Pointsec PC EW 6.3.1 HFA6 Release Notes€¦ · Environment: Dell E6400 with 1GiB RAM, BIOS ver...

Copyright © 2009 Check Point Software Technologies Ltd. All rights reserved 1

Pointsec PC 6.3.1 HFA6 Release Notes

Revised: April 22, 2009

New in the April 22, 2009 update to the 6.3.1 HFA6 Release Notes:

Issue 455255 has been added to “Fixed in This Release (6.3.1 HFA6)” on page 2; it was mistakenly omitted from the previous version of the Release Notes.

The Pointsec PC 6.3.1 HFA6 Release Notes document provides:

• Lists changes included in release 6.3.1 HFA6

• A detailed specification of System Requirements and System Limitations

• A list of problems/issues that have been fixed in this release

• A list of known issues in this release.

Review this information before installing Pointsec PC 6.3.1 HFA6.

In This Document

Note - Before you begin installation, read the latest available version of the release notes. There may be an updated version of this document and of the other documents you received with your copy of Pointsec PC. You can access the latest version at: http://www.checkpoint.com/support/

About This Document page 2

About Pointsec PC page 2

New in Release 6.3.1 HFA6 page 2

Fixed in This Release (6.3.1 HFA6) page 2

System Requirements page 3

Tablet PCs That Support Touch-Pen Logon in Preboot page 5

IMPORTANT - Windows Integrated Logon (WIL) page 5

Upgrading page 5

Possible Security Risk When Using SSO with a Remote Desktop Application page 6

Fragmented Disks page 6

Modifying the Pointsec for PC.msi Package Not Supported page 6

About File Systems/Volumes/OS Upgrades page 6

Software Incompatibilities page 7

Known Limitations page 7

http://www.checkpoint.com/support/

About This Document

Pointsec PC 6.3.1 HFA6 Release Notes. Last Update — April 22, 2009 2

About This DocumentThis document applies to both the EW version and the MI version of the product.

In this document, the abbreviation N/A means Not Applicable. HFA stands for Hotfix Accumulator.

About Pointsec PCPointsec PC is a policy-based, enterprise security software solution. Pointsec PC combines boot protection, preboot authentication and strong encryption to ensure only authorized users are granted access to information stored in desktop and laptop PCs.

New in Release 6.3.1 HFA6Pointsec PC 6.3.1 HFA6 contains fixes for the issues listed under “Fixed in This Release (6.3.1 HFA6)” on page 2, below. Known issues in Pointsec PC 6.3.1 HFA6 are listed under “Known Issues in this Release” on page 9.

Fixed in This Release (6.3.1 HFA6)The following issues have been fixed and verified:

Known Issues in this Release page 9

FYI page 24

Documentation Feedback page 25

Table 1 Fixed in This Release

ID Short description Description/Info

455255 Recovey files corrupt. On some machines, both the local recovery file and the recovery file copied to the share were corrupted when the Pointsec PC system area was full. It was possible to open the recovery file in the "Create Recovery DIsk" application, but it was not possible to create a media.

454969 Boot failed on Dell E6400. If you installed Pointsec PC on a Dell E6400 with 1GiB RAM, it would not boot up. The system code for the volumes was added, but when it tried to boot the text "Full Disk" was displayed on the screen.

Environment: Dell E6400 with 1GiB RAM, BIOS ver A06, Windows XP.

454849 CentralLog.exe failed to write a log file if the path included a special character.

CentralLog.exe failed to write the log file if the path included a special character. For example, in a Czech Windows XP there is an "i" with acute accent in the general path: "C:\Documents and Settings\All Users\Data aplikaci\Pointsec\Pointsec for PC". This path is put as value in "UsersLocation" in "HKLM\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC" and Pointsec PC CentralLog.exe failed to write the log file there because of this letter.

454697 Expiration date - could not be disabled from group level.

It was not possible to remove the expiration date from the group level for a user. This made it impossible to manage users created from temp users on the group level.

System Requirements


System RequirementsThe following sections describe operating system, memory, and disk space requirements and limitations. It also describes other system software that is required.

Operating SystemsPointsec PC is supported when installed on an x86-compatible computer with:

• Microsoft Windows Vista (32-bit only): Ultimate, Business, or Enterprise.

• Microsoft Windows Vista (32-bit only) SP1: Ultimate, Business, or Enterprise

• Microsoft Windows XP Tablet PC Edition.

• Microsoft Windows Server 2003 (all variants and SPs) on workstations/PCs only; that is, not on servers.

• Microsoft Windows 2000 Professional SP4 UR1.

454587 A timeout occurred when booting with PXE from Symantec Livestate Delivery.

A timeout occurred when booting using PXE from Symantec Livestate Delivery.

454524 Pointsec PC’s certificate expiration warning does not work in Windows Vista.

Pointsec PC failed to verify certificates stored on card only, so there was no "Certificate expiration warning" in either preboot or Windows.

454453 Screen saver text in installation profile reset.

The screen saver text in installation profile reset to the default text after the profile was saved.

453920 Token malfunctioned in preboot on a Toshiba Tecra A9.

After installing an Aladdin etoken PRO32k (4.2B) andPointsec PC 6.3.1 HFA3 (1328) on a XPSP2 Toshiba Tecra A9, and disabling USB in the BIOS and enabling USB in Pointsec PC, the token would malfunction.

430437 Inconsistent display of 30 Day license nagging dialog and, after the 30 day trial period, the product did not fully uninstall or did not uninstall at all.

After installing Pointsec PC with an evaluation license and after exceeding the 30 day limit, a nagging dialog was inconsistently displayed; and the product did not fully uninstall or did not uninstall at all.

424362 Cntrl+Alt+Del issues with WIL and PSSOGINA.

There were issues with Ctrl+Alt+Del when logging into a drive on which WIL was enabled. If the Crtl+Alt+Del option was disabled in group policies, forcing the users to use this when logging into Windows, Pointsec PC would turn it off and go straight to the login banner after 4-5 minutes.

420312 Pointsec 6.x did not comply with Windows Complexity requirements.

Pointsec 6.x is not complying with Windows Complexity requirements, for example, it wouldaccept the username or full name as part of the password and this caused an issue because it was out of sync with the AD Domain Password since the domain does not accept this.

400021 USB keyboard keypad malfunctioned in preboot.

When using an external USB or PS/2 keyboard, if you entered PBE with Num Lock turned on, the computer would not respond to keystrokes even though Num Lock lamp is turned on. If you pressed the Num Lock key once, the lamp would stay turned on, but keys would start working.

Table 1 Fixed in This Release

ID Short description Description/Info

System Requirements


• Microsoft Windows XP Professional (SP1, SP2, and SP3. SP3 is recommended).

Pointsec PC is NOT supported when installed on a computer with:

• Microsoft Windows XP Home (all variants and SPs).

• Microsoft Windows Media Center Edition (all variants and SPs).

