McAfee Endpoint Encryption Manager Product Release Notes Version 5.2.6
McAfee, Inc. McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, USA Tel: (+1) 888.847.8766 Internet: www.mcafee.com Document: Endpoint Encryption Manager Product Release Notes Last updated: Wednesday, 17 November 2010 Copyright (c) 1992-2010 McAfee, Inc., and/or its affiliates. All rights reserved. McAfee and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-mcafee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners.
Introduction Introduction Intention of the Release Notes Document This paper describes the new functions and features introduced with the new product release of the McAfee Endpoint Encryption Manager (EEM). This document contains two main sections: 1. Notes on the Product issues you should know about. 2. Release Notes - New functions and features in this release. 8BUpgrading from Previous Releases To apply this release to previous V4.0/V5.0 installations please follow the instructions in the Endpoint Encryption Update and Migration Guide which can be found in the root folder of the software build. 3
Notes on the Product Notes on the Product Adding new features and fixes to an existing Enterprise If you want to add the new features and fixes to an existing Endpoint Encryption Manager, please follow the instructions in the Endpoint Encryption Update and Migration Guide, which can be found on the root folder of the software build. This document describes how to update an existing enterprise version of Endpoint Encryption to the latest version and how to implement dedicated features like Smart Cards and Tokens. If you are installing from new, please follow the instructions of the Endpoint Encryption Quick Start Guide. Adding new Smart Cards and Tokens To implement new smart cards and tokens in the Endpoint Encryption Manager please follow the instructions in the Endpoint Encryption Update and Migration Guide, which can be found, on the root folder of the software build. If you are performing a fresh installation, please follow the instructions in the Endpoint Encryption Quick Start Guide. Furthermore, please ensure your PC has the reader drivers installed before trying to install Endpoint Encryption for PC. You can find drivers for supported readers in the Tools software package, which can be downloaded from www.mcafee.com. Split Builds The Endpoint Encryption Manager is now a separate build from the products it manages. This action was taken to allow Endpoint Encryption Manager and other products to have their own release schedules. Moving forward these builds will be maintained, updated, installed/upgraded and potentially released separately. Administrators will need to install the Endpoint Encryption Manager first, followed by the product(s) they wish to use. The overall functionality of the products remains the same but their install/upgrade procedure can and may vary. The Endpoint Encryption Manager can be upgraded independently from the products it manages. Anti-Virus Exceptions It is not necessary to use a virus scanner on the database (SBDATA). Most of the data is encrypted, so there is nothing to be scanned and scanning will reduce much of the performance. 4
Notes on the Product It is recommended you create the following exceptions for the Endpoint Encryption Database Server: SBDATA Database: The Endpoint Encryption Database Folder and all subfolders should be excluded from any scanning. The database is currently stored in c:\sbdata. Database Service: The Database Process should be excluded from any scanning. The process is called SbDbServer.exe. Connector Manager: It is recommended you exclude the active directory connector. The process is SbConnectorManager.exe. Database Backup Tool: The Database Backup Tool should be excluded. The process is called SFDBBack.exe. WebHelpDesk: The WebHelpdesk and WebSelf Recovery https Service should be excluded. The process is called SbHttp.exe. Reporting Tool: The Reporting Tool should be excluded from any scanning. The process is called SbReports.exe. Scripting Tool: The McAfee Encryption administration command line tool should be excluded from the scan process. The process is called SbAdmCL.exe. 5
EEM Release Notes for 5.2.6 EEM Release Notes for 5.2.6 Reference Description 5260.1 The Connector Manager was importing the wrong certificate via LDAP To allow the connector Manager to function in both ways a new setting can be added to the CmSettings file. <CheckCertEncrypt>1</CheckCertEncrypt> is the new setting to check for encryption on a certificate. The default is 0 and works as in previous releases. 5260.2 Modify PIV tokens to allow self-initialization This release now supports the PIV token support and is able to handle selfinitialization. 5260.3 Count incorrect in Machine Client Versions report. This issue has been corrected. It was experienced due to an internal logic error. 5260.4 Users able to request a force password change for users of a higher level. This issue has been corrected. It was experienced due to an internal logic error. 5260.5 Validate PKI Smartcard certificate expiry date Smartcard certificate expiry date is now stored in the management center as the Valid until date. This date is then validated within the client. For Smartcards that use Self-initialization, the certificate is validated from the token when presented for logon. 5260.6 Include support for Gemalto GX4 144K Smartcards Support for these Smartcards has now been implemented. 5260.7 Add additional modules to Self-test verification when operating in FIPS mode. Additional DLL s have been added to the list of modules to verify. 5260.8 Support the internal readers on HP nc8430 Support for the internal reader on the HP nc8430 has now been implemented. 5260.9 Display Pin instead of Password when authenticating using a PIV Smartcard This change to the logon UI has now been implemented. 5260.10 SbDbServer crashing Some issues occurred with the SbDbServer crashing. This was caused by memory release problems which under a rare combination of multiple client interactions eventually lead to the crash. 6
EEM Release Notes for 5.2.6 5260.11 Enhance the Scripting tool command CreateUser to allow the option to Force Password change. A new option ForcePasswordChange has been added to the command. 5260.12 Enhance the Scripting tool command CreateUser to allow the option to Force Password change. A new option ForcePasswordChange has been added to the command. 5260.13 A new report to determine which users have registered/not registered for WebHelpDesk. The Users WebHelpDesk Registration Report is now available. This report determines if a user is registered for WebHelpDesk. 5260.14 The Group Counts report to show the number of items in a group A new report has been produced to see the number of items in a group. 5260.15 A new report to show all machines that have a certain file set attached A new report has been produced to see all machines that have a certain file set attached. 5260.16 When using multiple group mappings within the LDAP or AD connector, the users in the final group do not import. This would result in user deletion if a group mapping was being used to import the users. This issue was due to an internal logic error that failed to correctly handle the final element in the group list. 7