication' of an and they are trying to upgrade to version 6.2. They want to upgraded legacy control individual legacy user accounts in PCMC after the account causes an upgrade. And they want to deploy an update profile that unhandled exception. changes the authentication method of an upgraded legacy account.
The scenario that produces the problem is: 1. Create an upgrade profile in 6.2 PCMC. 2. In this upgrade profile, add a legacy account giving it the same account name as the v5.2.3 user account. Set upgrade action as 'upgrade'. 3. Create an update profile based on this upgrade profile. 4. Right-click on the legacy account, and choose 'Name and Authentication' in order to change authentication
15 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details method. 5. Unhandled exception occurs. 6. Therefore it is not possible to change the authentication method of an upgrade legacy account using an update profile. 398985 The Management The scenario that produces the error is: Console (PCMC) 1 Install Pointsec PC 6.2 on a Japanese Windows XP displays English, even machine. though "operating system" is selected on 2 Select "Operating System" as language (it is selected by Japanese OS. default). 3 Open the Management Console, and all menus are in English.
Environment info: VMware workstation 6.0.0 Windows XP SP2 Japanese. 398299 Token removal and Description: Novell client issue. A token user is logged on with SSO from preboot and Lock computer is selected under Token Removal Handling . When the token is removed from the computer, two lock screens appear. Pointsec PC’s and Novell’s. The active window changes 10 times a second so it is difficult to enter the token PIN.
The scenario that produces the error is -Install Pointsec 6.2 and Novell Client 4.91 SP3. -Setup a token user that uses SSO. -Enable Token Removal Handling and choose “lock computer when token is removed”. -Remove the token. - Now two lock screens appear.
Environment info: Windows XP SP2 Alladin E-Token 32 Novell Client 4.91 SP3. 398279 P95tray.exe error The scenario that produces the error is: when enable export of Enable export of status to file in the Install settings, (the status to file in Install user has administrator privilege to the log path). settings on Win2k. At the next reboot, an application error message is displayed immediately after desktop is displayed. The status file is not created.
16 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details
(The above scenario works fine with Windows XP and Vista.)
Environment info: Pointsec PC 6.2 Windows 2000 SP4 Japanese + UR1. 398269 Memory leak. The psutil.dll leaks memory when logs are fetched. 398165 PC does not shut When WIL'S Max Failed Logon Attempts is set to the value down by WIL 1 or to 255, the machine will not shut down when user (Windows Integrated exceeds the specified maximum number of logon attempts. Logon) when a user
exceeds the max failed logon attempts if this The scenario that produces the error is value is set to 1 or to 255. 1 Enable WIL. 2 Set "Set Max Failed Windows Logon Attempts" to 1. 3 Try to fail 2 times when logging on to Windows. 4 Machine will not shut down. This issue ONLY occurs when the value is set as 1 or 255.
Environment info: Windows XP SP2 Japanese version [Japan support] NEC VERSAPRO VJ17F/RF-X [Partner's environment] Hitach ILIOS F8000II. 398160 PC does not reboot The scenario that produces the error is when the WIL Max 1. Install Pointsec PC 6.2 Windows Logon Attempts limit is 2. Wait until all volumes are fully encrypted. exceeded after resuming from 3. Open the PCMC and enable WIL. hibernation. 4. Reboot the machine. Confirm that WIL works. 5. Hibernate the machine. 6. Turn on the machine again to resume the OS. 7. Keep trying to fail when logging on Windows. It will not reboot or shutdown even if it exceeds the limit for Windows Logon Attempts (default is 5).
Environment info: Windows XP SP2 Japanese NEC versapro VF17F/RF-X. 398107 'Helper Challenge' field In the Pointsec PC 6.2 Management Console Remote Help is not cleared by window: Refresh button. If the helper uses a dynamic token to authenticate, the 'Helper Challenge' and 'Helper Response' fields are
17 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details displayed in 'Step Three'. The value in 'Helper Challenge' field is not cleared when the Refresh button is clicked. All other fields are correctly cleared when navigating to and from other tabs and when the Refresh button is clicked.
Environment info: VMware Workstation 6.0 Windows XP SP2. 398052 Click “Create If you click “Create Recovery Media” in the Set Information Recovery Media” in window, you will get unhandled exception message. You the Set Information can continue or close the application from this dialog. window triggers an unhandled exception message. 398028 Japanese characters Japanese characters in the specified WIL message are not in the PPBE WIL displayed correctly. failure message are The following scenario reproduces the problem: not displayed correctly. 1 Open the PCMC.
2 Navigate to Local > System Settings > Windows Integrated Logon. 3 Edit the Set PPBE Failure WIL message, entering Japanese characters. 4 Click OK and close PCMC. 5 Open PCMC and navigate to the same setting again. 6 The characters in the Japanese WIL message are not displayed correctly.
Environment info: VMware workstation 6.0.0 build-45731 Windows XP SP2 Japanese version.
18 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 397990 After updating a After a temporary smart card user has updated the account temporary smart card in Windows using his/her smart card and certificate, that account with the user is no longer able to log on. relevant smart card The following scenario produced the error: and certificate, the user cannot log on. 1. Create temp smart card user. 2. Logon in PPBE using temp smart card user. 3. Change credentials and get the confirmation that the certificate has been updated. 4. Reboot and try to log on in Pre-boot. 5. Depending on the card you get "invalid logon" or "trouble accessing the card".
Works fine for normal smart card users.
Environment info: Pointsec PC 6.2.01108 & 6.3.1.1211 Windows XP SP1 Oberthur 5.2/AuthentIC Manager 2.8.0.0 Aladdin eToken Pro 32-bit/CRT 3.65. 397892 Upgrading from an When upgrading Pointsec PC 6.2 to Pointsec PC 6.3.1 Upgrade Path fails from a share specified in the Upgrade path, the upgrade intermittently when fails intermittently when using a service start account. using a service start account. 397836 Legacy user accounts If inline editing is used to set the parameter Upgrade with the authority level Action to Remove in the PCMC, legacy user accounts Admin are not with the authority level Admin are upgraded instead of removed during being removed. upgrade from 4.x/5.x. The problem is caused by errors in the language files for the PCMC. Note: legacy user accounts with the authority levels Sysadmin and User are not affected by this issue.
The following three workarounds are available: 1. Double click on the parameter Upgrade Action and select Remove in the dialog that is displayed. When the dialog is closed, the value will be displayed as Ignored. However, the actual value set in the profile will remove the user accounts during upgrade.
2. Use French in the PCMC. This works because the issue is not present in the French language files.
3. Use an update profile to remove the legacy user accounts that have the authority level Admin after the upgrade.
19 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 397778 Cannot open a 6.0.0 A Pointsec for PC 6.0.0 profile cannot be opened in profile in 6.2. Pointsec PC 6.2. But Pointsec for PC 6.1.1, 6.1.2, and 6.1.3 profiles can all be opened in Pointsec PC 6.2. Workaround: open the 6.0.0 profile in Pointsec for PC 6.1.1, 6.1.2, or 6.1.3, save it; and then open it in Pointsec 6.2. 397766 ‘Windows Integrated ‘Windows Integrated Logon’ does not work together with Logon’ does not work ‘Hardware Hash’ on IBM T60 or IBM T42 computers. together with ‘Hardware Hash’ on certain machines. 397325 Pointsec crashes Pointsec does not support multiple HDDs of different drive when installing on a types (ex. IDE + SCSI). computer which has
multiple HDDs of different types. Pointsec for PC crashes (Error code:0x5000d2d) at the initial reboot after P4PC 6.1.3FH1 installation on a machine with multiple HDDs of different drive types (for example,. IDE and SCSI). Without the SCSI, Installation and Encryption complete without a problem. Environment: Machine: Built-in IDE disk and SCSI HDD (connected with SCSI board) Drives C: Boot protect only?@(IDE) D: Boot protect and Encryption (IDE) E: Boot protect and Encryption (SCSI) Machine: Built-in IDE disk and SCSI HDD (connected with SCSI board). 395533 Wake on LAN does Wake on LAN does not work on NEC VersaPro VJ17. (7677) not work on NEC VersaPro VJ17. 9364 Only a maximum total Currently only a maximum of ten volumes can protected of 10 volumes can be with Pointsec for PC. protected by Pointsec for PC. 7677 Wake on LAN does Wake on LAN does not work on NEC VersaPro VJ17. (395533) not work on NEC VersaPro VJ17.
New in Pointsec PC 6.2 The following new functionality and enhancements are included in Pointsec PC 6.2. For more information on the new functionality, please refer to the Administrator’s Guide.
• Upgrade from Pointsec for PC 4.x & Pointsec for PC 5.x o It is now possible to upgrade from versions 4.x.x and 5.x.x to Pointsec PC 6.2.0. • Extended operating system support. Pointsec PC 6.2.0 supports the following operating systems: o Microsoft Vista 32-bit support
20 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
o Microsoft Windows XP tablet edition o Microsoft Windows Server 2003 (on workstation hardware only). • Support for virtual keyboard in PPBE o Authentication to the Pointsec PC preboot environment is now possible by means of a pointing device. • Token removal and re-insertion handling o It is now possible to configure Pointsec PC actions to be taken if a smart card is removed by the user. • Token and certificate uniqueness handling o Pointsec PC can differentiate between Aladdin E-tokens even if the certificate on the tokens is identical. • Log protection with authentication o The option to enforce password authentication to view logs now exists. • Pointsec Service account o It is now possible to configure a Pointsec Service start account from within PCMC. • Password synchronization (both ways) o Password synchronization now works in both directions. Windows to Pointsec PC preboot Pointsec PC preboot to Windows. • System setting password policy o Password policy for passwords used on system level (i.e Update Validation Password) implemented. • Group Authority Level o Group Authority Level allows you to control what settings/permissions are granted to a group and the users bellowing to that group. • Windows Integrated Logon Tampering awareness o Pointsec PC can now be configured to require preboot authentication if hardware changes on a system running Windows Integrated Logon are detected. • Windows Integrated Logon Localization awareness o Pointsec PC can now be configured to require preboot authentication based on available IP addresses. • New localized languages o Polish, Thai, and Hungarian are now available in the Pointsec PC preboot authentication. • Key Import o It is now possible to import seed for the creation of partition keys. • Certificate creation tool o Pointsec PC self-signed certificate capability is now available. • Improved set configuration management o Improved usability in connection with set configuration. • Pointsec PC supports using the Tablet PC pen in preboot on the following systems: o IBM X41 o HP TC 1100 o HP TC 4200 o Toshiba Portégé M200.
Changes and Corrections in 6.2 HotFix Accumulator 1 The following items have been corrected in Pointsec PC 6.2 HotFix Accumulator 1:
21 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 10619 P95_tray.exe can After installing Pointsec PC 6.2 using a profile, the crash in Win 2000 P95_tray.exe will crash in Windows. 10430 Machine randomly When PME, McAfee software, and Pointsec PC are crashes when PME, installed on the same system, the machine randomly McAfee software, crashes with Blue screen 0x00000024. and Pointsec PC are installed on the same system. 10429 Temporary smart When the setting Token Insertion/Removal Handling is card user is not able enabled, the following happens: a temporary smart card to logon after user logs on in PPBE, changes credentials, and receives associating with a confirmation that the certificate has been updated. But certificate. when the user reboots attempts to logon in PPBE, depending on the smart card used, logon fails; and the user receives “Invalid logon” or “Trouble accessing the card” messages. 10428 Double-byte If P4PC is installed with a user whose Window username characters in a contains double-byte characters characters, Pointsec PC temporary user can crash during the Temporary user conversion process. default username cause a crash when installing. 10427 Usernames that If you upgrade from an earlier P4PC version and have contain a space users whose usernames contain one or more space character cause an characters, an unhandled exception occurs if you try to unhandled exception editing name and authentication for these users in the in the PCMC. PCMC. 10426 Group settings and A user with Create User Accounts or Create Group user settings could permission could change even other user account and be changed even group settings. without the required permissions being specified. 10425 Checkpoint start kit Start kit license was not working with Pointsec PC 6.2. license was not working 10424 Smart card Smart card differentiation does not work when creating differentiation does temporary smart card users. not work with temp smart card users 10423 An upgrade from A critical system error occurs and renders the PC Pointsec for PC 6.x unbootable, when P4PC 6.1.3 HF4 is upgraded to 6.2 in a to 6.2 fails with Windows 2000 environment. critical system error. Now upgrade requirements (for example, UR1 for Windows 2000) are checked before the Windows files are upgraded, and, if any checks fail, the upgrade is aborted. 10422 Uninstallation is In P4PC 6.2, uninstallation is possible with only one system possible with only administrator's account if a smart card is inserted. one account and one eToken 10421 Upgrade from 6.x The MSI crashes during upgrade when the PPBE files are version crashes with upgraded. This happens only if the sum of all groups and 27 or more groups
22 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
and user accounts. users is or has been larger than 27.
10405 During upgrade to When an upgrade from Pointsec Pc 5.x to 6.2 is performed, 6.2, PME stops PME stops working. functioning.
Changes and Corrections in 6.2 HF2 The following items have been corrected in Pointsec PC 6.2 HF2: ID About Details 399385 Pointsec PC On certain hardware, it has been found that, after installation failure on installation of Pointsec PC, the system can crash during Sony Vaio. Vista’s start sequence.
The unrecoverable error occurs: 1. On the first reboot after Pointsec PC installation, or 2. After several (less than 10) reboots after Pointsec PC installation, or 3. On the 6th reboot after Pointsec PC finishes encrypting the HDD 100%.
Environment: Hardware model: SONY VGZ-SZ94NS & SONY VGZ- SZ93NS Number of disk: 1 Number of partition: 1 OS: Windows Vista Timing of error: while Windows is loading.
How to Implement This Hotfix Pointsec PC 6.2 HF2 must be installed on Pointsec PC 6.2 HFA1. You must have local administrator permission to install Pointsec PC 6.2 HF2. To implement HF2: Install Pointsec PC HFA1. To make sure the Pointsec PC HFA1 installation is complete, check the return code from the Pointsec PC.msi package – if the installation was successful, the return code will be zero and you should proceed to the next step before rebooting the machine after the installation of Pointsec PC HFA1. Deploy and install this hotfix (HF2), see below.
This hotfix can be implemented in the following two ways:
Silent Implementation and Verification of Pointsec PC 6.2.0 HF 2 1. Run the P4PC_620_HF2.exe with the command flag [/s]. 2. Restart the machine. 3. Verify the implementation by checking that the DWORD value ‘Hotfix’ in registry key *HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC’ is two (2).
23 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Manual Implementation and Verification of Pointsec PC 6.2.0 HF 2 1. Click the [Apply] button in the window displayed after clicking P4PC_620_HF2.exe. 2. A message box is displayed. 3. Restart the machine. 4. Verify the implementation by checking that the DWORD value ‘Hotfix’ in registry key *HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC’ is two (2).