Pointsec PC is NOT supported on Apple Macintosh computers.

Other Systems RequiredMicrosoft .NET Framework 2.0 or later is required to be able to use the Pointsec PC Management Console (PCMC). If, however, the PCMC will not be used on a machine, it is not required to install .NET on that machine.

Operating System Requirements/Limitations

Stripe/Volume SetsOn Windows 2000/ Windows XP, Pointsec PC should not be installed on partitions that are part of stripe or volume sets.

Compressed Root DirectoryPointsec PC cannot be installed if the root-directory (or root directories) is/are compressed. The root directory must be decompressed before Pointsec PC is installed. However, subdirectories of the root directory may be compressed.

Windows User Account requirements for Installation and UninstallationIn order to install or uninstall Pointsec PC, the user account executing the action (either directly, through "Run As…", or as a service) must be authorized to perform installations, this usually means having Administrator permissions.

Windows User Account Registry Permission RequirementsIn order to install, upgrade, change language and import profiles on a Windows 2000 PC, a user account needs the following registry permissions: Query value, Set value, Create subkey, Enumerate subkey, Notify, Create link, and Read control.

In order to remove on a Windows 2000 PC, a user account needs the above registry permissions plus Delete.

Requirements for Dynamic TokensPointsec PC supports any dynamic token that supports the ANSI X.9.9 security standard if the DES algorithm is used together with these tokens.

Tablet PCs That Support Touch-Pen Logon in Preboot


Memory and Space Disk RequirementsThe current memory and disk space requirements are:

Note: The disk encryption process does not require extra space on the hard disk.

Tablet PCs That Support Touch-Pen Logon in PrebootPointsec PC 6.2 and all later versions support preboot authentication with touch pens on the following tablet PCs:

• HP TC1100

• HP TC4200

• IBM X41

• Toshiba Portégé M200

• Toshiba Portégé M400

• Motion Computing LS800



• Motion Computing C5

• AMTek Smart Caddie SCA002

IMPORTANT - Windows Integrated Logon (WIL)When implementing Windows Integrated Logon (WIL), weigh the total cost of ownership (TCO) impact of implementing Pre-Boot Authentication against the need for strong security when accessing the encrypted data at rest. WIL simplifies the user's experience when logging on to encrypted machines at the cost of limiting the strength of the PC's security configuration. Consider using Single Sign-On (SSO) in conjunction with proper Pre-Boot Authentication as an alternative to WIL. Carefully weigh the usage of WIL versus using user-authentication-based Pre-Boot Authentication according to the requirements of implemented enterprise security standards and goals.

UpgradingYou can upgrade to Pointsec PC 6.3.1 from the following Pointsec for PC 4.x and 5x versions:

• Pointsec for PC 4.1 sr 2.14 or later

• Pointsec for PC 4.2 sr 1.4 or later

• Pointsec for PC 4.3

Table 2 Component, Memory, and Disk Space

Component Memory Disk Space

Windows Vista 512 MB RAM 100 MB, of which 2 MB must be contiguous, free space.

Windows XP 128 MB RAM 100 MB, of which 2 MB must be contiguous, free space.

Windows 2000 64 MB RAM 100 MB, of which 2 MB must be contiguous, free space.

Windows 2003 Server Note: Not server hardware

128 MB RAM 100 MB, of which 2 MB must be contiguous, free space.

Windows XP Tablet Edition 128 MB RAM 100 MB, of which 2 MB must be contiguous, free space.

Possible Security Risk When Using SSO with a Remote Desktop Application


• Pointsec for PC 5 x.x

For more information about upgrading from these versions, see the Administrator's Guide.

For information about upgrading from Pointsec for PC 6.x.x to 6.3.1, see the chapter in the Administrator's Guide devoted to this topic.

Possible Security Risk When Using SSO with a Remote Desktop Application

Consider the possible security risk when using SSO with a remote desktop application. Normally this is not a problem because only Administrators have permission to connect to a remote computer via the remote desktop application.

Fragmented Disks2 MBS of contiguous disk space is required for Pointsec PC installation. If this amount of continuous space is not available, the installation will fail. In general, it is considered good practice to avoid fragmented disks to enhance overall performance. It is also considered good practice to defragment disks prior to installing Pointsec PC.

Modifying the Pointsec for PC.msi Package Not Supported

Do not modify the Pointsec for PC.msi package in any way. For instance, do not attempt to modify the Pointsec for PC.msi package by using transforms. Modification of the Pointsec for PC.msi package invalidates the supportability of the product.

About File Systems/Volumes/OS Upgrades

Resizing Partitions and Using Disk Management Features/Utilities

Never use software that alters the workstation's disk partitions when Pointsec PC is installed on the workstation.

If you need to resize a partition, remove Pointsec PC completely first and then resize the partition.

Overlapping Partitions When moving disks between computers where the computers have different head counts (e.g. H=64 --> H=16) FDISK may produce overlapping partitions. The operating system does not notice this. Pointsec PC will not start encryption if overlapping partitions are found. This problem can sometimes occur on machines with multiple volumes.

System on Volume without Drive LetterIf the system partition is not accessible using a drive letter when Pointsec PC is installed, necessary changes cannot be made; and the installation cannot be completed.

Software Incompatibilities


Disk UtilitiesDo not use disk utilities to change file systems or resize any volumes on the hard disk if Pointsec PC is installed on the computer; in most scenarios, doing so leads to an unusable system and loss of system data.

OS UpgradesDo not upgrade from one operating system version to another while Pointsec PC is installed, for example upgrading from Windows 2000 to Windows XP. This may lead to an unusable system. However, you can install hotfix upgrades.

Software Incompatibilities

Remote Help Malfunctions on Slaved Hard Disk DrivesRemote Help's remote password change and one-time logon do not function on slaved hard disk drives.

Anti-virus SoftwarePointsec PC is not fully compatible with some anti-virus software. The encryption process performed by Pointsec PC is performed in the background and does not affect computer performance noticeably. However, if anti-virus software runs a disk scan while Pointsec PC is encrypting the disk, performance will be impaired.

BIOS anti-virus feature functionality should be disabled. If active, it will cause the system to hang when reloading from suspend mode.

Pointsec PC and VMwarePointsec PC does not support VMware in a production environment. VMware is supported only for testing and demonstrations. In addition, note that the use of smart cards and smart card readers together with Pointsec PC is severely restricted in VMware sessions.

Pointsec PC and Windows Vista BitLocker Drive EncryptionWindows Vista BitLocker Drive Encryption cannot be used together with Pointsec PC.

Known Limitations This section documents known limitations to Pointsec PC.

‘Max Failed Windows Logon Attempts’ Not Supported in Windows Vista

The Max Failed Windows Logon Attempts feature is not supported in Windows Vista.