Changes and Corrections in 6.2 HF1 The following items have been corrected in Pointsec PC 6.2 HF1: ID About Details 10430 Heavy IO could This problem has now been addressed by pre-allocating cause a machine to memory. crash with a blue screen.
Changes and Corrections in 6.2 The following items have been corrected in Pointsec PC 6.2: ID About Details 9364 Only a maximum Currently only a maximum of ten volumes can protected total of 10 volumes with Pointsec for PC. can be protected by Pointsec for PC. 8429 P95Tray.exe The P95Tray.exe crashes during uninstallation when crashes during Pointsec for PC 6.1.3 HF1 has been installed on a multi- uninstall on multi- disk machine and the volume on the first hard disk has only disk machine on boot protection (no encryption). When uninstalling, the which the volume on P95Tray.exe crashes after the first reboot. The tray icon the first hard disk displays decryption as 0% before the P95Tray.exe crashes. has only boot Uninstallation will not continue from this point. protection (no Workaround: it is possible to recover the encrypted encryption). volumes using recovery media, and the remaining Pointsec for PC components can be removed using Windows Add/Remove programs. 8428 Resuming from Resuming from hibernation malfunctions on a machine with hibernation both an SATA AHCI-enabled hard disk and a SCSI hard malfunctions on a disk. Such a machine was hibernated with text documents machine with both and image files left open on the Windows desktop. an SATA AHCI- (Hibernation was enabled in Pointsec for PC, and the PC enabled hard disk was rebooted once before hibernation was attempted.) But and a SCSI hard when the machine was resumed, Windows booted; and the disk. files left open on the desktop were closed. Note: when AHCI is not enabled, hibernating and resuming work correctly. 8373 Removing a group The user account name of the deployed user on the local by using an update system is not known, so the only thing the administrator profile (.upp) causes wants to do is to remove the group. the p95tray
application on the local machine to The following scenario reproduces the error: crash. 1. Create local group X.
24 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
2. Create the user account in the local group X. 3. Create an update profile that removes group X. 4. Run the profile in the local "Work" folder.
The profile is deployed, and the group together with its user(s) is deleted; but the P95tray application on the local system crashes with an error message. 7946 Aladdin eTokens will Aladdin eTokens will not work together with 2048-bit not work together certificates in Pointsec for PC 6.1.3. with 2048-bit certificates. 7895 Missing Pointsec for If hibernation is enabled in Windows only, not in Pointsec PC message stating for PC, you should get a Pointsec for PC message when that hibernation is trying to hibernate the PC. The message "Hibernation not not allowed. allowed" is no longer displayed. Only the Windows message is displayed. 7860 Logs that are not Logs that are not deleted after uninstalling Pointsec for PC deleted after 5.x are not overwritten after installing Pointsec for PC 6.x., uninstalling Pointsec rather they are appended to the 6.x logs. Note that the 5.x for PC 5.x are not logs cannot be read in 6.x PCMC. overwritten. The following scenario will produce the problem: 1) Install Pointsec for PC 5.x. 2) Logs for version 5.x are written to your recovery share. 3) Uninstall Pointsec for PC version 5 (the logs are left on the share). 4) Computer name is not changed. 5) Install Pointsec for PC v6. 6) The logs for 6.x are written, but the 5.x logs are appended.
Workaround: Remove the central log and restart P95tray. 7777 "Ctrl+ALT+Del" The following scenario produces this problem: required to reaccess 1) Install Pointsec for PC by running the Pointsec for machine after PC.msi. installing and waiting ca. 10 minutes to 2) Click "No" to the question "Do you want to reboot now?". reboot. 3) Wait about 5-10 min.
The error message "Error code: 0x5000d6e" appears, and when dismissed, an empty screen is displayed. You must press "Ctrl+ALT+Del" to be able to access the PC again. Note that once you have pressed "Ctrl+ALT+Del" and again can access the machine, there are no problems with the installation. 7713 Invalid challenge When adding or changing a dynamic token user account in lengths allowed in the PCMC, the challenge length can be up to 16 characters the PCMC for long. The PCMC allowed Invalid challenge lengths for
25 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
dynamic token dynamic token users. users. Note: The valid challenge length has been changed to be from 1-8 characters. 7555 Authentication of During the uninstallation of P4PC via add/remove smart card user programs, it is not possible to authenticate a smart card account via Remote user account via Remote Help. The 'Next'-button is never Help is inhibited activated after the “Second response” has been entered, so during uninstallation. it is not possible to continue the authentication session. 7536 Remote Help: Remote Help: when using an SC: ActivIdentidy V2C smart PCMC one-time card, one-time logon to the PCMC does not work because logon does not work the OK button is grayed out. when using an ActivIdentity V2C smart card. 7454 Unable to enter the When installing Pointsec for PC on a US English Windows desired password operating system with the requisite Regional settings for when installing Chinese (Taiwan), the following problem occurs: when Pointsec for PC on a entering the system administrator’s user account name and US English password, the display of the second keystroke in the Windows operating password is delayed, and the character entered is not the system with the character of the key you pressed. requisite Regional Thus, when you enter these credentials in the PPBE, your settings for Chinese validation fails. (Taiwan). Workaround: 1. Access [Regional and Language Options] setting -- [Advanced] tag. 2. Change [Language for non-Unicode programs] to "English (United states)" 3. Reboot the machine. 7289 The PCMC does not If you select a user account for removal in an update grey out groups that profile, it is grayed out after saving and reopening the are marked for profile. But, if you select a group for removal, it is not removal. grayed out after saving and reopening the profile although all user accounts in the group are grayed out. The complete group is however grayed out when you choose ‘mark for removal’ before saving the profile, but not after it has been saved and reopened. 7192 Pointsec for PC field The Pointsec for PC authentication field in the Novell login in Novell login dialog dialog does not display Japanese even though Japanese does not display was chosen from the Pointsec for PC tray icon, and menus Japanese. and dialogs in Windows were set to display Japanese. 6919 No info in logs about After giving/receiving Remote Help, it is not possible to see what kind of Remote in the client log viewer or in the local logs what kind of Help is performed Remote Help that has been given. 6916 Central log contains The Central log contains entries called "Configuration strange entries setting changed". When examined, they contain the text "Unknown was set to [number]". Often several "Configuration setting changed" entries are logged in a row. 6912 Sony Vaio hangs Sony Vaio SZ1 may hang after logon in PPBE with USB after logon in PPBE smartcard reader SCR331 and RSA 5200. with certain USB smartcard readers.
26 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
6895 Black screen with After logon with a smart card account in PPBE on certain hanging cursor after machines, and a successful authentication, the screen may logon with SC in turn black with a hanging cursor. The same scenario PPBE on certain occurs after an upgrade or a new installation. machines Workaround: Disable the USB Legacy Support in BIOS. You will then avoid the black screen. Same issue occurs on a ”Fujitsu Siemens 7020” 6884 Invalid character If the log parser tool "pslogexp.exe" is used to export log using events as XML("/xml"), the output may be invalid if any PSLOGEXP.EXE event contains an XML Entity Reference (e.g. "&", "<" or ">"). 6872 The password It is possible to reduce the password length of a user length of a user account to a account can be length shorter than the length specified for the group to reduced to a which the length shorter user account belongs. than the length Scenario to reproduce the problem: specified for the 1. Create a new group and create a fixed password group to which account. the user account 2. Change the minimum length for the user account to be belongs. shorter than for the length specified for the group (if the minimum password length for the group is set to six, set the user account’s password minimum length to four). 3. Reboot and change the password in preboot. 6739 A profile installation A profile installation fails for Clients using Windows 2000 fails for clients when and Internet explorer 5.x. An installation error is logged with using Windows 2000 following text: "The profile could not be loaded". and Internet In a “pure” Windows 2000 SP4 (with Internet Explorer 5.x) Explorer 5.x. the required functionality for the installation is missing.
Workaround: install Internet Explorer 6.0 /6.0SP1 and the msxml3.msi (Sp5) package on the clients. The msxml3.msi package is available via www.microsoft.com. 6580 P4PC prevents The Sony VAIO has a removable Memory Card Adapter hibernation on (VGP-MCA20) for xD/SD/MMC compatible cards. This memory card adapter is interpreted as an HDD by the OS and P4PC. adapters. This will prevent the system from hibernating, since P4PC 6.1.3 does not support hibernation with multiple HDDs in the system. Note: The Sony VAIO also has some internal non- removable memory card readers that are interpreted as HDDs whether or not the actual memory card is inserted. If these are enabled, they could prevent hibernation as well. Workaround: To be able to hibernate the PC, either physically remove the card adapter from the PC or disable the device from within the OS. Also disable any other internal memory card readers that are interpreted as HDDs. 5604 Certificate view is Here is the scenario: not updated when 1. Install P4PC in VMware. running Pointsec for 2. Create a temporary smart-card user. PC (P4PC) in VMware and the 3. Disconnect the network cable from the computer (do not network is disable the network connection in VMware; rather unplug
27 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
unavailable. the physical cable). 4. Insert an Aladdin eToken 5. Reboot, and log on as the temporary user. 6. After logging on to Windows, the certificate selection window appears; but the eToken is not displayed in the list for selection. This behavior occurs very rarely. See “Error! Reference source not found.” on page Error! Bookmark not defined., above. 5482 Creating a new Note that if you create a new profile that has the same profile with the same name and type as an existing profile, the existing profile will name as an existing be overwritten by the newly created profile. profile overwrites the existing profile. 5473 Profiles without It is possible to create profiles that do not have profile names. names, even though creating such nameless profiles is not recommended. These profiles are listed under “Profiles” but the name field is empty, for example, the nameless “Install Silent” profile above the “install 1” profile shown here:
Nameless profiles can be selected, edited, etc. like any other profile. 5451 Problems unlocking If you use a smart card when using the recovery utility to the recovery file unlock a recovery file, the utility will try to use the smart when authenticating card used for the first user account authentication for the with a smart card. second user account authentication. As long as a smart card is in the reader, the utility will try to use that card for authentication. Workaround: Do the first authentication with a fixed password or dynamic password user account, and then do the second user account authentication with the smart card. Or remove the smart card before the second authentication window is displayed. 5066 When using 3DES, The following errors occurred: intermittent errors occur when Encrypting four or more volumes using 3DES often results encrypting four or in the problems described below. They have been more volumes on reproduced unpredictably on the PCs below, and the certain machines. outcome cannot be predicted.
HP D530c: Event A) Decryption doesn't start at all. Rebooting doesn't help.
28 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Event B) Hanging at the "Pointsec... Loading operating system..." screen after the first reboot following uninstallation using Add/remove programs.
Dell Precision 670: Event A) Decryption stops after four volumes. After a reboot, the machine hangs. After a second reboot, the PC could be accessed; but the decryption still does not start. Event B) After the first reboot following uninstallation using Add/remove programs, the machine hangs before the Windows logon dialog is displayed. This also occurs after a complete decryption. 4750 Abnormal keyboard Abnormal keyboard behavior on Dell 380 in PPBE. If you behavior on Dell press any of the arrow keys on the keyboard, there is a lag 380. of three key presses. Workaround: Press Ctrl-Alt-Del repeatedly until the machine reboots, or use the mouse to click in another field like the password field and then return to the first field, and then do not use the arrow keys when typing. 4983 Assertion error in An assertion error may occur during recovery on the Acer recovery on an Acer Ferrari laptop. Ferrari. Work around: Once the recovery program’s authentication dialog is displayed, wait approximately 5 seconds before starting to enter username. 2859 Removing Pointsec Removing using MSI for PC. In order for Pointsec for PC to be successfully removed from a user’s workstation, the logged on user account must be a member of the Administrators local group. If this is not the case, a number of erroneous dialog boxes will be displayed and the removal will fail. However, when a local administrator account is used to log on, the removal will continue and be successfully completed.
New in 6.1.3 The following new functionality and enhancements are included in Pointsec for PC 6.1.3: • Support for slave hard drives • New location for the local log file and for the recovery file From Pointsec for PC 6.1.3 onwards, the local log and recovery file are stored locally in the following directory: C:\Documents and Settings\All Users\Application Data\Pointsec. (The local log and recovery file are no longer stored in the Pointsec program directory.)
Changes and Corrections in 6.1.3 Hotfix 4 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 4: ID About Details
29 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
9322 A delay can occur After the "Initializing Pointsec for PC" bar has finished after the loading, a delay could occur during which only a black "Initializing screen is displayed. Pointsec for PC" This issue has been resolved by introducing “sign-of- progress bar has life” progress bars during the installation. completed. 9283 The Pointsec for The Pointsec for PC system file, Prot_ins.sys, was not PC system file, protected from deletion. A protection has now been Prot_ins.sys not introduced for new installations. protected from Note: Upgrading the system to 6.1.3 HF4 will require deletion. the protection to be manually inserted by adding Prot_ins.sys to “Lockfiles” in the Pointsec for PC registry.
9135 PSMAIN If the system was shut down during the second part of 0x50000c7e the installation a PSMAIN 0x50000c7e error could during installation occur. if installation was In this release Pointsec for PC will attempt to restart aborted. installation where it was interrupted.
Changes and Corrections in 6.1.3 Hotfix 3 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 3: ID About Details 9282 Inconsistent CRC Inconsistent internal Pointsec for PC error handling error generation can cause problems for the NTFS file system driver causes Windows and lead to Windows terminating with a system error. to terminate with a This problem has been resolved. system error. 9172 Windows A Pointsec for PC filter driver call fails and causes the terminates 0x00000024 system error. intermittently with This issue has been resolved. a 0x00000024 system error.
Changes and Corrections in 6.1.3 Hotfix 2 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 2: ID About Details
30 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
8492 Issues regarding The following two issues regarding alternative boot alternative boot media on Lenovo models T43 and T60 have been media on Lenovo corrected. models T43 and T60. 1) The boot process was extremely slow when booting from CD/DVD media via the Pointsec for PC alternative boot menu.
2) Access to encrypted volumes when booting via the alternative boot menu was not possible.
These issues have been resolved in this release. 8170 Parity Check error. Issues with Parity Check error messages on Lenovo models T43 and T60 during boot up have now been corrected.
Changes and Corrections in 6.1.3 Hotfix 1 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 1: ID About Details 8354 Upgrade of smart Upgrade of smart card driver does not work. The INF card driver does file is upgraded, but the driver files themselves are not work. not. This issue has been resolved in this release. 8350 Profiles mistakenly The profiles located in update folders are imported imported again even if they where imported before the upgrade. after upgrade to Workaround: Copy profile.dat and profile2.dat from 6.1.3. \Program Files\Pointsec\Pointsec for pc\ to Documents and setttings\All Users\Application Data\Pointsec\. This issue has been resolved in this release. 8347 UsersLocation The registry value UsersLocation that should point to registry value C:\documents and settings\All Users\Application shows a faulty Data\Pointsec mistakenly points to W:\Doc... or location. Z:\Doc...