Known Limitations


Unformatted Partitions Will Trigger the Cancellation of the Installation

If computer on which Pointsec PC is being installed has an unformatted partition, the installation will be cancelled.

Multiple Drivers Can Hinder UpgradeHaving multiple drivers allocated can cause upgrade to fail. Workaround: Reduce the number of drivers to one set of a card and a reader driver before upgrading. More drivers can be allocated after the upgrade is complete.

Smart Card Feature in the Pointsec Preboot EnvironmentSystems that do not allow the disabling of USB Legacy support in the BIOS may be incompatible with the smart card feature in the Pointsec PC preboot environment.

Windows Vista's ReadyBoost™ and ReadyDrive™ Are Not Supported

Pointsec PC does not support the use of Windows Vista's ReadyBoost™ and ReadyDrive™ technologies. Support for these technologies will be added to a future Pointsec PC release.

FIPS Compliant Dynamic Tokens Are Not SupportedPointsec PC does not support dynamic tokens that are formatted to be FIPS compliant.

Token Insertion/Removal Handling FeatureThe Pointsec PC Token Insertion/Removal Handling feature is unreliable except when using Aladdin eTokens.

Deployment SoftwareWhen Pointsec PC is installed on a client using deployment software such as SMS or Tivoli, the software must be run as LOCAL_SYSTEM and have "Interact with desktop" activated.

If the software is run as a normal user account, the installation will fail.

Alternative Boot MenuThe options displayed in the alternative boot menu depend on what the BIOS of the machine supports and the hardware that is currently installed. Therefore, the fact that an option is listed in the menu does not mean it is supported by Pointsec PC.

SATA USB/CD/DVD devices not supported in Alternative Boot Menu

SATA USB/CD/DVD devices are not supported in the Alternative Boot Menu.

Known Issues in this Release


Dual BootingPointsec PC does not support dual boot environments.

Japanese Language Pack Does Not Contain All Japanese Characters

The Pointsec PC Japanese language pack does not contain all Japanese characters. This means, for example, that if the computer name contains Japanese characters that are not contained in the Japanese language pack, these characters will be displayed as black boxes.

Multiple Hard DisksPointsec PC 6.3.1 supports up to six hard disks, which together can have a maximum total of 12 volumes protected by Pointsec PC.

Recovery and HibernationDo not attempt to perform recovery on a hibernated machine.

Hidden VolumesPointsec PC cannot be installed on hidden volumes.

Mounted Volumes/Dynamic DisksMounted volumes/dynamic disks are not supported.

USB and CD-ROM LimitationsDevices with boot media should be removed while Pointsec Preboot Environment is loading. USB devices, bootable CD-ROMs, and bootable DVD-ROMS are not supported in the system during the Pointsec Preboot Environment and during preboot authentication.

DocumentationCosmetic errors exist in the documentation: some screen images can be "back-level" and/or do not match the text. Note that the text is correct; it is the screen captures that are back level.

Known Issues in this ReleaseThe following sections document known issues in 6.3.1 HFA6:

Table 3 Known Issue Sections

Section On page

Known General Issues in This Release 10

Known Hardware-related Issues in This Release 21



For further information regarding Known Issues from previous Check Point releases, see the 6.3.1 HFA6 Known Limitations Supplement, located at http://www.checkpoint.com/support/technical/documents/index.html

Known General Issues in This ReleaseThe following items are known general issues in this release:

Table 4 Known General Issues in This Release

ID About Details

455575 SSO can require input of the password a second time when Password Synchronization is enabled in both directions (preboot -> Windows and Windows -> preboot).

To encounter this problem, follow this scenario:1. Enable SSO and Password Synchronization both ways: (preboot -> Windows and Windows -> preboot). 2. Set a new password in PPBE.(Afterwards you will be automatically logged onto Windows.)3. Windows will now have the new password you just set.4. Reboot and log onto PPBE with the new password.5. It seems like SSO tries to sign into Windows withthe old password, which doesn't work andyou have to sign in manually.

You will only need to sign in a second time manually and then the chain is corrected and SSO will work normally. This issue occurs only if you configure Password Synchronization in both directions (preboot -> Windows and Windows -> preboot).

454901 Not possible to use Japanese characters during a master installation.

If double-byte characters are used in the path specification during a master installation, the characters will not be displayed correctly.

454539 Too little free space left on recovery media created on a USB.

The size of the Pointsec PC recovery media is limited to 1.4mb to be able to fit onto a floppy media. This causes problems when there is a large number of users in the Pointsec PC Database. When creating the recovery media, the following message can be issued:

"Unable to write recovery information to recovery medium"

This message is most likely issued because the Pointsec PC user database does not fit on the 1.4mb recovery image.

Solution/workaround:To resolve this problem, a Pointsec PC recovery-image language file, Recovery.img, has been compressed to contain only the US English language, thus reducing the amount of space taken by languages and thereby freeing space. The Recovery.img, file is located in the folder: US only recovery image in the Tools folder on the installation media. This file can be used if this issue occurs on a system.

To resolve the problem:1. Place the Recovery.img file located in the US only recovery image in the Tools folder, together with the UseRec.exe file located in the Pointsec for PC installation folder.

Note! Make sure that you do not overwrite the original Recovery.img file because you will need this file to create recovery media with full language support.

2. Double click the UseRec.exe application and browse to the recovery file for the machine you need to decrypt.

3. Create your recovery media.

http://www.checkpoint.com/support/technical/documents/index.html



454423 Multiple certificates on token.

If tokens are initialized and more than one certificate per token is added with "Aladdin eToken PKI Client 4.55.22", logon to Pointsec preboot malfunctions.This problem did not exist in the earlier Aladdin middleware the "Aladdin eToken Run Time Environment 3.65.26".

454222 Incorrect description of Fixed Password (Kotei Password) in the Japanese version of the Administrator's Guide.

The description of Fixed Password (Kotei Password) in the Japanese version of the Administrator's Guide incorrectly states that a Fixed Password can be of length 6-31 characters.

The correct length is: '4-31' characters.

453737 MI recovery file is not written when resetting values.

When changing "Uninstall" or "Create recovery media" permissions at the user level, the recovery file is updated by the client. But when resetting the value (by right-clicking and choosing "Reset value") in the MIMC, the update is deployed to the client and the client writes a log entry and the changes in permissions are implemented on the client, but the recovery file is not updated.

452500 Removing a user account via MIMC does not trigger the creation of a new recovery file.

Deleting a user account via MIMC fails to trigger the writing of a new recovery file.

The following scenario will produce the problem:1. Pointsec PC is installed, running, and configured.2. Add a user account which has uninstall and recovery permissions via MIMC.3. A new recovery file that includes the new user account is written.4. Remove the user account via MIMC.5. A new recovery file is not written.Workaround: To trigger the creation of a new recovery file, change the password of an existing user account that has uninstall and recovery permissions.