This is related to external hard drives; the drive had this drive letter. This issue has been resolved in this release. 8331 USB hard drive During installation of Pointsec for PC, you can select (HDD) - Boot to install the program on your USB hard drive (HDD). record and system After rebooting, the system code is installed on the area are installed hard drive and a Pointsec for PC boot record is also on the USB HDD. put on the HDD.
This issue has been resolved in this release.
31 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
8308 Encryption starts If uninstallation was incomplete, and if the value without a recovery "Uninstall" is set to "1" in the Pointsec registry, file being created. encryption starts without a recovery file being created.
This issue has been resolved in this release. 8215 When booting with "Database corrupt" messages are issued when bootable booting with bootable media, and Windows terminates media,"Database with a system error. corrupt" messages This issue has been resolved in this release. are issued and Windows terminates with a system error. 8181 Reinstall fails with Inserting a bootable CD in the CD-ROM drive during PSMain error reinstallation causes the reinstall to fail. code. This issue has been resolved in this release.
Changes and Corrections in 6.1.3 The following items have been corrected in Pointsec for PC 6.1.3: ID About Details 7889 Computers without After installing Pointsec for PC and immediately after PCI BIOS the first reboot, computers without PCI BIOS functionality functionality terminate with a severe error. terminate with a Case ID: 10767. severe error. 7551 Obertur smart card Authentication using the ActivIdentity Oberthur malfunctions. CosmopolIC 32K V4 smart card. Case ID: 8935. 7481 Rebooting during If you reboot during encryption, the computer hangs at encryption causes the "Pointsec loading operating system" message. It the machine to can also occur when Pointsec for PC starts to encrypt hang. the second partition and you reboot. Case ID: 10409. 7446 A webRH update Adding an webRH update profile to a Windows profile disables Integrated Logon (WIL) enabled machine will disable Windows WIL. Integrated Logon. The following scenario produces the error: 1) Enable WIL. 2) Reboot and ensure that WIL works. 3) Import a webRH update profile. 4) When you reboot, you will have to enter credentials at PPBE. Case ID: 10054. 7430 Additional The following additional keyboard layouts are required Keyboard layouts in the Pointsec Preboot Enviroment (PPBE). required in PPBE. Swiss (French) and Swiss (German).
32 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Case ID: 10388. 7299 Incorrect version The version information displayed for Pointsec for PC information when using Add/Remove programs is incorrect. displayed for Case ID: 10065. Pointsec for PC when using Add/Remove programs. 7297 Uninstall settings The following scenario produces the error: for user accounts 1) Create an installation profile (in this case, a silent are not profile). recognized. 2) Create a group with Uninstall setting "Specified Value = -" and "Effective Value = NO". 3) Create three users in that group. Two with the Uninstall setting "Specified Value = YES" and "Effective Value = YES". The third should have the default setting. When you try to exit from the profile, you will receive the following warning: "Fewer than two user accounts have uninstall permission. Case ID: 9908." 7218 Error when When you right-click on a user account and select unlocking a user “lock/unlock account” in P4PC 6.1.1 Japanese account in PCMC console, an “Index was outside the bounds of the when using a array” error message is displayed. Japanese version Case ID: 9537. of Windows. 7210 Cannot define a It is not possible to prohibit PBE logon when still user account that allowing PCMC authentication. is prohibited from The following scenario produces the problem: logging on to PBE 1) Install Pointsec for PC 6.1.1. but is allowed to logon to PCMC. 2) Create user account X with the following permissions: - 'Logon Authorized' to 'No', - 'Management Console Logon' to 'Yes' 3) Reboot. 4) Authenticate in PBE with a Pointsec for PC user account that has the permissions to logon to Pointsec for PC. 5) Try to authenticate to PCMC with user X. 6) You will receive: "Invalid login". Case ID: 8488 7206 A specified second The following scenario produces the error: publish path is not 1) Create an isp profile with either Pointsec for PC used. 6.1.0 or 6.1.1. 2 ) Create two entries in the Publish path setting: The first one is remote and not accessible: (\\192.168.10.1\publish$)
33 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
The second one is accessible (C:\). 3) Now create a update profile that creates a Pointsec for PC user account. 4) Place the profile in the secondary path (C:\). 5) Reboot. Verification: check log entries, check PCMC: the profile is never published in the second directory. Case ID: 9607. 7201 Pointsec for PC The following scenario produces the error: version number is 1. Go to "Add or Remove programs" and locate the specified Pointsec for PC entry. incorrectly in the 2. Click: "Click here for support information." support information. The version number displayed is "6.0.1", but is should have been "6.1.0". Case ID: 10654. 7195 Enabling and The following scenario produces the error: disabling Wake on 1. Publish an UPP that enables (WOL) and set "n" LAN (WOL) using WOL starts (and specify all the other settings UPP profiles. necessary). 2. Use WOL for "x" boots. 3. Publish an UPP to disable WOL. 4. Publish an UPP exactly like the one in the first step. The result of this is that WOL is enabled, but WOL starts are still set to "n"-"x", not reset to "n". Case ID: 8502. 7188 Cannot choose The following scenario produces the error: AES when 1) Select Danish in regional settings in Windows. creating an install 2) Do a master installation with AES as the algorithm. profile. Use an open license when it comes to language (Operating System). 3) Select: create a installation profile. 4) Open "Choose encryption". 5) You cannot choose AES as algorithm in the drop down menu. Note: If you leave the setting as they are the installation profile will install with AES as algorithm. Case ID: 9550. 7145 Boot problem It's not possible to install on a system where the when a second second partition is set as active. partition is set as The following scenario produces the error: active – Error code: 0x50012b8. 1) Setup a partition layout with 2 XP partitions where the second partition is the active partition. 2) Choose to install Pointsec for PC from the first OS partition and to install on all partitions (Boot and encrypt). 3) Reboot.
34 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
4) The Pointsec for PC system code is installed on all partitions. 5) Authenticate to Pointsec for PC. 6) Choose to boot into the first OS partition (the partition from which the installation started). 7) When P95Tray.exe starts, the following dialog "Error code: 0x50012b8" is displayed. 8) Click OK, and you will get a Windows dialog saying that the P95Tray.exe will be shut down. 9) Reboot and you will get the same scenario again. Case ID: 8440. 7103 PCMC - The following scenario produces the error: Unhandled 1. Go to Local -> Edit settings: exception occurs. 2. Right click a setting under a user account, for example, Privileged Permissions and select "Name and Authentication". An "Unhandled exception..." occurs. Case ID: 9338. 7086 Invalid data error An "Invalid Data" error occurs when you change the after enabling hibernation setting in the management console Hibernation with (PCMC) and you use the Japanese menu. the Japanese language selected. The following scenario produces the error: 1. Right click the Pointsec for PC icon in the task tray, then select the Japanese language. 2. Open the Management Console. 3. Go to Local -> Edit Settings -> System Settings -> Other. 4. Double click "Allow Hibernation", select the checkbox (or clear it if it is selected already), then click OK. 5. Click OK to close Local. Then an "Invalid Data" error occurs. Case IDs: 9306, 6622. 7080 Novell - User ID After installing Pointsec for PC the UserID field shows displayed after the last username used after reboot. reboot. Case IDs: 9249, 6793. 7097 Novell - Offline Problem with the Novell client and the offline mode mode problems. feature: once it is turned on, you cannot turn it off. The following scenario produces the error: 1) Install Novell Client 4.91 SP2. 2) Install Pointsec for PC 6.1.1. 3) Reboot and make sure that normal Novell login process works. 4) Shutdown the machine and unplug the network cable.
35 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
5) Boot and NwClient is set to "Workstation only" (OK). 6) Reboot and connect the network cable again before Windows boots. 7) You will still have: "Workstation only" mode enabled. Case ID: 9247. 7065 Windows does not The problem occurs in the following configuration: load if partition 3 is 1. C drive (0:0) - Windows XP installed ACTIVE set to Active (Boot PARTITION. partition) 2. D drive (0:1) – User data drive. 3. E drive (0:2) - Recovery partition with Windows PE installed or Windows XP. Scenario 1. 1) Set the C volume to Active (Boot partition). 2) Boot the machine and authenticate in PPBA. 3) The machine starts and Windows loads. The following scenario produces the error: Scenario 2: 1) Set E volume to Active. 2) Boot the machine and authenticate in PPBA. 3) Get “Pointsec … Loading operating system” and the system hangs. Case ID: 9217. 7062 Windows freezes Windows freezes at windows loading screen. at the Windows According to the start log, it freezes at driver Mup.sys. splash screen Safe Mode start works without problems. The problem occurs only when using Checkpoint VPN client to connect to network. Case ID: 7117. 7044 On a Chinese On a Chinese Windows installation, you are unable to Windows insert the first part of the license code (the W60 part). installation, unable Only two characters fit in the text field. to input the license Case ID: 7585. code. 7038 Dynamic When adding x9.9 token, the user interface will not password - Next activate the Next button if all information is not button grayed out. entered in exactly the proper order. The following scenario produces the error: 1) Add a x9.9 token user 2) Enter the key information before the token id, select the token format etc, the next option will REMAIN grayed out Case ID: 9167. 7033 The "Set Minimum The function "Set Minimum Password Age" Password Age" malfunctions. function If you enable this function for a user account or group
36 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
malfunctions. (e.g. set it to 10 days), when this user account logs in one or more times, the user account can change the password each time. (The user account has "Change Password" permission set to "Yes", of course). Also if the setting "Set Maximum Age" is set for a user account that also has set "Set Minimum Password Age" to a "max" setting is lower then the "min" setting the user account can change the password when prompted (without having the "Change Password" permission set to "Yes"). Case ID: 10623. 7013 Automatic If you set your machine to hibernate automatically via hibernation at low the Power Options in Control Panel, when it battery level fails. hibernates the next boot will be a normal boot. Any data that was not saved will be lost. The following scenario produces the error: 1. Go to the Control Panel. 2. Open: Power Options. 3. Select the Alarm tab. 4. Select "Activate critical battery alarm when power level reaches". 5. Set the machine to hibernate at a certain battery level. 6. Ensure that "Hibernation" is selected as Alarm Action. Case IDs: 8946, 9033. 6999 CAC smart card Not possible to logon to PCMC with CAC smart card authentication to authentication. PCMC fails. Case ID: 8913. 6998 The Pointsec for The Pointsec screen saver is forced onto any system PC screen saver on which Pointsec for PC is installed. forced on Case ID: 8594. installation. 6886 User account is User account is locked even though the settings locked even related to account lockout have been set to “Disabled” though settings in local settings for the respective user and group related to account setting. lockout are set to The following scenario produces the error: “Disabled”. 1. Logon to the Management Console. 2. Under Local settings, disable Set Max Failed Logons, Set Logon Limit, Attempts Before Temporary Lockout and Temporary Lockout Time. 3. Confirm the Effective Values are “Disabled” as per step 2. 4. Logon to the Management Console using a valid user account but use the wrong password. Make 10 attempts and then restart the PC. 5. The user account (or sometimes the user accounts
37 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
in the group) are locked, with message: Invalid Logon - Your account is locked, too many failed Logon attempts.
The only way to unlock the account at this stage is to right-click the value and select Reset Value for the settings “Attempts Before Temporary Lockout” and “Temporary Lockout Time”. Workaround: Ensure that the values for Attempts Before Temporary Lockout and Temporary Lockout Time are reset to the default values rather than selecting “Disabled” for them. Case ID: 8539. 6972 Pointsec for PC Pointsec for PC will terminate abnormally if the installation fails if Symantec application restorebmr.exe is run prior to the Symantec the installation of Pointsec for PC. application Case ID: 8640. restorebmr.exe is run prior to the installation. 6850 Cannot uninstall if The following scenario produces the problem: the .REC-file is 1. Install PS 6.1.0 HF1, and add, for example, the unavailable. following path: \\path\path\rec to store recovery file. 2. Select at least one volume to encrypt. 3. Let machine encrypt 100%. 4. Change path to something that cannot be accessed, for example, \\path\path\rec_old. 5. Remove Pointsec for PC using Add/Remove Programs. 6. Reboot. 7. Wait for decryption to start. It does not start. 8. Change path to correct \\path\path\rec, and reboot. 9. Now decryption will start. Case ID: 8491. 6819 Only add one path Only add one path can be added at a time. at a time. The following scenario produces the problem: 1) Open the PCMC. 2) Go to Local and select: Edit settings. 3) Set one new recovery and a profile path. 4) Click OK. 5) Select: Edit Settings. 6 Only one of the paths added at step 3 has been created. Only one path can be added at a time, and the last one specified will be the one that is added when you click OK (Save the settings). Case IDs: 7624, 6569.
38 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
6815 Fatal error under The fatal error caused under a heavy load when PME, heavy load when Symantec Antivirus 10, and Pointsec for PC are all PME and installed on the same system has been resolved in Symantec this release. Antivirus 10 are installed on the same system together with Pointsec for PC. 6813 Logs duplicated in If you choose to change the computer name while you Windows Event have Pointsec 6.1 HF1 installed, you will get Viewer. duplicates of the logs that you had before you changed the computer name. The following scenario produces the problem: 1) Install Pointsec for PC 6.1 HF1. 2) Check the Windows Event Viewer log and the local Pointsec log, and you will see that there are just as many log entries (the local log will probably have one more log, log for the logon to the PCMC). 3) Reboot. 4 Change computer name. 5) Reboot. 6) Check the Windows Event Viewer and the local log and you will see that the Windows Event Viewer logs entries are twice as many. Case ID: 7622. 6793 Local Security Pointsec for PC causes local security settings to be Policy Setting not ignored when used with Novell. honored. Environment used in reproducing the problem: XP Sp2, Novell Client Version: 4.91 SP1, and Pointsec for PC Version: 6.1 HF1. The following scenario produces the problem: 1. Set up a Novell client. 2. Set the Local Security Policy Setting: [Do not display last username] to Enabled. 3. Novell will honor this setting and the last user name will not be displayed in Novell logon. 4. Install Pointsec for PC with the default setting (UpdateSSO=0). The modifications that Pointsec for PC makes to the Novell logon screen (Pointsec OCX) will cause the last user name to be displayed. Basically Pointsec for PC causes the local security setting to be ignored. Case ID: 8127 6738 No reboot after It is possible to make unlimited logon attempts in multiple failed PPBE if you use a user account that is not present in logons. the Pointsec user database. Case ID: 8356. 6732 Configuration Set The following scenario produces the problem:
39 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
lost in PCMC GUI. 1) Logon as a "full permission user" (sysadmin). 2) Create a Configuration Set. 3) Exit from the PCMC. 4) Log on as a user with “limited permissions”, that is, not “full permissions” (with the following permissions granted: Management Console Logon and Provide Remote Password Change). 5) Exit from the PCMC. 6) Log on as "full permission user" (sysadmin).