451763 Token removal malfunctions when using a SafeNet iKey 2032 USB token.

Token removal function "Lock workstation" fails when using a SafeNet iKey 2032 USB token.

Lock workstation works when the token is removed, but when it is reinserting nothing happened and the smart card error dialog displays: "An internal error occurred".

Environment:Middleware: SafeNet AS470MU20PC: Lenovo T61pPartition set: 9 volumesAlgorithm: Blowfish

451753 Possible problems if HID drivers are deployed to non-tablet PC EW/MI clients.

If you deploy Pointsec PC to non-tablet EW/MI clients, and the deployment contains HID drivers; the clients might not be able to boot into PPBE.

Workaround: disable the HIB drivers in the double-shift menu on the non-tablet PC EW/MI clients that have experienced the problem.

451750 Password synchronization fails when a UNC username is used in Windows Vista.

If you log on to Windows Vista using an UNC username for example,"[email protected]", password synchronization will not function.

Workaround: Log in as, for example, "maer\pmt-test.pointsec.com" and password synchronization will function correctly.


ID About Details



451653 2048 bit certificates fail in PPBE when using an ActivKey Display token.

A 2048 bit certificate will fail on the ActivIdentity Activkey Display token. The token supports 2048 bit certificates, and you can install the certificate on the token; but when authenticating in preboot the message "Invalid logon - The token or reader driver entered an unexpected error condition" is displayed. With a 1024 bit certificate, the ActivIdentity Activkey Display token works without problems.

451535 Event ID 1002 was not logged in the central log.

When an update profile is successfully deployed to a PC, event ID 1002 'Configuration update by profile' is logged in the local event database. However, it was not logged on the central log.

451435 Pointsec PC-to-Windows password synchronization and Novell single sign-on (SSO) do not work together.

The scenario that produces the problem is:

1. Install Novell Client 4.91 SP3.2. Install Pointsec PC.3. Enable "Synchronize Preboot Password to Windows" and "Enable SSO" on a user account.4. Make sure to initially have the same password in Windows, Novell and Pointsec PC.5. Establish the SSO chain between Pointsec PC and Novell.6. Change Pointsec PC password in preboot. During logon to Novell/Windows you get the message that Windows password has been synchronized with Pointsec PC.7. Reboot and logon with new password in preboot. During logon to Novell/Windows a message that SSO is enabled pops up (this is ok) but authentication halts on the Windows credentials (since it has been synchronized). Enter the new Windows password and you will logon but SSO will not re-establish. Reboot and re-enter the new Windows password several times but SSO chain will still be down.

Note: The other password synchronization feature "Synchronize Windows to Preboot Password" works with SSO.

433899 Important to understand how Group Authority Level (GAL) settings function before deploying it and before changing existing settings in a live environment.

After deployment of GAL, the authority levels have been set for users and groups on the system and any changes to this structure must be well planned before being executed.

It is important to understand the consequenses of lowering the group authority levels for certain groups such as administrators and system administrators. Not fully understanding this feature there is a risk that an adminsitrator with full authority creates a new group of administrators with a lower level than he/she has and then gives the new group higher authority level then he/she has and/or lowers his/her own GAL at the same time. We want to stress the importance of understanding the correct usage of the GAL feature and its benefits/risks before it is deployed and updated in a live environment.

433879 Creation of recovery media via a set fails in the management console.

Using Windows 2000 SP3 and after opening the PCMC, choose Remote --> Set --> Recovery and double click on one of the recovery files. Then authenticate with a user account that has the permissions required to create a recovery media. After authentication you will be notified that you have successfully unlocked the first step. But when you click OK to authenticate in the second step, the utility aborts and the recovery media cannot be created.

Workaround: Creating the recovery through the Start menu works, do that until this issue has been resolved.


ID About Details



429292 Hibernating a computer during encryption causes a bluescreen.

A bluescreen (stop error) occurs when a computer is hibernated during the encryption after installing Pointsec PC on Vista SP1.

Workaround: do not initiate hibernation until the encryption is complete.

417558 Exceeding Max failed logon in Windows Integrated Logon triggered Error 0x5000000.

Exceeding Max failed logon in Windows Integrated Logon triggered Pointsec PC error 0x5000000 followed by a blue screen.

416560 Possible to record credentials for an SSO user in Windows logon screen via Radmin.

It is possible to record the credentials for an SSO user in Windows logon screen via Radmin. The credentials are recorded in the SSO chain after logging on with an SSO, connecting via Radmin, and rebooting.

400016 A memory error delays booting of Pointsec PC immediately after installation on a Dell D830 laptop with Flash Cache active.

If Pointsec EW/MI is installed on a Dell D830 that uses a Flash Cache module, a memory error occurs on the first reboot after installing. If the PC is turned off after the error message is displayed and then is started again, the PPBE code is written, and Pointsec PC is installed successfully.

This occurs on Dell D830s with the flash cache module enabled in BIOS.

399936 Recovery file not written after resetting the value of the 'Logon authorized' setting.

After setting 'Logon Authorized' to 'No' for a user account, a new recovery file is written. But if you then change this setting by right clicking and selecting 'Reset value' so that you once again inherit the value (in this case YES) from the group, a new recovery file is not written. If you however set the value to YES you will get a new recovery file. Resetting the value does not seem to trigger the writing of a new recovery file even though the value has changed from 'No' to 'Yes'.

399894 Sanity check warning is issued when it should not be issued.

The sanity check which appears when closing PCMC warns that fewer then two user accounts have permission to perform uninstall in the following scenario:1. For the System group, specify the settings "Uninstall" and "Create recovery media" to: No.2. On two user accounts in the System group, set "Uninstall" and "Create recovery media" to: Yes.3. According to the new inheritance rules, the user account settings should override the group settings.4. Close PCMC, and a Sanity check will be displayed warning that fewer than two user accounts have permission to perform uninstall.

399878 Cannot install Pointsec PC on some Windows 2000 clients if Pointsec PC has previously been installed.

Sometimes it is not possible to install Pointsec PC 6.3.1 on a Windows 2000 client which previously had Pointsec PC 6.3.1 installed and subsequently successfully decrypted and removed. This problem only occurs if the client had been upgraded first from version 5.2.3 to 6.3.0 and then to 6.3.1.

399872 Recovery file not written to recovery paths added after the installation.

If you add new additional recovery paths after installation, new recovery files should be written to the directories addressed by the new paths. Three new paths were added after installation but recovery files were not written to the paths. Neither logging on to Windows several times nor running crerec.exe manually resolved the problem. The recovery file was written only after changing a value that triggers a recovery file update.


ID About Details



399820 Exception occurs when upgrading from the Pointsec PC 6x series if a USB memory stick is inserted on Dell Inspiron 9400.