Configuration Set is now lost. Case ID: 7871. 6731 Accounts with Accounts with permission to access both the permission to Management Console and Local can change the access both the password for any account in certain places in the Management Management Console. Customers are therefore Console and Local advised not to configure user accounts that have can change the access to both the Management Console and to password for any Local. account. Case ID 8080. 6729 Recovery Media If a floppy is pre-formatted in Windows XP, the Content Differs. content differs from a medium that is formatted by the recovery program. At least the file Datahand.dbh is missing on the Windows XP pre-formatted medium. Case ID: 6270. 6666 Pointsec for PC Using a silent install profile, Pointsec for PC installs fails to uninstalled and encrypts. If you try to use the Windows via add/remove. “add/remove programs” to uninstall, the window loses focus; and you cannot enter the password of the authorized user account. The following scenario produces the problem: 1) Install Pointsec for PC using a silent install profile. 2) Let it encrypt fully. 3) Go to “Add / Remove programs” via the Control Panel. 4) Instead of entering the user account name, click in the password field. Case IDs: 7908, 8091, 9314, 9227. 6665 Authentication The following scenario produces the problem: hangs during 1. Install using a profile. uninstallation from 2. Let the system encrypt. Windows add/remove 3. Do Add/Remove. programs. 4. When the authentication window is displayed; either click on the password field or tab down, and the window will emit a sound and then hang. Case ID: 8018. 6664 Hibernation - When logging on with a dynamic token user while Dynamic token hibernated with fixed password user, the dynamic
40 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
user accounts token user account is corrupted. become corrupt. The following scenario produces the problem: 1. Power on the machine. 2. Login PBA/OS using a fixed password user account (username+password combination). 3. Do hibernation. 4. Power on the machine again. 5. In preboot authentication, try to log on using the dynamic token account and you'll be rejected because you need to log in using the fixed password account (used during step 2). 6. Again in preboot authentication, log on using the fixed password account (used during step 2), and log in the OS. 7. Reboot the machine. 8. In preboot authentication, if you try to log in using the dynamic token account from step 5, you'll have "Invalid logon". The dynamic token user account is no longer able to log on. Case ID: 5433, 6750. 6654 Datahand.dbh is When creating recovery media, (both floppy and USB) not created on the file "datahand.dbh" is not written to the media. Recovery media. Case IDs: 7831, (GER), 7894 (GER), 6801 (JP), 6270 (US), 6881 (JP), 9382 (US), EDS – 11046. 6633 PCMC - Invalid When using a Japanese OS, error messages are data error when produced when editing in Local -> System settings. using a Japanese The following scenario produces the problem: OS. 1 Open Management Console -> Local -> Edit Settings -> System Settings -> Install 2 Enter Set validation Password -> click OK 3 Click OK to close Local 4 "Invalid Data" error is displayed The same message is displayed when the editing upgrade and profile path. Case ID: 6622, 7404. 6629 Unhandled The following scenario produces the problem: exception when 1. Create user group - Users creating a 2. Create a temporary smart card user - Temp temporary user. 3. Go to Account Settings 4. Go to Logon 5. Change "Attempts before temporary lockout" 6. Click OK An unhandled exception causes an error message. Case ID: 7754. 6580 Pointsec for PC The Sony VAIO has a removable Memory Card prevents Adapter (VGP-MCA20) for xD/SD/MMC compatible hibernation on cards. This adapter is interpreted as an HDD by the 41 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
memory card OS and P4PC. This will prevent the system from adapters. hibernating, since P4PC 6.1.3 does not support hibernation with multiple HDDs in the system. Note: The Sony VAIO also has some internal non- removable memory card readers that are interpreted as HDDs whether or not the actual memory card is inserted. If these are enabled, they could prevent hibernation as well. Workaround: To be able to hibernate the PC, either physically remove the card adapter from the PC or disable the device from within the OS. Also disable any other internal memory card readers that are interpreted as HDDs. 6573 precheck.txt file is The following scenario produces the problem: not read when 1. Place the install package on a network drive. installing from a 2. Change something in precheck.txt (for example, network path. UpdateSSO=4). 3. Change permission on all install files in the Pointsec folder. Give "Full Access" to the user account you intend to use as the installer account. Remove all other user accounts in the permission list, including "Everyone". 4. Login with the user account that has Full Access to the files and click your way to the msi. Double click it to start the installation. 5. Check the registry after the installation. The precheck changes have not been made. Case IDs: 6223, 6912, 7208, 9292. 6517 Change of user The problem occurs in the following scenario: account name not 1. Create an interactive installation profile that is applied in an based on local settings. interactive profile. 2. Right click one of the users, and select “Name and Authentication”. 3. Under “Type of User” select “Install”, and Under “Install Interaction” select “Change Logon Name” and “Change Authentication Details”. 4. During installation, change both logon name and password. The new logon name is not applied, only the password change is applied. Workaround: Use a temporary user for installation instead and then make the changes. 6486 The OK button is When entering the Remote Help dialog in preboot active prior to the authentication, the OK button is active and can be completion of pressed even though the procedure is not yet Remote Help. finished. If pressed, an “invalid login” error message is displayed. Ok button should be inactive until final input is completed.
42 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Case ID: 5895. 6485 “Change Single Even though the "Change Single Sign-On" setting is Sign-On setting” set to No, the user can disable single sign-on in PBA, malfunctions. and the SSO chain will thereby be broken. Case ID: 7226. 6464 Unable to read In order to read encrypted data on the first volume of encrypted data on a hard disk drive, the following conditions must be hard drive via met: Pointsec - The first volume may not be hidden alternative boot - There may be only one volume menu (Ctrl + F10 or Ctrl + F9). - There may be only one hard drive. If the above conditions are not met, you will not be able to read the data via the alternative boot menu. 6421 Possibility of Note that if you attempt to install with a profile that problems when specifies only Volume 0 in “Select Volume Protection”, installing via and the machine on which this profile is meant to profiles on install Pointsec for PC has a hidden volume, the machines that installation will fail because Pointsec for PC always have hidden counts the hidden volume as Volume 0. So in this volumes. case, no code will be installed because the only volume specified is a hidden volume. 6406 Log entry of type If you start the PCMC, select Local, select Edit 1010 lacks Settings, and click OK without having made any meaningful text. changes in Edit Settings, two entries are written to the log file, each with type 1010. If you look at these entries under Log Entry Details, you will see that instead of meaningful text in the entry, one says “Unknown was set to 0” and the other says “Unknown was set to 60”. Case ID: 8653. 6378 Limitation when It is not possible to unregister all drivers that have unregistering previously been registered using pscontrol.exe. drivers with pscontrol.exe. 6362 After the first The following scenario causes the system to freeze: authentication 1. Install 6.0.1 HF2 with encryption. following 2. After the first authentication following installation, installation, stress the disk with defragmentation and file stressing the disk searches. causes the system to freeze. 3. The system freezes after a while, the problem is intermittent.
- Has been reproduced on HP dc5100. Case ID: 6126. 6319 Moving the mouse If you move the mouse during "Pointsec for PC ... during PPBE loading operating system ...", the following error produces: Error message is displayed "***** Internal CSDSES error *** code "***** Internal ". Pressing the Power button reset was required to get CSDSES error *** the system to boot properly. The problem was found on the Dell D410 and D610 machines.
43 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
" Case ID: 6765. 6311 Windows logon If you do the following: dialog fails after 1. Install Pointsec for PC selecting boot uninstalling protection only. Pointsec for PC. 2. Perform recovery on the system volume. 3. In Windows, run Add/remove Programs and uninstall Pointsec for PC. 4. Reboot the PC. The PC stops when it should display the Windows logon dialog, and the following message is displayed: “User interface failure: The logon user interface DLL pssogina.dll failed to load…”. Workaround: Boot into safe mode and manually set the registry setting: “GinaDLL” to msgina.dll. The path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Win dows NT\CurrentVersion\Winlogon. 6290 Preboot logon If you do the following: does not appear 1. Install Pointsec for PC and only boot protect after recovering a the system volume and fully protect (boot non-encrypted protection and encryption) a second volume. volume. 2. Recover the system volume. 3. Boot the PC. A fatal error (error code 5001344) occurs during the boot or shortly after Windows authentication. Note that the scenario above ignores the best practice, which is to perform recovery of all volumes; and, as a second choice, perform recovery starting with the last volume protected first. 6262 Known issues The RSA 5200 Smart Card is not detected in PPBE at using RSA all when the reader USB reflex v2 is used, with or together with without a hub. The same occurs if the reader USB Schlumberger. reflex v1 is being used. 6259 Two smart card Two smart-card user accounts cannot be assigned user accounts can the same certificate in the Pointsec for PC be assigned the Management Console. But two smart-card user same certificate. accounts can be associated with the same certificate when using a temporary user account or when selecting “Change Credentials” in the tray. However, an administrator should never assign the same certificate to two users. 6101 Help feature When using a question mark ("?") to get help during malfunctions in Create Recovery Disk, the following error message is “Create Recovery displayed: "Can not find the C:\Program Disk”. Files\Pointsec for PC\UserRec.HLP file. Do you want to try to find this file yourself" Case ID: 6323. 6093 Uninformative If you enter the wrong encryption key for a Pointsec message for PC IMP file, you receive the following displayed after uninformative error message: “Attempted to read or
44 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
entering the wrong write protected memory. encryption key for Case ID: 6220. a Pointsec for PC IMP file. 5943 Reaching the If you set logon limit to 5 and then perform 5 logon limit for a successful logons you will not be able to unlock this user account user any more. makes it impossible to 1) Set Logon Limit to 5 disable the logon limit for that 2) Reboot and do 5 logons (Account is account. locked/exceeded) 3) Enter PCMC and disable Logon limit 4) Reboot 5) You will not be able to logon with this account anyway.
Case ID: 5979. 5802 Hibernation - Not The result of the following scenario was that no user able to logon in at could logon to Pointsec for PC on this machine PBE (unless they used Remote Help or Recovery). 1. Enable hibernation via PCMC and on the machine through control panel. 2. Set the machine to hibernate. 3. Restart the machine. Fail logon as the user 3 to 5 times so account will lock. 4. Totally power off the machine and try to log on as any other user account, for example, as system admin etc. Pointsec for PC will not allow you to logon using any other account. Case ID: 5654. 5772 Importing tokens - If you import an IMP file containing 25 tokens, only 11 Not possible to are visible when trying to import them in PCMC. have more then 11 Case ID: 5585. tokens in IMP file. 5451 Problems If you use a smart card when using the recovery utility unlocking the to unlock a recovery file, the utility will try to use the recovery file when smart card used for the first user account authenticating with authentication for the second user account a smart card. authentication. As long as a smart card is in the reader, the utility will try to use that card for authentication. Workaround: Do the first authentication with a fixed password or dynamic password user account, and then do the second user account authentication with the smart card. Or remove the smart card before the second authentication window is displayed. 5254 EncryptionState The value of EncryptionState remains “1” in spite of remains “1” the fact that encryption has completed successfully.
45 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
despite successful After encryption completes successfully, the value encryption. should be set to “2”. The values that EncryptionState can have are: 0 = Unencrypted 1 = Encrypting 2 = Encryption completed That the value is never set to “2” is an error. Work around: examine the central log file or the local event viewer to check the status of the encryption. Case IDs: 4609 and 10000. 5251 Risk of exceeding When password synchronization is enabled, Pointsec “Set max failed for PC can generate spurious failed logon attempts logons” value when the user logs on to Windows. If the maximum specified in PCMC number of failed logons set in the PCMC under Local when using Æ Group Settings/Account Settings Æ Logon Æ “Set password max failed logons” is too low, the user account logging synchronization. on might be locked because this number has been exceeded by the generation of these spurious failed logon attempts. Workaround: Ensure that the value specified for “Set max failed logons” is large enough to compensate for the spurious logons that are generated. Case ID: 10340. 5246 eTokens are not Use of eTokens on the Hewlett Packard/Compaq Evo supported on the N800c is not supported. Hewlett Packard/Compaq Evo N800c. 5124 Problem viewing Currently the log files for the client PCs are stored the central log together with the recovery files. When you create a new set you specify a "Publish" path and a "Storage" path. A recovery path under Local/System Settings/Install/Set Recovery Path has also been specified. The log files are stored in this Recovery path, and erroneously do not appear in the set’s logs. To be able to view logs for the clients in a set, follow the work around below. Workaround: Set the “Storage Path” for the set to the same path as the Recovery Path set in: Local/System Settings/Install/Set Recovery Path. 4786 PIN dialog Occasionally when authenticating with a smart card, sometimes hidden the PIN dialog is hidden behind the Pointsec for PC by Extend Extend Authority dialog. Authority dialog. Work around: Use the mouse to move the “Extend Authority” dialog to that you can access the PIN dialog. Then enter the PIN. 4638 Possible Problems On certain PCs, you can experience problems if you When use USB devices at the same time as you use USB a
46 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Authenticating with smart card reader. Problems have occurred on the USB Smart Cards following machines: NEC VersaPro, Dell D600, IBM When USB A51, and Dell D370. There may be other machines on Devices Are Used which problems occur. for Recovery Work around: use a non-USB device for recovery if you authenticate using USB smart cards. Case ID: 6579.
New in 6.1.2 The following new functionality and enhancements are included in Pointsec for PC 6.1.2: • Enhanced support for smart cards. Aladdin eToken users! Before upgrading to Pointsec for PC 6.1.2, read the following document: Pointsec_for_PC_EW_6.1.2_Aladdin_eToken_B.pdf, which is on the product CD ROM.
Changes and Corrections in 6.1.2
ID About Details 7028 6972 Pointsec for PC Pointsec for PC will terminate abnormally if the installation fails if Symantec application restorebmr.exe is run prior to the the Symantec installation of Pointsec for PC. application This issue has been resolved in this release. restorebmr.exe is run prior to the installation 6815 Fatal error under The fatal error caused under a heavy load when heavy load when PME, Symantec Antivirus 10, and Pointsec for PC PME and are all installed on the same system has been Symantec resolved in this release.. Antivirus 10 are installed on the same system together with Pointsec for PC.
Changes and Corrections in 6.1.1 ID About Details 6792 The local logfile The local logfile grows too fast and becomes very grows too large. In cases where the logfile is delivered to a quickly. network share, there is a noticeable loss of performance. This issue has been resolved in this release. 6791 Identical log In random cases identical log events were created entries are in the central log file. created in the This issue has been resolved in this release. central log.
47 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 6780 Not possible to When attempting to open or export logs in PCMC view or export you get the following error message: "Failed to logs in PCMC. load resources from resource file. Please check your setup." This issue has been resolved in this release. 6767 Unable to The problem occurs in the following scenario: remove a newly - Install PS4PC 6.1 HF1 with one temporary user created in a Users group Temporary user - Logon as the temporary user and rename the account and account attempts to remove this - Apply an update profile based on the original account result in installation profile that includes the Users group the removal of and the temporary user. the user account - The Users group now has two accounts. The created from the user that was created from the original temporary temporary user account and the newly added temporary account. account. - With management console attempt to remove the newly added temporary account. Nothing happens; it can’t be removed. - With an update profile attempt to remove the newly added temporary account. The user that was created from the original temporary account is removed and not the temporary account. This issue has been resolved in this release. 6655 CentralLog.exe The message “CentralLog.exe has encountered a Error on problem and needs to close” is displayed on Upgrade. several systems after upgrade from 6.0.1 to 6.1. This issue has been resolved in this release. 6626 Database corrupt The database can become corrupt when – Database can petoken.bin is used. Scenario: become corrupt 1. Add petoken.bin to precheck.txt. when Smart Card 2. Install with installation profile. is used. 3. Encrypt volumes. 4. Reboot and press CTRL-ALT-DEL during PBA. 5. Shut machine down using power button. 6. Start machine up using power button. 7. Authenticate and boot machine up. If you repeat this procedure, you will eventually receive the message “Database corrupt. PsMain: 51cc”. This issue has been resolved in this release. 6622 PCMC – Error Error message “Index was outside the bounds of message in “Edit the array.” appears when the following setting is settings” in accessed in P4PC MC: Japanese Group > System > UserID > System > Account > language. Permission This issue has been resolved in this release.
48 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 6575 Index outside To reproduce (Found only in German & Slovakian bounds of array languages): in MC. 1. Open MC. 2. Go Local. 3. Create new group. 4. Open new group. 5. Open “Permission” folder of that group. This issue has been resolved in this release. 6574 Keyboard If your keyboard does not respond after Pointsec unresponsive preboot authentication and before Windows during Windows startup, disable Pointsec PBA mouse support. startup. This issue has been resolved in this release. 6571 Profile paths not The following scenario will reproduce this saved correctly. problem: 1. Create a silent install profile. 2. Specify one path for all three settings (Recovery, Update and Upgrade). 3. Complete the profile and save it – you are now back at the PCMC main display. Note: Issue has also been reproduced when only saving the profile “half- completed”. 4. Open the profile again to either verify settings or continue creating the profile. The search paths, as specified in Step 2 above, were not saved correctly. In tests performed to date, one of three paths is correctly saved. Notes: • If the procedure is repeated a second time (correct paths and the profile saved), two of three paths will be saved correctly. • If the procedure is repeated a third time (correct paths and the profile saved), all three paths will be saved correctly and the profile paths will be as they should. This issue has been resolved in this release. 6545 Characters < > & The characters for greater than (<), less than (>), not allowed in and the ampersand (&) may not be used in user user account or account names. group names In Pointsec for PC 6.1.1 you are able to use < > & in usernames and in group names, so this issue has been resolved in this release.. 6531 Unable to view If Autologon is used and then disabled, you will logs after be unable to view the logs after reboot. The disabling scenario is as follows: Autologon. 1. Start PC with Autologon.
49 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details 2. Disable Autologon. 3. Accept the user account being removed when queried. 4. Reboot and log on manually. 5. Try to view the local log or logfile using PCMC or pslogexp. Note: This problem does NOT occur with normal user accounts or when a Wake-on-LAN-enabled user account is disabled because of a manual logon to PCMC. This issue has been resolved in this release. 6469 The crerec This issue has been resolved in this release. process starts every two seconds after an update profile is imported into the work directory. 6446 Sony VAIO SZ1 The Sony VAIO SZ1 hangs after preboot hangs after authentication. The PC boots to the Windows safe preboot mode menu, where it hangs. When the menu authentication. times out, nothing happens, and you are not able to choose any of the safe mode boot options. Workaround: Disable mouse support through the double-shift menu, and you will be able to boot into Windows. Alternatively, unplug any external USB mouse. This issue has been resolved in this release. 6440 Problems Immediately after preboot authentication, an NEC experienced after VersaPro VJ17F/RF-U can shut down with a fatal preboot error when USB hardware device support is authentication enabled. Removing and/or disabling the mouse when USB does not solve this problem. hardware device Workaround: Restart the machine, and, prior to support is preboot, use the double-shift menu to disable enabled on an USB hardware support. NEC VersaPro This issue has been resolved in this release. VJ17F/RF-U. 5989 PPBE – not able On some machines with USB Smart Card enabled, to use USB it is not possible to use USB keyboard or mouse keyboard/mouse. in Pointsec PBE. This issue has been resolved in this release. 5730 No Help on Help The Help option has been removed from the menu toolbar. bar in PCMC. This issue has been resolved in this release. 5226 eToken driver Installing the eToken driver inhibits the inhibits the functioning of all other smart card drivers and functioning of all smart card reader drivers. other installed Work around: Uninstall the eToken drivers to be smart card
50 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details drivers and able to use any of the other installed drivers. smart card This issue has been resolved reader drivers. 5232 Keyboard locks If you use a USB mouse on a Hewlett on a Hewlett Packard/Compaq Evo N800c PC, moving the Packard/Compaq mouse in the preboot logon dialog will lock the Evo N800c PC keyboard. when using a Workaround: Disable mouse support in the EXC USB mouse. menu. This issue has been resolved in this release. 4471 Aladdin eTokens. When registering an eToken, and selecting a and certificate, select “eToken user” under “Issued 4472 to”. Do not select anything under “Issued to” whose location is “Personal store”.
Changes and Corrections in 6.1.0 ID About Details 5678 Authenticate to Authenticate to PCMC with a nonexistent user PCMC account may crash the PC with a blue screen. This issue has been resolved. 5601 Behavior of the In preboot, the “Allow Embedded Space “Allow Characters” setting takes on the opposite value Embedded Space from that set in PCMC. So if “Allow Embedded Characters” Space Characters” is enabled in the PCMC, setting in embedded space characters are not allowed in preboot. passwords in preboot; if “Allow Embedded Space Characters” is disabled in the PCMC, embedded space characters are allowed in passwords in preboot. The “Allow Embedded Space Characters” setting is found under Group/Account Settings Æ Authentication Settings Æ Fixed Password. This issue has been resolved. 5596 Log entries in Events logged in Windows, PCMC events, are Windows (PCMC) time stamped with Greenwich Mean Time (GMT) are time stamped regardless of which time zone you are in. with GMT time. However, events from preboot are stamped with the BIOS date and time, which is usually the local time. This issue has been resolved. 5520 In certain cases, If you select “User Accounts” in the folder tree a mixed case under Local, the existing user accounts are password is displayed in the right-hand pane of the Local required for window. If you right click a user account in that authentication. pane and select “Name and Authentication” to change the password of that user account, you must enter a password that contains both upper- and lower-case letters for the password to be accepted. If you enter a password that contains
51 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details only upper or only lower case letters, the “Invalid Password” text will always be displayed, and you will not be able to select “Next”. This issue has been resolved. 5468 Must specify When you create an installation profile that is which volumes based on local settings, you must specify which to protect when volumes you want to be protected. If you do not using an specify which volumes are to be protected, the installation installation will fail. profile based on This issue has been resolved. local settings. 5457 Limitations in PME 2.3.x must be installed before Pointsec for Pointsec for PC’s PC is installed. If you attempt to install PME after interoperability Pointsec for PC has been installed, the with earlier installation of PME will fail. versions of PME. This issue has been resolved. 5448 Need to disable To disable the “Allow Special Characters” setting “Allow Special for an existing user account, this setting must be Characters” disabled for the Group the existing user account setting for Group belongs to. Disabling the “Allow Special in order to Characters” setting for individual existing user disable “Allow accounts at the User Account level currently does Special not work; it must be disabled at the Group level. Characters” for This issue has been resolved. existing user accounts. 5396 Limitation when When uninstalling Pointsec for PC using using Windows Add/Remove Programs, authentication Add/Remove of the second user account required for installing Programs to fails if the user account verifies using a dynamic remove Pointsec token. for PC and Work around: Use PCMC to redefine the second authenticating user account as a fixed password account and with a dynamic then proceed to uninstall using Add/Remove token. Programs Another solution is to uninstall using an uninstall profile that contains two dynamic token user accounts. This issue has been resolved. 5386 Autologon can On a machine with autologon enabled, each be inadvertently successful logon to the PCMC disables autologon disabled. on that machine. Workaround: While in PCMC, go to Local, select “Edit Settings” (make sure autologon is in fact enabled) and click OK. Autologon will then be re- enabled. But if someone logs on after setting Autologon to enabled, autologon will again be disabled; and then the setting must be enabled again. This issue has been resolved. 5254 EncryptionState The value of EncryptionState remains “1” in spite remains “1” of the fact that encryption has completed
52 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details despite successfully. After encryption completes successful successfully, the value should be set to “2”. The encryption. values that EncryptionState can have are: 0 = Unencrypted 1 = Encrypting 2 = Encryption completed That the value is never set to “2” is an error. Work around: examine the central log file or the local event viewer to check the status of the encryption. This issue has been resolved. 4978 Fatal error A fatal error occurs after recovery when screen occurs during saver is activated in Windows. recovery when Removal through Add/Remove programs should screen saver is be performed after deactivating the screen saver activated. or before the screensaver activates. This issue has been resolved. 4859 Copy/paste does Pasting via mouse and keyboard is not currently not work when supported in password fields. creating a new This issue has been resolved. account 4835 Not possible to Release 6.0.1 of Pointsec for PC does not support use remote help the use of remote help when uninstalling via when adding/remove programs. uninstalling via This issue has been resolved. adding/remove programs. 4687 Windows icon Pointsec for PC does not set an icon for profiles assigned to when they are viewed in a file explorer. Note, silent installation however, that if you view your profiles in profiles in Windows Explorer, Windows assigns silent Windows installation profiles the icon and file type for Explorer. Internet Communication Settings. Interactive installation profiles, update profiles, and uninstall profiles are not assigned this icon and file type. This issue has been resolved. 4683 No warning when When you are creating a profile and you specify folders are not the Storage path and the Publish paths that do created. not exist on the client, no warning is given that these folders are not created. This issue has been resolved. 4420 Limitation to The logs in Pointsec are transferred to the disabling log windows Event viewer, but the possibility to transfer. disable the log transfer (by choosing 0 in the precheck.txt) before installing PS malfunctions. This issue has been resolved. 4316 Difficulties It can be difficult to identify volumes when you recovering run the Recovery program because the volumes selected volumes are called, for example,
53 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details when running the "VOL_E034D92369D9F2FE". Recovery Work around: recover all volumes rather than program selected volumes. This issue has been resolved. 4294 Unable to change Minor malfunctioning in OEMVar feature. banner in Installshield 1) Create the "OEMVar" folder in the root of the dialogs PS installation folder. Replace "Banner.bmp", "Lic_oem.rtf" and "Ssbg.bmp". 2) Add the files "Banner.jpg", "Desktop.jpg" and "Scrsvr.jpg" to the root of the PS installation folder. 3) Install PS.
The first dialogs of the installation are shown correctly; in this case the banner and the license agreement are replaced by the customized ones. But the original Pointsec banner is redisplayed in the last MSI-installation dialog window. This issue has been resolved.
New in 6.1.0 The following new functionality and enhancements are included in Pointsec for PC 6.1.0: • Enhanced PPBE hardware interface, which now supports OHCI for MFAE Readers. • Support for multiple hard disks. • A new type of user account has been added, the Service user account. Service user accounts must use Remote Help to gain access to the system the first time. After access is granted via Remote Help, the service user can reboot the system and log on without requiring Remote Help. When another user logs on, the service user account is locked, and the service user will need Remote Help to log on again. • A new log export utility pslogexp.exe is now available. • Context-sensitive print functionality for PCMC tree node. This allows a user to right click a node and print the information in that node and the sub-nodes under that node. Clicking Print will print all nodes and sub-nodes and their information. • Under Local, the Pointsec for PC Management Console (PCMC) provides dynamic status and configuration information, which includes: the encryption status by drive and volume, the user status of local users (Locked Out / OK, Last Successful Authentication, Last Failed Authentication, User Type, and Limited Logon Time status: OFF / ON & Time), Wake On LAN (WOL) status, last configuration update, last Update Profile processed, last recovery file created, last successful delivery of a recovery file, last update of the log file, and the last successful delivery of the log file. • Pointsec for PC Preboot Environment now provides the ability for loadable modules using USB bus interface to access their readers. This ability ensures the interoperability with UHCI and OHCI controllers on the range of commercially available PC Class hardware. • Users can now change credentials (password, dynamic token, and smart card) in the Pointsec tray applet.
54 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• Extensive log export functionality that enables log content to be exported in the following formats that support import into other management and data systems: Comma Separated Values (CSV), Tab Separated Values (TSV or TXT), or XML. This includes logs from Local Settings, or from a configuration set. Export can be done on the basis of selectable criteria. • The Pointsec for PC installation program installs Pointsec Token Drivers and Reader Drivers in the target Pointsec for PC machine. • User accounts can be locked in Local settings and profiles via the PCMC. • User-account information is displayed by selecting the user account icon in the tree. • Support for Novell Netware single sign on. • Support for Novell Netware password synchronization. • A new user account setting: minimum password age. If set, minimum password age specifies the minimum number of days the password must exist before being changed. • Multi-step authentication for the unlocking of recovery files. This enables the different administrators to be in different locations and still unlock a recovery file. • After each boot operation Pointsec for PC provides a dump of important information about the Pointsec for PC installation and status to the Pointsec for PC log. This information is useful to support organizations that want detailed system status data without direct access to the device but with updated log files available. The information dump includes the following items: software version, host ID (computer ID), volume status (encrypt/decrypt state), groups, and users with respect to their groups, including user status (for example, LOCKED, EXPIRED, TempUser). • Improved log entries, for example, encrypt/decrypt processes are logged including drive, volume, and encryption/decryption status. • Pointsec for PC log entries include information about changes to the configuration and changes to local settings and to profiles. The information indicates what was changed and who changed it. • Pointsec for PC log now includes information regarding the execution, and success or failure, of the update profile execution operations that have been performed. • Pointsec for PC log includes information about Remote Help operations indicating what was done and who executed it. Each entry combination has its own Log Entry ID to differentiate between the type of Remote Help provided (One-Time Logon or Remote Password Change) and its success or failure. • Pointsec for PC log includes information regarding the execution and success or failure of upgrade operations performed. • Pointsec for PC log includes information regarding the execution and success or failure of update operations that have been performed. • Pointsec branding is retained (with an “Encrypted by Pointsec” icon) in OEMVAR and customer configuration. • Pointsec for PC Remote Help now supports alphanumeric challenge and response.