The scenario that produces the error is:

1. Upgrade from Pointsec PC 6.2HF2 to 6.3.1 on a Dell Inspiron 9400 with Vista installed.2. Insert a USB memory stick (in this case, a SanDisk Cruzer).3. Reboot.4. An exception occurs (green screen) prior to display of the PPBE.5. Press a key and the PPBE is displayed and normal operation proceeds. Thus the green screen occurs only once.

The problem also occurs when trying to upgrade from 6.1.1 to 6.3.1 on same type of PC but with Windows 2K as the OS.

The green screen you only get once. When the USB memory stick is removed and you boot the machine, a black screen is displayed. This can be fixed by rebooting and disabling USB legacy in the BIOS.

399732 Error message in Remote Help session in PCMC.

When providing Remote Help from PCMC and navigating with the keyboard and Tab key (the mouse is not used) you got an error message with code 1280.


1. Open the PCMC.2. Go to Remote Help.3. Enter the End user account name and Helper account name.4. Select Dynamic token in the Type of helper authentication field.4. Select Dynamic token in the Type of helper authentication field.5. Use the keyboard and tab to generate the response.6. Press Enter.7. Error with code 1280 is displayed.

399654 The Windows Integrated Logon (WIL) setting on the client is overridden by any manual update from the MI Framework.

If Windows Integrated Logon (WIL) is enabled on an MI client, and then WIL is temporarily disabled using the tray, WIL is re-enabled by any manual update sent from the MI Framework to the client.

Note: If you want to use WIL, ensure that the WIL setting in the MIMC is enabled. It is not enough to enable WIL for an end user using only the WIL switch in the PPBE.

399600 The keyboard and mouse do not both work in PPBE if "Mouse support" is enabled in PABM on HP DX2000MT.

If "Mouse support" is enabled in the PABM on a HP DX2000MT either the USB/PS2 Keyboard or the USB mouse works, but not both, in PPBE. If you disable "Mouse support", the keyboard works. If "Mouse support" is enabled and BIOS "USB legacy support" is disabled, both the mouse and the keyboard work in PPBE.

399560 The Wake-on-LAN (WOL) setting "Set Max Number of Logons Allowed" is not updated in the MI Framework.

After a Wake-on-LAN (WOL) logon, the number of remaining allowed WOL logons is not reported to the MI Framework. The next time an update is sent to the MI client, the number of logons allowed on the client will be erroneously reset to the original number of allowed WOL logons.


ID About Details



399120 Hibernation start fails when using 3DES.


Note: If you want to use WIL, ensure that the WIL setting in the MIMC is enabled. It is not enough to enable WIL for an end user using only the WIL switch in the PPBE.

1. Install Pointsec and encrypt the system volume using the 3DES algorithm.2. Once encryption has finished, hibernate the PC.3. Start the PC, and log on to PPBE.

Note that it says "Starting Windows" instead of "Resuming Windows" as it should. Apparently the PC can be hibernated, but it can not be restored afterwards. Unsaved documents etc. at the time of hibernation are lost.

Hibernation using the CAST algorithm on XP SP2 and using the AES algorithm on 2000 UR1 works fine.

Environment:OS: 2000 UR1FS: FAT32/NTFSHDD/Vol: 1/3 (First hidden)Algo: 3DESPC: Dell D830 and Dell D600.

399058 After upgrading, the CreRec.exe fails upon start of the tray application.

The scenario that produces the problem is:

1. Install Pointsec for PC 6.0.0.2. Upgrade to Pointsec PC 6.2 HFA1.

A few seconds after the first start of the Pointsec tray application after the upgrade, CreRec.exe fails with the following message: "CreRec.exe has generated errors and will be closed by Windows...". After a minute or two, the error message disappears. The error can be reproduced by logging off and on again.If CreRec is run manually, the error message isn't displayed any more.

397785 Token removal handling does not function with all tested smart cards and smart card readers.

Tested different settings of the token removal feature on three different PC's using two different sets of smart cards/readers. Only the token removal setting "Do nothing" worked. It seemed to work only the first time because only the first attempt was added to the logs.

This feature has been tested earlier on Windows 2003 Server and Windows Vista with Alladin eToken middleware, and was reported that it worked.

Environment info:PC1: Dell D370PC2: IBM T60PC3: Dell D620OS: Windows XP SP2 on all PC'sMiddleware 1: RSA authenticator 1.0B25Middleware 2: AuthentIC 3.6.2Smart card 1: RSA 5200Smart card 2: Oberthur Cosmo 64 RSA v5.3


ID About Details



397774 (9958)

Clearing System Settings when creating a profile based on another profile or on local settings creates an installation that fails.

Create a profile (e.g. upgrade) and base it on an Upgrade profile and clear the System Settings check box when creating it. All System settings are blank in the new profile.

When using this profile, Pointsec upgrades; but the installation crashes when a user tries to use any of the System Settings.

Workaround: When making an upgrade profile, make sure to include all settings if it's based on another profile or on the local installation's settings. Do not clear any of the 'Base on' check boxes.

397727 Impossible to create recovery media on an MI server.

Description:Administrators cannot use the UseRec.exe application directly on the MI server to create recovery floppy disks, etc.

Two problems:1. In the directory: 1_Pointsec for PC\Tools\Reco_img\6.3.0, ccore32.bin is missing. This makes it impossible to run the UseRec tool directly from, for instance, a Pointsec installation CD.2. The Visual Studio 2005 runtime files are not installed with the Pointsec PC 6 module. They need to be added as merge modules in the installer in order to run UseRec.exe.

This means that the admin has to use a deployed client to create recovery media for other clients.

395374 Novell SSO needs 3 reboots to re-establish the SSO chain.

If the SSO chain between Pointsec and the Novell Client is established and password synchronization is performed, it will take 3 reboots to re-establish SSO.

The scenario that produces the problem is:1. Establish the SSO chain between P4PC and Novell Client.2. Activate password sync. with Windows.3. Change password in Novell/Windows.4. Reboot and SSO chain will be broken. It will take two additional reboots before SSO is established again.

Note that performing the same scenario with Windows GINA instead of Novell GINA requires only 2 reboots.

Environment info:P4PC version: 6.1.3 build 1108PC: HP T3350USB controller: OHCIOS: XP SP2FS: NTFSMSI: Windows Installer 3.1.NET: 1.1 & 2.0Novell Client:

372217 Pointsec PC and Imprivata compatibility issue.

A blue screen is displayed when Windows boots after installing Pointsec PC, Imprivata, and the registry has been modified.

9975 Cannot use "&" in the profile name when creating a profile.

An ampersand (&) cannot be used in a profile name when creating a profile.

Workaround: use only English upper- and lowercase characters and the digits 0-9.


ID About Details



9958(397774)

Clearing System Settings when creating a profile based on another profile or on local settings creates an installation that fails.

Create a profile (e.g. upgrade) and base it on an Upgrade profile and clear the System Settings check box when creating it. All System settings are blank in the new profile.

When using this profile, Pointsec upgrades; but the installation crashes when a user tries to use any of the System Settings.