Changes and Corrections in 6.0.1 ID About Details 5167 Permissions To create the recovery floppy disk, users must have both required "Create recovery media" and "uninstall" permissions. when creating recovery floppy disk 5115 “Full The following is the scenario: an uninstall profile is Control” deployed to a client PC to uninstall Pointsec for PC 6.0
55 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details required EW. The user is logged on in Windows (on the client) as a when Windows Restricted User. The uninstall profile is pulled uninstalling as it should be, and the user receives the "standard" as a message that the PC has been decrypted and a reboot is Windows required to continue the uninstallation. The PC is Restricted rebooted and, immediately after logging on to Windows User again, the following error message is issued: “Assertion account. “len” failed:…” A few seconds after clicking "OK" a fatal error occurs. Work around: Before uninstallation, give the Windows Restricted User account "Full control" to the following Windows registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Note that running the Pointsec Service Start as a local administrator will not solve the problem. 5089 Wake on Wake on LAN is enabled as long as the maximum LAN not number of logons or the expiration date has not been disabled reached. following manual logon.
New in 6.0.1 • Improved localization: translations into more than 20 languages are available in this release, and keyboard layout switching allows a larger range of characters to be input during pre-boot authentication. • The Pointsec multi-factor authentication engine enables pre-boot authentication via smart cards and USB tokens. • General availability of hibernation for all supported operating systems and hard disk types. • A new user account architecture. Accounts are organized into groups that can be managed freely by administrators. Pointsec for PC ensures that an individual user account setting does not violate the security policies mandated by the group that it belongs to. • A new PC Management Console (PCMC) for configuration and administration tasks. This console provides a structured view of the configuration in an interface that is consistent with the Microsoft Management Console look and feel. The new solution is expected to significantly reduce the learning time for administrators who are accustomed to the Microsoft management model. • A 32-bit pre-boot environment. The move to a 32-bit environment facilitates mouse support, high-fidelity graphics, support for multiple display and input languages, and the multi-factor authentication engine described above. • Support for Unicode characters in user account names and passwords.
Changes and Corrections in 6.0.0 ID About Details 5177 Users User accounts without the P4PC 6.0 EW privileged without permission "Remove User Accounts" are allowed to proper remove user accounts. This occurs if you set this permission permission on group or user level in PCMC. can remove user
56 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details accounts. 5167 Permissions To create the recovery floppy disk, users must have both required "Create recovery media" and "uninstall" permissions. when creating recovery floppy disk 5115 “Full The following is the problem scenario: an uninstall Control” profile is deployed to a client PC to uninstall Pointsec for required PC 6.0 EW. The user is logged on in Windows (on the when client) as a Windows Restricted User. The uninstall uninstalling profile is pulled as it should be, and the user receives the as a "standard" message that the PC has been decrypted and Windows a reboot is required to continue the uninstallation. The Restricted PC is rebooted and, immediately after logging on to User Windows again, the following error message is issued: account. “Assertion “len” failed:…” A few seconds after clicking "OK" a fatal error occurs. Work around: Before uninstallation, give the Windows Restricted User account "Full control" to the following Windows registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Note that running the Pointsec Service Start as a local administrator will not solve the problem. 5094 Pointsec Driver errors are listed in the Event viewer. The errors driver errors come in pairs in the log. These log events are normal, but formatted they are formatted incorrectly. incorrectly in Event viewer 5089 Wake on Wake on LAN is enabled as long as the maximum LAN not number of logons or the expiration date has not been disabled reached. following manual logon. 4978 Fatal error A fatal error occurs after recovery when screen saver is occurs activated in Windows. during Removal through Add/Remove programs should be recovery performed after deactivating the screen saver or before when screen the screensaver activates. saver is activated. 4316 Difficulties It can be difficult to identify volumes when you run the and recovering Recovery program because the volumes are called, for 4298 selected example, "VOL_E034D92369D9F2FE". Similarly, if you volumes lose mouse functionality when running the recovery when program individual volumes cannot be selected. running the Work around: recover all volumes rather than selected Recovery volumes.
57 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details program
New in 6.0.0 • A new PC Management Console (PCMC) for configuration and administration tasks. This console not only looks fresher than our existing console, it is organized around the Microsoft Management Console look and feel so any administrator who is used to operating in a Microsoft admin environment will be able to quickly get up the learning curve on Pointsec. • An advanced pre-boot graphics environment. Significant improvements have been made here in the form of mouse support, improved graphics that you will see in startup and login screens, and multi-language support that streamlines our ability to localize the product for different countries around the world. The product will support many more languages out-of-the-box. • Support for Unicode characters in user account names and passwords. Characters on Pointsec for PC-supported keyboard layouts broaden the range of characters that can be used in user account names and passwords. See the Administrator’s Guide for details on the keyboards (locale codes) that are supported.
Pointsec for PC 5
Changes and Corrections in 5.2.2 ID About Details 4900 Support Earlier versions of Pointsec 5.2 froze while loading encryption of Windows XP if AHCI was enabled in the BIOS AHCI-enabled settings on AHCI-enabled systems that have SATA SATA hard drive hard drives. This issue has been resolved. systems. Note: Pointsec still does not support hibernation on AHCI-enabled systems. If AHCI is detected in the registry, Pointsec disables hibernation. To force the system to hibernate anyway you can set the following registry key=HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec\ForceHiber=1
4902 Earlier versions This issue has been resolved. of Pointsec could crash during hibernation. 4903 The 5.2 version This issue has been resolved. of Pointsec could issue a general protection fault if you pressed ctrl-alt-del while in the preboot logon environment. 4904 The 5.2 version This issue has been resolved. of Pointsec
58 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details could hang during a chkdsk /r. 4905 Erroneous This issue has been resolved. preboot text in Spanish translation corrected.
Changes and Corrections in 5.2. ID About Details 3323 Removing with an Previously, when removing Pointsec for PC uninstall profile using an uninstall profile, the administrator had to ensure that the profile was only distributed to workstations that were running the version he or she wanted to remove. Otherwise, the uninstall profile may have removed the wrong version. This issue has been resolved. 3252 Failed system In the case where the system was installed with launch on systems multiple partitions/volumes and the hidden with multiple system support partition was the first partitions / volumes partition/volume, the failure to encrypt/boot- and first partition is protected all un-hidden volumes could hidden system previously result in a failed system launch. support partition / This issue has been resolved. volume 2261 Graphics problem During a Remote Help procedure, at the when providing Verifying Integrity stage, the computer screen Remote Help. may appear to cease functioning. This issue has been resolved. 1764 Updating Software When updating from previous releases of – Smart Card User Pointsec for PC, smart card users are not be Accounts able to log-in because their smart cards need to be reinitiated. This issue has been resolved. 1762 Log Can Cause a The internal log function, under certain Computer to circumstances, may cause the PC to become Become Unstable unstable and return: KMODE_EXCEPTION_NOT _HANDLED. This issue has been resolved. 1758 Authentication/User When Single Sign-On (SSO) is temporarily Identification disabled in Pre-Boot Authentication login mode, the first authentication attempt will fail when being authenticated using a Pointsec for PC user account with a dynamic password. This issue has been resolved. 1740 Open Log button Given that all users have Open Log privileges, not available (on the Privileges-tab under System Settings) -
59 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
ID About Details when users and administrators with limited authority log on, the Open Log button is not available, nor is it available from the drop down menu. This issue has been resolved.
Changes and Corrections in 5.1.3 ID About Details N/A Installing EPSL The problem installing EPSL versions with AES versions has been corrected. 3591 Issue with local Previously, local user accounts needed local 3639 user accounts. system administrator permissions for an update profile to be correctly deployed. This has been corrected. Note When adding Pointsec user accounts using an update profile you must set a password for each account included in the profile. Only accounts with passwords will be added.
Changes and Corrections in 5.1.2 ID About Details 3591 Issue with local Local user accounts needed local system user accounts. administrator permissions for an update profile to be correctly deployed. This has been corrected. Note When adding Pointsec user accounts using an update profile you must set a password for each account included in the profile. Only accounts with passwords will be added.
New in 5.1.1 Alternative media for Pointsec for PC recovery – Recovery operations using CD-ROM, USB memory, or floppy disks. The following machine types have successfully booted from USB recovery disks: • IBM T42 • IBM T42 (Fingerprint reader) • Dell Latitude D400 • Dell Latitude D505 • Dell 370 • HP/Compaq D230MT • HP/Compaq Nx7010 Other machines may also work. The following machines have failed to boot from USB recovery disks: • Acer Ferrari 3200 • IBM T20 • IBM T21
60 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• Interaq ( • HP/Compaq Deskpro workstation D30 • HP/Compaq 1015v • HP/Compaq Armada M700 • HP/Compaq dx2000M • HP/Compaq Deskpro EP Support IBM Rescue & Recovery Ultra (RRU) installation on client system Pointsec installer support “Re-Installation” operation to existing system where C:\ (Root) volume was re-imaged, but other volumes with encrypted data exist, without loss of the existing encrypted volumes. Provided that the installation profile used has same (most) users configured with same credentials. Implementation of “RecoverServiceUser” concept Users with “RecoverServiceUser” suffix in user name are added to recovery media, even if the account is locked. Support for additional characters (symbols) in Pointsec user name Pointsec Username now supports the following characters: “-“ [dash], “_” [underscore], “@” [at symbol], “ ” [space], and “.” [period] characters.
Changes and Corrections in 5.1.1 ID About Details N/A EPSL The EPSL installation problem has been installation corrected. N/A OEM support OEMVAR feature is completed N/A Incompatibility Fixed hardware incompatibility with HP-Compaq D51S, HP-Compaq nx9110 and Dell Insprion 8000. 2785 IBM MBR A previous issue has been fixed.
Changes and Corrections in 5.1 ID About Details N/A Operating This release is only supported on workstations systems running Windows 2000 or Windows XP (SP1 and supported SP2). 2893 Problems These issues have been corrected. upgrading EPL installations 2873 No Pointsec for Pointsec for PC is now listed in the Add/Remove PC entry in Programs list. Windows Add/Remove Programs 2272 Problem when There was a possible problem due to importing a incompatibility when importing a profile. This profile. problem has been solved. 2253, Problems when These problems were related to one specific 2254 booting with workstation and were never reproduced on any USB memory other workstation. sticks inserted. These issues are now considered closed.
61 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
New in 5.0
• Support for multi-processor and hyper-threading systems • Microsoft Installer (MSI) based installation package • Upgrade support for previous versions of Pointsec for PC 4.1 and 4.2 • Single product for all encryption methods supported, instead of two separate product versions • Improved Pre-Boot Authentication memory handling for better hardware support and future enhancement • Support for IBM Rescue & Recovery Master Boot Record (MBR), delivered with all IBM systems as of this year • Improved password synchronization operation
Changes and Corrections in 5.0 • Serial numbers – a company can update Pointsec for PC to this release using their old 4.X serial number.
62 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Pointsec for PC 4.1 Releases
Changes and Corrections in 4.1 SR 2.19.1 • The Administrator’s Guide no longer contains documentation regarding removing Pointsec for PC manually. This documentation is available internally now. Contact the documentation department for more information. • How Pointsec for PC handled the last user login in the WOL state was fixed. • The problem with view log privileges was fixed. • An issue when updating software from 4.2 SR 1.8 was resolved. • It became possible to add up to four search paths to the recovery folders in installation profiles. • Users with normal PowerUser access rights in Windows are now able to get update profiles. • The Password tab is no longer missing from the Add User dialog box in Pointsec Admin. • An issue with SSO was fixed and SSO now cleans up entirely after execution. • WOL now works correctly when search path and “allow windows login” are set.
Changes and Corrections in 4.1 SR 2.19 Using periods/full stops in user and group account names became possible in this release.
Changes and Corrections in 4.1 SR 2.18 • Issue with USB memory – The issue with USB memory was corrected. • Pointsec Admin – A problem, which occurred when starting Pointsec Admin, was solved. • A compatibility issue with profiles created in the previous 3 service releases was resolved. • Suspected h/w incompatibility with IBM R31 was a BIOS problem. Ensure you have the latest BIOS available installed. • Remote Help – A problem if incorrectly entering a user name was solved. • Installing on local drive Z is now possible. • Pointsec for PC Icons in Taskbar – the issue has been corrected. • Single Sign-On An issue with changing passwords was corrected. Members of a Novell or Microsoft network with Pointsec for PC Single Sign-On no longer have to log-in to both accounts twice before SSO becomes fully functional. Changing screen resolution no longer disables SSO. • Update Profiles Update profiles now import correctly via Pointsec for PC when Pointsec for PC is installed on a Windows 2000 computer that does not have the drive letters labeled in alphabetical order. Computers that have a zip drive with disk ID 0 now import profiles correctly. • Enhanced software update Software update performance has been enhanced and updates now complete faster.
63 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections in 4.1 SR 2.17b • The language loading issue with Pssogina.dll solved. • The problem with install.exe was corrected. Note, this fix is not supported on systems running Windows 9x.
New Functionality in 4.1 SR 2.17 • New temporary lockout settings • New SSO setting
Changes and Corrections in 4.1 SR 2.17 • Viewing and size of central log files Only logs from the same installation are listed. 30,000 byte limit removed. The memory needed is allocated.
New Functionality in 4.1 SR 2.16 • New Pointsec Service • Synchronizing Windows and Pointsec Passwords • Integration of Pointsec File Encryption and Pointsec for PC
Changes and Corrections in 4.1 SR 2.16FT • WOL User Locked-out You cannot extend authority after a WakeOnLAN start without being locked out after a short period. This is now documented as a condition of using WOL functionality. • Remote Help Compatibility issues in Remote Help are now handled.
New Functionality in 4.1 SR 2.15 • New WOL Setting A new WOL setting, Allow Windows logon, has been added. See the Administrator’s Guide for more information. • Smart Card Authentication Supports Domain Authentication (ID 738) Re-authenticating to Windows (with password) in lock screen is now possible for smart card users.
Changes and Corrections in 4.1 SR 2.15 • Updating Serial Numbers Using Profiles (ID 736) Previous possible problems updating serial numbers using profiles have been corrected. • Keyboard Handling (IDs 472, 740) Keyboard issues have been fixed. • Tracking Install.exe (ID 734) You can now review the install.exe process to see when the installation is finished (e.g. silent install to track when a reboot is needed). • Installing with Slovakian License Number (ID 735) Previous problems when installing with a Slovakian license number have been resolved. • Log Problem Solved (ID 739) A problem associated with the length of lines in the log has been resolved.