Workaround: When making an upgrade profile, make sure to include all settings if it's based on another profile or on the local installation's settings. Do not clear any of the 'Base on' check boxes.

9935 DoD CAC Smart Card user with Token Removal Handling enabled is locked out of Windows after approximately 5 min.

When a smart card user is configured with "Use Pointsec Token Insertion / Removal Handling" enabled, and uses a DoD CAC with ActivCard Gold for DoD CAC middleware, once the system takes the setting, the removal of the smart card takes a short while to lock the system (a few minutes), but then locks the system. If the card is inserted, the system will automatically "lock" (i.e. go to screen saver mode) after a few minutes (about 3-5 minutes), regardless of user activity, so it is not behaving like the screen saver. The screen saver setting is configured for 10 minutes, but changing that value has no effect.

9872 Unable to change installed win language pack

Under Windows XP and Vista, if, for example, you install the Europe1 language pack and then realize that you wanted Europe2; you will not be able to install the Windows part of the Europe2 pack. When running the command shell as an administrator, you run the pscontrol command "install-win-language" and it fails with the error message "Cannot create the file when that file already exist"

Workaround: Remove the existing plang32. file from C:/Program files/Pointsec/Pointsec for PC/ and from C:/Windows/System32/, and run the command again.

9864 Ctrl+Alt+Delete required when logging on in Vista with SSO.

In some circumstances even though SSO is enabled in Pointsec PC, Vista forces the logged in user to press "Ctrl + Alt + Delete". After pressing "Ctrl + Alt + Delete", the user is l automatically logged in.

To eliminate the "Ctrl + Alt + Delete" step, go to the Control Panel -> User Accounts. Click "Manage User Accounts" and click the "Advanced" tab. To eliminate the need to press "Ctrl + Alt + Delete", clear the "Require users to press Ctrl + Alt + Delete" check box.

9752 Issue with RSA smart cards and Pointsec Token Insertion/Removal handling.

The Pointsec Token Insertion/Removal handling does not work with RSA smartcards. The problem is due to incompatibilities with the RSA middleware used to access the RSA smart cards.

Workaround: Utilize similar Token Insertion/Removal handling in RSA middleware.

9607 Upgrade only silent in Vista. Pointsec PC 6.2 contains an Automatic upgrade function. This function is used to for perform upgrade by distributing an Upgrade package to the "Upgrade path" or the "Work folder". In Windows 2000 and Windows XP, the end user is notified of the progress of the Automatic upgrade and is notified when the upgrade has been finalized. In Vista the upgrade does not display this information.

9411 PME setting "Use SSO with P4PC" issue.

The PME setting "Use SSO with P4PC" works only when Pointsec PC is installed before PME.


ID About Details



9403 PPBE hangs when a docking station is attached to the PC Acer TM 4400.

The PPBE hangs if a docking station is attached to the PC Acer TM 4400 and USB is enabled. If USB is disabled, the PPBE does not hang. However, in this latter case, the keyboard and mouse attached to the docking station do not work.Workaround:Disable USB support in PPBE via the PCMC setting "Enable USB".

9137 Cannot perform SSO with Entrust smart card user.

Cannot perform SSO with Entrust smart card user.The reason for this is that an error occurs when an attempt is made to store an Entrust profile required for SSO, on the smart card.

8980 The windows driver (prot_2k.sys) crashes if the system contains only 4.x/5.x volumes.

The Windows driver (prot_2k.sys) crashes if the system contains only 4.x/5.x volumes. This situation may occur if an upgrade is aborted in the PPBE and recovery is not performed on all volumes.The situation can be fixed by performing recovery on all volumes.

8965 Possible failure of Remote Help with legacy users

A user account with password authentication and the setting Case sensitivity = No or Convert to uppercase in 4.x/5.x = Yes may experience trouble providing Remote Help if he/she has not entered the password in uppercase letters.Workaround: Request that the person providing Remote Help use capital letters when entering the password in his/her system.

8811 Incorrect message displayed when disabling WIL

When disabling WIL via the tray menu, the message "Access to your user account failed" is displayed. This message is incorrect; the message should request the user to log off.

8183 Proventia Desktop stops the Pointsec PC installation.

The installation of Pointsec PC is stopped if the Proventia Desktop version 8 or 9 is installed.

Workaround:There are two possible workarounds for this issue:1. Disable the Proventia Desktop during installation of Pointsec PC.2. Add prot_ins.sys to Proventia Desktop exclusion list during installation.

8012 No PPBE logon displayed on Dell Inspiron when using an eToken NG Flash

No PPBE logon screen is displayed if an eToken NG Flash USB smart card is used on a Dell Inspiron 9400. After PC boot, the screen goes black and the PPBE screen is displayed.Workaround: Set the BIOS setting "USB Emulation" under POST behavior to "OFF" to avoid the problem.

7813 A Pointsec for PC upgrade fails if the machine is hibernated.

Hibernation should not be allowed to start during an upgrade, but Pointsec for PC does not inhibit it.Workaround: Disable hibernation during upgrade.

7773 Unable to read logs after upgrading from Pointsec for PC 6.0.0 to 6.1.3.

If you upgrade directly from Pointsec for PC 6.0.0 to 6.1.3, the system, local, and remote logs will be unreadable.Workaround: Upgrade from 6.0.0 to 6.0.1 first, then upgrade from 6.0.1 to 6.1.3, and the logs will be readable.


ID About Details



7510 Re-establishing single sign-on after password synchronization requires three reboots when SSO chain is between Pointsec for PC and a Novell Client.

If the single sign-on (SSO) chain between Pointsec for PC and a Novell Client is established and the following password synchronization scenario occurs, it will take three reboots to re-establish SSO.

Here is the scenario:1. Establish the SSO chain between Pointsec for PC and a Novell Client.2. Activate password synchronization with Windows.3. Change the password in Novell/Windows.4. Reboot and the SSO chain will be broken. It will take two additional reboots before SSO is established again.The same scenario with Windows GINA instead of Novell GINA requires only two reboots.

7367 Deselected volume disappears from list.

While deselecting volumes one of the volumes suddenly disappeared from the list. The "lost volume" reappears after any key is pressed.

7261 PPBE - Machine stops during the Pointsec for PC load screen --compatibility issue with Computrace software.

Due to architectural difference between Pointsec for PC and Computrace software, there is compatibility issue between Pointsec for PC and Computrace software when Computrace is run in software persistence mode.

Workaround: Rewriting the master boot record makes the machine boot normally, for example, fdisk /mbr.

6934 Access to Local and Access to Remote settings

Note that when upgrading from 6.0.0 or 6.0.1 to 6.1, the values of Access to Local setting and Access to Remote setting are, by default, set to "Yes". These settings can of course be set to "No" after installation

Workaround:Deploy a profile where you set this permission to NO for your end-users as soon as you have successfully upgraded your clients.