64 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
New Functionality in 4.1 SR 2.14 • Converting webRH Profiles for Use at EPL Installations • Stricter Control over Change System Settings Authority
Changes and Corrections in 4.1 SR 2.14 • Starting an Approved Software Update In some cases, when updating from 4.2 SR 1.3, approved software updates did not always start to run because of settings in the user policy. This has now been corrected. • Navigating in the Uninstall Dialog Box Previously, it was not possible to use the mouse to navigate in Uninstall dialog box fields. This has been corrected. • Unlocking Screensaver as System Administrator Windows 98 – Previously, it was not possible to unlock a screensaver as system administrator even if that option had been set. This has been corrected. • User Password Requirement and Profiles Previously, it was not possible to create a profile when logged on using a user account that had the password requirement ‘Upper and lower case’. This has been corrected.
Changes and Corrections Made in Release 4.1 SR 2.1 • SSO and Forced Password Change Previously, when NT forced a change of password, Single Sign On (SSO) did not work again until after you deselected the SSO option, rebooted, selected SSO and then rebooted again. This has now been corrected. • Spanish-Mexican Keyboard Layout The issue with unwanted characters shown when using Spanish-Mexican keyboard layout corrected. • Installing Pointsec on System Drives with Unit Letter Other than C • It is now possible to install Pointsec on system drives that have unit letter other than those named C. Files Removed The following files that were included in previous versions of Pointsec are no longer included: ACSMC.dll, P95Serv.exe, SetupSSO.exe • Changing User Names in 16-bit Mode A correction has been made for when a user name is changed in 16-bit login. SSO settings were shown incorrectly for a new user. SSO was not active even if setting was shown. This has now been corrected. • The Tray Program A correction has been made for how the tray program checks for files. This corrects issues with Norton Antivirus. A correction has been made to the tray program regarding CPU usage. Pointsec´s tray icon did not release CPU after having started other Pointsec programs internally. This is now corrected. Encryption status in the tray could show an incorrect value if more than 23 GB was encrypted. This has now been corrected. • Upper- and Lowercase Letters in User Name Fields The Pointsec login screen now displays upper- and lowercase letters in the user name field. • Corrections to the Pointsec Driver The following issues have been corrected: Plug-and-play issues ZIP drive lost Encryption stopping on NT after 3 volumes System failures occurring due to incorrect handling of IO requests
65 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• The Pointsec Readme File The Readme file is now read from the root of the installation folder. This makes translations easier to implement. • Updating Profile Passwords The update profile password issue has been corrected. • Upgrading The check for versions before upgrade starts has been improved.
Changes and Corrections Made in Release 4.1 SR 2.0.4 • Interrupted Login of Temporary User Interrupting a logon with a temporary user on a system with multiple volumes could cause the encryption process and user access to partitions to not work correctly. This is now corrected. • MO Drives The issue with MO drives has been corrected.
Changes and Corrections Made in Release 4.1 SR 2.0.3 • Bad Sectors Pointsec normally handles bad sectors. However, in previous versions of Pointsec, if a disk contained many bad sectors, the encryption could stop without giving any notice to the user about this. Pointsec now informs the user with an information dialog if this scenario occurs and also creates a log entry. • Boot Time on Windows XP The issue with increased boot time for Windows XP systems when Pointsec was installed is corrected.
Changes and Corrections Made in Release 4.1 SR 2.0.1 • Encryption Process and Heavy Workloads Issue with encryption not starting due to service startup failure on machines with a heavy workload during startup corrected.
Changes and Corrections Made in Release 4.1 • Windows XP Restore Points Better handling of Windows XP restore points implemented. • Single Sign On and Novell clients Single Sign On improvements in regard to Novell clients with synchronized passwords.
Changes and Corrections Made in Patch 4.0 SR 4.1 • Change path for update profiles during patch - Correction If a fifth path was added in the “path.txt” file Pointsec administration would cause an illegal action in the OS. This is now handled, if a fifth path is added it will be ignored.
Changes and Corrections Made in 4.0 SR 4.1 • LS120 drive correction Machines with LS120 drives would blue screen when the LS120 drive was accessed. This is now corrected.
Changes and Corrections Made in 4.0 SR 4 • Screensaver corrections The “Allow windows screensaver”-function did not work properly on upgraded systems. This is now corrected. • SSO function improvements Pointsec SSO handling of third party GINAs is improved.
66 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• SetupSSO.exe SetupSSO.exe included on the install CD and replaces program SSOReg.exe
Changes and Corrections Made in Patch 4.0 SR 4 • Change path for update profiles during patch. New functionality added to enable change of path for update profiles during patch process. See Pointsec 4.1 SR 2.1 Addendum for more information regarding this feature.
Changes and Corrections Made in 4.0 SR 3.5 • Cisco Aironet and Cisco VPN support implemented Support for Cisco Aironet and Cisco VPN implemented. Please refer to Release notes for more information. • Allow Windows screensaver function corrected There was an error in previous versions that caused Pointsec screensaver to be used even if the setting “Allow window screensaver” was set. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.4 • Temporary users and multiple volumes Temporary users, with access to multiple volumes were only granted access to C: volume after password change. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.3 • Pointsec Event Viewer corrected Pointsec Event viewer could show computer names incorrectly. This is now corrected. • Novell username missing The username of the logged on user was not presented in the Novell login window when unlocking the workstation. This is now corrected.
Changes and Corrections Made in Patch 4.0 SR 3.3 • Smart card user and rollback Smart card components prevented rollback to function correctly. This is now corrected. • Remote help during upgrade process It was not possible to provide remote help during the upgrade process. This is now corrected. Remote help will function as One-time-login during upgrade process. • Expiring passwords during upgrade If a password would expire during the upgrade process the user would not be able to gain access to the machine. This is now fixed; passwords will not expire during the upgrade process.
Changes and Corrections Made in 4.0 SR 3.2 • Missing search path to recovery file If no search path to recovery file was set on the local system this prevented update profiles to be imported. This is now corrected. • Esc-key caused search paths in profile to be removed Using the Esc-key to navigate in the Profile settings window could under certain conditions cause the search path to Update profiles and Software update to be removed from the profile.
67 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections Made in Patch 4.0 SR3.1 • Conversion of profiles License number used is now automatically reflected in profiles after conversion to 4.0 format. • License number The destination and compatible license numbers may now contain hexadecimal digits in the second field. • Deadlocks The upgrade could sometimes cause a deadlock during startup of Windows 2000 or NT. • Installation problems The upgrade was sensitive if there were errors encountered during the upgrade. It could back out without any obvious cause, sometimes without informing about the situation. The upgrade is now much less sensitive to interruptions and there is always information in the log file if the upgrade backs out. • Forced patch backout If the upgrade is entering an impossible state and never completes, there is a possibility to force a backout. This is made by creating the file ”C:\PATCH_COMMAND_BACKOUT” without extension and then rebooting the machine. • Programs could be started before the patch was completed It was possible to start the admin program and also the uninstall program before the patch was completed. This could sometimes cause strange behavior or strange information to be displayed. • Language in screen saver text corrected The screen saver text is now installed in the correct language. • Uninstallation could leave programs and/or registry items The programs PROT_SRV.EXE, PAGENTS.EXE and the driver PROT_??.SYS could sometimes be left after uninstallation. This is now fixed. • Converting silent 3.1 SR 1 installation profiles A silent profile created in Protect 3.1 SR 1 became interactive when converted into 4.0 format. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.1 • Improved internal queue management The queue management of internal program communications has been improved. • Correction of Blue Screen 0X040014422 The problem with the blue screen 0x04001422 is fixed. This was caused when Windows NT reported a second hard disk that was disabled at start-up, which was actually a removable disk, i.e. Jaz, Zip that was not available. • Correction of Screen saver activation in Windows 2000 In SR 3 there was a problem when activating the screen saver using the Pointsec tray icon. This sometimes caused the PC to stop when shutting down and sometimes it was impossible to reactivate the screen saver. Those problems are now fixed.
Changes and Corrections Made in 4.0 SR 3 • Support for the PKCS11 standard is implemented The PKCS11 standard is now supported when using smart card authentication together with Pointsec. • Support for Telia ID is implemented In version 4.0 SR 3 support for the Telia ID smart card is implemented. • Wildcards” in Event Viewer The use of “wildcards” in Event Viewer is now supported.
68 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• Pre-check functionality extended The pre-check functionality is extended to detect unusual system configurations and abort installation of Pointsec. Please contact Pointsec support for latest documentation regarding pre-check. • Problem with internal zip drives corrected In versions prior to 4.0 SR 3 there was a problem with the handling of internal zip drives. This is now corrected. • User settings for allowing windows screensaver In versions prior to 4.0 SR 3 the user settings for windows screensaver did not work correctly. This is now corrected.
Changes and Corrections Made in 4.0 SR 2.3 • Novell integration error corrected Under certain circumstances the Novell login window would lose the username and password fields after Pointsec installation. This is now corrected. • Novell client version requirements changed Installation check now accepts Novell client version 4.70.
Changes and Corrections Made in 4.0 SR 2.2 • Transfer to central log To reduce network traffic the routines that control transfer from local log to central log has changed. Events that occur frequently and usually not considered important will not trigger a transfer to central log; events that are considered important and do not occur very frequently will trigger a transfer of logged events. • Novell client version checked during installation In version 4.0 SR 2.1 the installation check of Novell clients would abort installation of Pointsec if the Novell client installed on the system did not support Pointsec Single Sign- On (SSO). This feature is now changed. If the installation check detects a Novell client on the system that does not meet the Pointsec requirements Pointsec will still install, but some components will not be installed. It will not be possible to enable SSO on those machines. Error log files for each machine that has not had all the components installed due to this installation check of Novell clients will be created in the installation directory. The required Novell clients are: Win200 and WinNT: Novell 4.70 Win95, Win98 and WinME: Novell 3.30 • Single Sign-On (SSO) changes Checkbox “Record new credentials” is only shown after a temporary login with SSO disabled. • Tray program - NT It is now possible to activate Lock-Workstation via the Pointsec tray program on systems running NT
Changes and Corrections Made in 4.0 SR 2.1 • Novell login loop corrected Pointsec 4.0 SR 2 installed on a machine that contains the Novell client would loop in the Novell login if a recovery were performed on the machine. This is now corrected.
Changes and Correction in 4.0 SR 1 and SR 2 • Temporary users on machines using hardware profiles It was not possible to choose hardware profiles when logging on with a temporary user. • Slovakian language Handling of errors, caused by selecting Slovakian language in the Pointsec administration program.
69 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• ActivCard 1.2 with Microsoft network login module installed Network resources and domain login were lost when installing Pointsec 4.0 on Win98/Win95/WinME, and if ActivCard 1.2 or 1.3 were previously installed with the Microsoft network login module. • Handling of limited permissions on root folder When the root folder was set up with limited permissions, a problem occurred with the creation of recovery files. • -2 message Less notification when working off-line, -2 message • User with “upper case and lower case letters” password rule set A user that had the password rule “upper case and lower case letters” set could not create update profiles. • Handling of unknown-unformatted partitions There was a problem with installing Pointsec on machines that contained an unknown and unformatted volume placed before the boot volume on the disk. Initializing smart cards at next login on NT machines It was not possible to initialize a smart card at next login on NT machines. This is now partially fixed; see known issues regarding this fix. • Adjacent volumes A problem could occur if Pointsec was installed on a machine with adjacent volumes. A system failure error message 4004D023 would be displayed. This kind of volume layout is now handled. • Profile import procedure If a profile had been changed on an odd second the profile would be imported over and over again by the system. This has now been corrected. • Handling of missing Registry entry If the registry key of a device is missing the “class” key value, the Pointsec installation might not work properly and could cause a system failure error message “Inaccessible boot device”. This has now been corrected. • Event Viewer and Search User Utilities In 4.0 SR 1 the utilities Event viewer and Search did not handle UNC search paths. This is now corrected.
Features Introduced in Pointsec 4.0 • Windows NT/2000 log integration Integration with the NT/2000 log is implemented with new event codes. • Support for Microsoft Windows 2000 Pointsec now fully supports Windows 2000 except dynamic disks. • Single Sign On (SSO) Pointsec 4.0 offers SSO for Microsoft, Novell and Entrust clients. • Multiple search path Multiple search paths for update profiles, software updates and recovery files are implemented in Pointsec 4.0. • Uninstallation profiles It is now possible to uninstall Pointsec 4.0 by means of an uninstallation profile. • Event viewer utility Pointsec 4.0 offers the possibility to view logs from a central location. This feature is only available to Pointsec administrators and system administrators. • Search user utility It is possible to search recovery files stored on a central location for specific users on the computers. • Smart Card support Pointsec supports the use of Smart Cards for authentication. ActivCard and Telia ID support is implemented as well as the PKCS11 standard.
70 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• Entrust Integration Pointsec 4.0 features a Single Sign-On and revocation check functionality to Entrust. • Handling of incorrect BIOS disk information User option to correct incorrect disk information from BIOS.
Pointsec for PC 4.2 Releases
Changes and Corrections in 4.2 SR 1.8 • Issue with USB memory The issue with USB memory was corrected. • Pointsec Admin A problem, which occurred when starting Pointsec Admin, was solved. • Compatibility There was a compatibility issue with profiles created in the previous 3 service releases. This was resolved. • Suspected hardware incompatibility with IBM R31 This was a BIOS problem. Ensure you have the latest BIOS available installed. • Remote Help A problem with Remote Help when incorrectly entering a user name was solved. • Enhanced software update Software updates performance was enhanced and updates now complete faster. When running a Pointsec for PC software update on a computer, the update will succeed even if Ppupdate.log cannot immediately be stored centrally. Ppupdate.log will be stored centrally when the PC rejoins the network. Ppupdate.log is now stored in the Pointsec program directory, not in the root. See Logging During Software Update in the Administrator’s Guide for more information.
Changes and Corrections in 4.2 SR 1.7b • The language loading issue with Pssogina.dll was solved. • The problem with install.exe was corrected. Note, this fix is not supported on systems running Windows 9x.
New Functionality in 4.2 SR 1.7 • New temporary lockout settings • New SSO setting
Changes and Corrections in 4.2 SR 1.7 • Viewing and size of central log files Only logs from the same installation are listed. 30,000 byte limit removed. The memory needed is allocated.
New Functionality in 4.2 SR 1.6 • New Pointsec Service • Synchronizing Windows and Pointsec Passwords • Integration of Pointsec File Encryption and Pointsec for PC
Changes and Corrections in 4.2 SR 1.6FT • WOL User Locked-out You cannot extend authority after a WakeOnLAN start without being locked out after a short period. This is now documented as a condition of using WOL functionality.
71 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• Remote Help Compatibility issues in Remote Help are now handled.
New Functionality in 4.2 SR1.5 • New WOL Setting A new WOL setting, Allow Windows logon, has been added. See the Administrator’s Guide for more information. • Smart Card Authentication Supports Domain Authentication (ID 738) Re-authenticating to Windows (with password) in lock screen is now possible for smart card users.