6905 Interoperability problem with PME and recovery media creation

When creating recovery media to a USB memory stick while having PME installed, there may be a problem after the first part of the creation is done.

After unplugging and re-inserting the USB memory as instructed by the program, a blank (all white) PME window will sometimes pop up after you have pressed OK. Both windows (PME and Pointsec recovery media) will stop responding, and you will have to close the applications via the Task Manager.

6844 RRU boots before PPBE when ordering restore from Windows.

When ordering a restore from within the Windows part of RRU, the computer restarts and then boots into RRU before allowing you to authenticate in PPBE. If you reboot from within RRU, you will get to PPBE; and then you will boot into RRU and it will perform the requested restoration.


ID About Details



5437 Difficulties when creating an installation profile based on local settings for smart card users.

You can experience difficulties when creating an installation profile that is based on local settings when you are required to provide new authentication for the profile and you want to use a smart card you have used previously. In this case, Pointsec requires that you re-associate the smart card (plus certificate) and the user; and this it may not always be possible to acquire all the certificates needed for all the users.

Workaround:Rather than trying to re-assign the smart card to the user, assign the user a fixed password and switch to smart card and certificate later. Alternatively, define a temporary smart card user so the user can reassign the certificate him/herself on the next boot of the PC.

5239 Do not remove PCMCIA reader or smart card until authentication is completed in PPBE.

Do not remove the PCMCIA reader or smart card while authenticating. They can be removed when authentication has been completed in PPBE.

5233 Changing the password in Windows temporarily disables single sign-on.

When single sign-on is enabled, if you change your password in Windows, single sign-on will be temporarily be disabled. The next time you log on, a message will be displayed saying that Pointsec cannot log on to Windows - please enter your Windows password. After you correctly enter your Windows password, single sign-on will again function.

5135 Problems when opening a recovery file.

Users can encounter problems when attempting to open a file by double clicking it.

Workaround:Start the recovery program, and open the recovery file there.

5019 Password rules conflict with Unicode support

* "Allow Special Characters". The current description in the PCMC of this setting is: "Besides a-z, A-Z and 0-9, allow the use of the semicolon and the following other special characters: ! " # $ % & ' ( ) * + , - . / : < = > ? @ { }". As described, the setting would not allow the full range of Unicode characters to be used whether set to "On" or "Off". With regards to actual Pointsec functionality, the following is a more accurate description: "Allow use of the following special characters: ; ! " # $ % & ' ( ) * + , - . / : < = > ? @ { }." If this setting is set to "No", these special characters are not allowed in passwords. However, all other Unicode characters are allowed regardless of the setting.* "Require upper and lower case". This only makes sense in alphabets that have case forms. * "Allow password of adjoining characters." This is meant to prevent entering series of characters from adjoining keys on the keyboard. However, only the US keyboard layout is used to detect adjoining characters.

4679 RRUinstall.msi installer installs driver on wrong volume.

The RRUinstall.msi installer installs the driver required by Pointsec for PC to support RRU, on the wrong volume.Workaround: specify the target drive with the MSI Property TARGETDIR=C:\

For example: msiexec /i InstallRRU.msi TARGETDIR=C:

4298 Difficulties recovering selected volumes when running the Recovery program

If you lose mouse functionality when running the recovery program individual volumes cannot be selected.

Workaround:Recover all volumes rather than selected volumes.


ID About Details



Known Hardware-Related Issues in This ReleaseThe following are known hardware-related issues in this release:

Table 5 Known Hardware-Related Issues in This Release

ID About Details

398232 No support for hybrid disk Description:If 'NV cache' is enabled, the installation will fail to install.The Pointsec SA seems to be written on a cache part. So the SA seems to be flushed and the installation fails.Disable NV cache and install Pointsec, then enable NV cache gives database corrupt randomly in preboot.

Environment info: Znote 6224wVista UltimateHDD: Samsung HM16HJI ATA Hybrid Hard Disk

398074 (10259)

The combination of an Axalto Cyberflex Access 64K Pegasus v2c smart card and a Schlumberger USB Reflex Version 1. smart card reader fails in preboot.

Preboot authentication using the combination of an Axalto Cyberflex Access 64K Pegasus v2c smart card and a Schlumberger USB Reflex Ver 1. smart card reader fails.

7909 Dell D410 does not always boot into PPBE when connected to a Dell external USB bay.

Connecting a Dell D410 to a Dell external USB bay can prevent the machine from booting into PPBE. If the bay is connected in PPBE, the machine can terminate with a black screen immediately after PPBE logon. Both behaviors are intermittent, and both occurred when a CD-ROM (with no CD) was connected to the bay.

7891 Blinking cursor on the MPC ClientPro 365.

Using a smart card on an MCP ClientPro 365 machine with the following BIOS settings, will cause the cursor to blink:

plug and play os = nolegacy usb = disabledWorkaround: Use the factory BIOS settings, which are:plug and play os = yeslegacy usb = enabled.

7633 PPBE authentication window freezes when both a smart card reader and Iomega USB BXXU0130 floppy disk drive are present.

The PPBE authentication window freezes when both a smart card reader and an Iomega USB BXXU0130 floppy disk drive are attached to the machine. Removing the Iomega USB floppy disk drive will activate the PPBE authentication window again, and you can proceed.

This problem has occurred on the following PCs: Dell Inspiron 9400, Dell Latitude D600, Sony Vaio Z1.

7532 PCMC crashes after logon in the Windows environment with a with Setec EID IP2 smart card.

Logon in Windows environment with the Setec EID IP2 smart card will crash the PCMC/tray because of problems with the CSP.

7464 Mouse does not work when creating a recovery file on a USB memory stick on an Acer TM4401.

When creating a recovery file with a USB memory stick on Acer TM4401 the mouse does not work. When the recovery menu is displayed, neither the keyboard nor the mouse works for the first 2-3 minutes. After this delay, it is possible to use keys and to tab but it is not possible to select volumes to recover -- you have to select all volumes.

7396 USB optical mouse malfunction in the PPBE.

The USB mouse does not work in PPBE on the Acer Ferrari 3200. The optical USB mouse has its light on in the BIOS, the operating system, and in the Pointsec alternative boot menu; but not in the PPBE.



7388 Unregistered characters when entering keystrokes with a USB enabled keyboard with built in smart card reader.

If setting for USB is enabled in PCMC (under Hardware) and a keyboard with built in smart card reader is used, the following behavior occurs in the PPBE: when entering the user account name, the first character is not registered or visible. For example, if the user account name is ADMIN you must enter AADMIN for it to be interpreted as ADMIN.

Tested on Hewlett Packard T3350 and T3350-2.

7215 Hot plugging of USB devices does not work on the IBM-Lenovo ThinkPad T60.

Hot plugging of USB devices does not work on the IBM-Lenovo ThinkPad T60.

You can log on with a USB token if it is plugged in from start.