Changes and Corrections in 4.2 SR 1.5 • Updating Serial Numbers Using Profiles (ID 736) Previous possible problems updating serial numbers using profiles have been corrected. • Keyboard Handling (IDs 472, 740) Keyboard issues have been fixed. • Tracking Install.exe (ID 734) You can now review the install.exe process to see when the installation is finished (e.g. silent install to track when a reboot is needed). • Installing with Slovakian License Number (ID 735) Previous problems when installing with a Slovakian license number have been resolved. • Log Problem Solved (ID 739) A problem associated with the length of lines in the log has been resolved.
New Functionality in 4.2 SR 1.4 • Converting webRH Profiles for Use at EPL Installations • Stricter Control over Change System Settings Authority
Changes and Corrections in 4.2 SR 1.4 build 193 • Special Characters and Scan Codes Due to incorrect scan code use after upgrading to 4.2 SR 1.4, users with special characters in their passwords could experience problems when logging in. This is corrected.
Changes and Corrections in 4.2 SR 1.4 • Starting an Approved Software Update In some cases, when updating from 4.2 SR 1.3, approved software updates did not always start to run because of settings in the user policy. This is corrected. • Navigating in the Uninstall Dialog Box Previously, it was not possible to use the mouse to navigate in Uninstall dialog box fields. This is corrected. • Unlocking Screensaver as System Administrator Windows 98 – Previously, it was not possible to unlock a screensaver as system administrator even if that option had been set. This is corrected. • User Password Requirement and Profiles Previously, it was not possible to create a profile when logged on using a user account that had the password requirement ‘Upper and lower case’. This is corrected.
Changes and Corrections Made in Release 4.2 SR1.3 • Support for French and Spanish • Changing Languages The language used in the Admin and tray programs and the 16-bit login dialog box • Advanced Repair Options were moved To access the advanced repair options, press [F8]
72 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
when the system boots from the recovery disk • Keyboard Scancode Check Changed • On-line Help moved to Help directory • Maintenance Accounts fixed
Changes and Corrections Made in Release 4.2 SR1.1 • WOL Improvements have been made to WakeOnLAN function to handle third party GINAs as the active GINA. • Works-folder Functionality Updates will now be imported even when the user is not logged-in to the system.
Changes and Corrections Made in Release 4.2 SR 1 • SSO and Forced Password Change Previously, when NT forced a change of password, Single Sign On (SSO) did not work again until after you deselected the SSO option, rebooted, selected SSO and then rebooted again. This has now been corrected. • Spanish-Mexican Keyboard Layout The issue with unwanted characters shown when using Spanish-Mexican keyboard layout corrected. • Installing Pointsec for PC on System Drives with Unit Letter Other than C It is now possible to install Pointsec for PC on system drives that have unit letter other than those named C. • Files Removed The following files that were included in previous versions of Pointsec for PC are no longer included: ACSMC.dll, P95Serv.exe, SetupSSO.exe • Changing User Names in 16-bit Mode A correction has been made for when a user name is changed in 16-bit login. SSO settings were shown incorrectly for a new user. SSO was not active even if setting was shown. This has now been corrected. • The Tray Program A correction has been made for how the tray program checks for files. This corrects issues with Norton Antivirus. A correction has been made to the tray program regarding CPU usage. Pointsec for PC´s tray icon did not release CPU after having started other Pointsec for PC programs internally. This is now corrected. Encryption status in the tray could show an incorrect value if more than 23 GB was encrypted. This has now been corrected. • Upper- and Lowercase Letters in User Name Fields The Pointsec for PC login screen now displays upper- and lowercase letters in the user name field. • Corrections to the Pointsec for PC Driver The following issues have been corrected: Plug-and-play issues ZIP drive lost Encryption stopping on NT after 3 volumes System failures occurring due to incorrect handling of IO requests • The Pointsec for PC Readme File The Readme file is now read from the root of the installation folder. This makes translations easier to implement. • Updating Profile Passwords The update profile password issue has been corrected. • Upgrading The check for versions before upgrade starts has been improved.
73 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections Made in Release 4.2 SR 0.4 • Interrupted Login of Temporary User Interrupting a logon with a temporary user on a system with multiple volumes could cause the encryption process and user access to partitions to not work correctly. This is now corrected. • MO Drives The issue with MO drives has been corrected.
Changes and Corrections Made in Release 4.2 SR 0.3 • Bad Sectors Pointsec for PC normally handles bad sectors. However, in previous versions of Pointsec for PC, if a disk contained many bad sectors, the encryption could stop without giving any notice to the user about this. Pointsec for PC now informs the user with an information dialog if this scenario occurs and also creates a log entry. • Boot Time on Windows XP The issue with increased boot time for Windows XP systems when Pointsec for PC was installed is corrected.
Changes and Corrections Made in Release 4.2 SR 0.1 • Encryption Process and Heavy Workloads Issue with encryption not starting due to service startup failure on machines with a heavy workload during startup corrected.
Changes and Corrections Made in Release 4.2 • Windows XP Restore Points Better handling of Windows XP restore points implemented. • Single Sign On and Novell clients Single Sign On improvements in regard to Novell clients with synchronized passwords.
Changes and Corrections Made in Patch 4.0 SR 4.1 • Change path for update profiles during patch - Correction If a fifth path was added in the “path.txt” file Pointsec administration would cause an illegal action in the OS. This is now handled, if a fifth path is added it will be ignored.
Changes and Corrections Made in 4.0 SR 4.1 • LS120 drive correction Machines with LS120 drives would blue screen when the LS120 drive was accessed. This is now corrected.
Changes and Corrections Made in 4.0 SR 4 • Screensaver corrections The “Allow windows screensaver”-function did not work properly on upgraded systems. This is now corrected. • SSO function improvements Pointsec for PC SSO handling of third party GINAs is improved. • SetupSSO.exe SetupSSO.exe included on the install CD and replaces program SSOReg.exe
Changes and Corrections Made in Patch 4.0 SR 4 • Change path for update profiles during patch. New functionality added to enable change of path for update profiles during patch process. See Pointsec for PC 4.2 SR 1 Addendum for more information regarding this feature.
74 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections Made in 4.0 SR 3.5 • Cisco Aironet and Cisco VPN support implemented Support for Cisco Aironet and Cisco VPN implemented. Please refer to Release notes for more information. • Allow Windows screensaver function corrected There was an error in previous versions that caused Pointsec for PC screensaver to be used even if the setting “Allow window screensaver” was set. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.4 • Temporary users and multiple volumes Temporary users, with access to multiple volumes were only granted access to C: volume after password change. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.3 • Pointsec for PC Event Viewer corrected Pointsec for PC Event viewer could show computer names incorrectly. This is now corrected. • Novell username missing The username of the logged on user was not presented in the Novell login window when unlocking the workstation. This is now corrected.
Changes and Corrections Made in Patch 4.0 SR 3.3 • Smart card user and rollback Smart card components prevented rollback to function correctly. This is now corrected. • Remote help during upgrade process It was not possible to provide remote help during the upgrade process. This is now corrected. Remote help will function as One-time-login during upgrade process. • Expiring passwords during upgrade If a password would expire during the upgrade process the user would not be able to gain access to the machine. This is now fixed; passwords will not expire during the upgrade process.
Changes and Corrections Made in 4.0 SR 3.2 • Missing search path to recovery file If no search path to recovery file was set on the local system this prevented update profiles to be imported. This is now corrected. • Esc-key caused search paths in profile to be removed Using the Esc-key to navigate in the Profile settings window could under certain conditions cause the search path to Update profiles and Software update to be removed from the profile.
Changes and Corrections Made in Patch 4.0 SR3.1 • Conversion of profiles License number used is now automatically reflected in profiles after conversion to 4.0 format. • License number The destination and compatible license numbers may now contain hexadecimal digits in the second field. • Deadlocks The upgrade could sometimes cause a deadlock during startup of Windows 2000 or NT.
75 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• Installation problems The upgrade was sensitive if there were errors encountered during the upgrade. It could back out without any obvious cause, sometimes without informing about the situation. The upgrade is now much less sensitive to interruptions and there is always information in the log file if the upgrade backs out. • Forced patch backout If the upgrade is entering an impossible state and never completes, there is a possibility to force a backout. This is made by creating the file ”C:\PATCH_COMMAND_BACKOUT” without extension and then rebooting the machine. • Programs could be started before the patch was completed It was possible to start the admin program and also the uninstall program before the patch was completed. This could sometimes cause strange behavior or strange information to be displayed. • Language in screen saver text corrected The screen saver text is now installed in the correct language. • Uninstallation could leave programs and/or registry items The programs PROT_SRV.EXE, PAGENTS.EXE and the driver PROT_??.SYS could sometimes be left after uninstallation. This is now fixed. • Converting silent 3.1 SR 1 installation profiles A silent profile created in Protect 3.1 SR 1 became interactive when converted into 4.0 format. This is now corrected.
Changes and Corrections Made in 4.0 SR 3.1 • Improved internal queue management The queue management of internal program communications has been improved. • Correction of Blue Screen 0X040014422 The problem with the blue screen 0x04001422 is fixed. This was caused when Windows NT reported a second hard disk that was disabled at start-up, which was actually a removable disk, i.e. Jaz, Zip that was not available. • Correction of Screen saver activation in Windows 2000 In SR 3 there was a problem when activating the screen saver using the Pointsec for PC tray icon. This sometimes caused the PC to stop when shutting down and sometimes it was impossible to reactivate the screen saver. Those problems are now fixed.
Changes and Corrections Made in 4.0 SR 3 • Support for the PKCS11 standard is implemented The PKCS11 standard is now supported when using smart card authentication together with Pointsec for PC. • Support for Telia ID is implemented In version 4.0 SR 3 support for the Telia ID smart card is implemented. • Wildcards” in Event Viewer The use of “wildcards” in Event Viewer is now supported. • Pre-check functionality extended The pre-check functionality is extended to detect unusual system configurations and abort installation of Pointsec. Please contact Pointsec support for latest documentation regarding pre-check. • Problem with internal zip drives corrected In versions prior to 4.0 SR 3 there was a problem with the handling of internal zip drives. This is now corrected. • User settings for allowing windows screensaver In versions prior to 4.0 SR 3 the user settings for windows screensaver did not work correctly. This is now corrected.
76 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
Changes and Corrections Made in 4.0 SR 2.3 • Novell integration error corrected Under certain circumstances the Novell login window would lose the username and password fields after Pointsec installation. This is now corrected. • Novell client version requirements changed Installation check described in section 14.2 now accept Novell client version 4.70.
Changes and Corrections Made in 4.0 SR 2.2 • Transfer to central log To reduce network traffic the routines that control transfer from local log to central log has changed. Events that occur frequently and usually not considered important will not trigger a transfer to central log; events that are considered important and do not occur very frequently will trigger a transfer of logged events. • Novell client version checked during installation In version 4.0 SR 2.1 the installation check of Novell clients would abort installation of Pointsec if the Novell client installed on the system did not support Pointsec Single Sign- On (SSO). This feature is now changed. If the installation check detects a Novell client on the system that does not meet the Pointsec requirements Pointsec will still install, but some components will not be installed. It will not be possible to enable SSO on those machines. Error log files for each machine that has not had all the components installed due to this installation check of Novell clients will be created in the installation directory. The required Novell clients are: Win200 and WinNT: Novell 4.70 Win95, Win98 and WinME: Novell 3.30 • Single Sign-On (SSO) changes Checkbox “Record new credentials” is only shown after a temporary login with SSO disabled. • Tray program - NT It is now possible to activate Lock-Workstation via the Pointsec tray program on systems running NT
Changes and Corrections Made in 4.0 SR 2.1 • Novell login loop corrected Pointsec 4.0 SR 2 installed on a machine that contains the Novell client would loop in the Novell login if a recovery were performed on the machine. This is now corrected.
Changes and Correction in 4.0 SR 1 and SR 2 • Temporary users on machines using hardware profiles It was not possible to choose hardware profiles when logging on with a temporary user. • Slovakian language Handling of errors, caused by selecting Slovakian language in the Pointsec administration program. • ActivCard 1.2 with Microsoft network login module installed Network resources and domain login were lost when installing Pointsec 4.0 on Win98/Win95/WinME, and if ActivCard 1.2 or 1.3 were previously installed with the Microsoft network login module. • Handling of limited permissions on root folder When the root folder was set up with limited permissions, a problem occurred with the creation of recovery files. • -2 message Less notification when working off-line, -2 message
77 Pointsec PC EW 6.3.1 HFA4, August 2008 Revision Tracking Version A
• User with “upper case and lower case letters” password rule set A user that had the password rule “upper case and lower case letters” set could not create update profiles. • Handling of unknown-unformatted partitions There was a problem with installing Pointsec on machines that contained an unknown and unformatted volume placed before the boot volume on the disk. Initializing smart cards at next login on NT machines It was not possible to initialize a smart card at next login on NT machines. This is now partially fixed; see known issues regarding this fix. • Adjacent volumes A problem could occur if Pointsec was installed on a machine with adjacent volumes. A system failure error message 4004D023 would be displayed. This kind of volume layout is now handled. • Profile import procedure If a profile had been changed on an odd second the profile would be imported over and over again by the system. This has now been corrected. • Handling of missing Registry entry If the registry key of a device is missing the “class” key value, the Pointsec installation might not work properly and could cause a system failure error message “Inaccessible boot device”. This has now been corrected. • Event Viewer and Search User Utilities In 4.0 SR 1 the utilities Event viewer and Search did not handle UNC search paths. This is now corrected.
Features Introduced in Pointsec 4.0 • Windows NT/2000 log integration Integration with the NT/2000 log is implemented with new event codes. • Support for Microsoft Windows 2000 Pointsec now fully supports Windows 2000 except dynamic disks. • Single Sign On (SSO) Pointsec 4.0 offers SSO for Microsoft, Novell and Entrust clients. • Multiple search path Multiple search paths for update profiles, software updates and recovery files are implemented in Pointsec 4.0. • Uninstallation profiles It is now possible to uninstall Pointsec 4.0 by means of an uninstallation profile. • Event viewer utility Pointsec 4.0 offers the possibility to view logs from a central location. This feature is only available to Pointsec administrators and system administrators. • Search user utility It is possible to search recovery files stored on a central location for specific users on the computers. • Smart Card support Pointsec supports the use of Smart Cards for authentication. ActivCard and Telia ID support is implemented as well as the PKCS11 standard. • Entrust Integration Pointsec 4.0 features a Single Sign-On and revocation check functionality to Entrust. • Handling of incorrect BIOS disk information User option to correct incorrect disk information from BIOS.
78 Pointsec PC EW 6.3.1 HFA4, August 2008