7164 PCMC logon fails when using a Setec EID IP2 smart card together with a CardMan 4040 reader.

The PCMC crashes when trying to read the certificates stored on smart card "Setec EID IP2". The PPBE does not recognize any certificates stored on smart card "Setec EID IP2" when using smart card reader: CardMan 4040 (PCMCIA) together with the following drivers:

cm4040.bin and opensc.bin.

Workaround: Copy the certificate to Windows the personal store using smart card middleware.

6883 USB keyboard intermittently malfunctions in PPBE on a Hewlett Packard T3350

The USB keyboard intermittently stops functioning in PPBE on a Hewlett Packard T3350. This happens in the following environment:

- USB mouse was connected and worked flawlessly in PPBE- USB was enabled in PCMC- USB legacy support was enabled in BIOS- Plug n Play OS was disabled in BIOS

Workaround:Unplug the keyboard in PPBE and then plug it in again.

6854 Not possible to log on in PPBE with RSA SID 800 and Ferrari 3200

The following scenario produces the problem:

1. Install Pointsec for PC using an interactive profile with one smart card account. The files: msc_p11.bin and prd_ccid were added to precheck.txt.2. Middleware was installed after installation of Pointsec for PC.3. After reboot, with the smart card inserted, no pin code dialog box is displayed in the PPBE.4. Nor is the pin code dialog box displayed when the smart card is inserted after reboot but before logging in to PPBE.This problem concerns RSA SID 800 and Ferrari 3200.

6779 USB hub Targus PAUH210 does not work with the HP T3350.

The USB hub Targus PAUH210 does not work with the HP T3350 in the PPBE (the Pointsec for PC preboot environment).

6701 HP T3350 hangs before PPBE with USB smart card support enabled

When USB smart card support is enabled, and no PPBE smart card drivers are installed, the HP T3350 desktop PC may hang before the PPBE authentication is displayed.

Workaround:Specify the following BIOS settings:"PNP operating system should be set to YES"USB legacy support should be set to ONNote that the above settings are the factory settings.


ID About Details



6693 Recovery fails when using certain USB devices on some machines

The recovery program can fail when creating a recovery medium on certain USB devices. For example, the recovery program failed when using a USB memory stick on an IBM x60s machine, but it ran successfully on the same machine using a USB floppy disk.Workaround: BIOS upgrade to 2.10 resolves this issue.

6690 Not possible to use USB mouse/keyboard in PPBE when they are connected via USB hub Targus PAUH210 to a Fujitsu Siemens 7020.

On a Fujitsu Siemens 7020, a USB mouse/keyboard will not work in PPBE if they are connected via a Targus PAUH210 hub. USB mouse and keyboards did work when connected via other hubs.

6679 Error with recovery using USB media on IBM A51.

When USB media is used to perform recovery on the IBM A51, an error occurs when you boot into the recovery program. The error message is as follows:

Divide error***Program terminated, rc=03***

This seems to have to do with the startup device menu, where the USB media must come before the HDDs instead of after them.Workaround: It is possible to perform recovery with USB media if you ensure that the USB device comes before the HDDs in the startup device menu.

6570 Keyboard function lost Unable to use the keyboard in the preboot customization menu after USB smart card support has been enabled on an ACER TM 4401 notebook. The keyboard does not function in the PPBE either, so you cannot logon. The problem does not occur on each reboot. It appears more frequently when other USB devices are connected or used or both during preboot.

6553 Wrong smart card driver for smart cards with identical ATR string in PPBE.

In the PPBE smart cards are handled via loadable drivers.The driver that is used for a specific smart card is set up via registry (.inf) files. The registry files may contain one or more smart card entries. Each entry consists of the smart card ATR string and the name of the PPBE driver that will be used for the smart card. Unfortunately, several smart cards may use the same ATR string, and therefore the same ATR string may be present in several entries, which each identify a different driver. When a smart card is detected in the PPBE, the ATR string is extracted. The first driver, according to the registry file, that is available in the PPBE is thereafter loaded and used to handle the smart card.

This means that if several smart card drivers which support the same ATR string are available in the PPBE, the wrong driver may be used. To minimize the probability of this happening, the number of smart card drivers in the PPBE should be minimized.

6266 Error if a SanDisk CompactFlash® PC Card Adapter is present at preboot authentication.

If a SanDisk CompactFlash® PC Card Adapter is present at preboot authentication, a fatal error occurs with error code 0x50010DA during Windows boot. This occurs even if PCMCIA support is disabled in preboot.

6255 RSA SecurID dynamic token not detected on Acer Ferrari 3200, Dell Inspiron 6400, and Dell P670 when inserted in PPBE.

An RSA SecurID dynamic token is not detected on an Acer Ferrari 3200, a Dell Inspiron 6400, and a Dell P670 when inserted in PPBE.

Workaround: insert the RSA SecurID dynamic token before you turn on the PC.


ID About Details

FYI


FYIThis section contains information that may be valuable in certain situations.

6199 Pointsec for PC preboot environment does not detect a smart card token, for example´, an RSA SecurID 800 authenticator.

On certain machines, Pointsec for PC does not detect the presence of a smart card token and does not display the PIN dialog in the preboot environment. This can happen in the following two scenarios:

Scenario one:1. The machine is on and the preboot logon dialog is displayed.2. Insert the smart card token, but no PIN dialog is displayedWorkaround:With the smart card token still inserted, turn the power off and wait a few seconds. Then turn the power on while the smart card token is still inserted, and the PIN dialog will be displayed.

Scenario two:Insert the smart card token and turn the machine on. The preboot logon dialog is displayed, but the PIN dialog is not displayed.

Workaround:Remove the smart card token, turn the power off, and wait a few seconds. Turn the machine on again. The Pointsec PC preboot logon dialog is displayed. Insert the token and the PIN dialog will be displayed.

6035 Booting from a USB memory stick fails immediately after authentication on an HP dx5150.

Booting from a USB memory stick recovery medium created by the create recovery program fails on the HP dx5150. The machine hangs after you have entered your user account name and password.

Workaround: using a floppy disk in a floppy disk drive connected via the USB port.

5513 eTokens do not function on Acer Ferrari 3200 PCs.

eTokens do not function on Acer Ferrari 3200 PCs.


ID About Details

Table 6 FYI

ID Short Description Description/Info

397163 Errors when copying files to a local copy during the installation of the Pointsec PC 6 module into the MI framework

Errors may occur during installation of the Pointsec PC 6 module into the MI framework when copying files to a local copy. If the error message says "The file name is too long" and "Fails to copy files to specified directory", the problem is due to long paths to the installation package.

If the error occurs, the installation cannot be stopped. You will have to copy the Pointsec PC 6 files manually from the installation package afterwards. The folder containing the Pointsec PC files is called "PPC6 MI Client".

Workaround:Initiate the installation from C:\ or from a CD.

Documentation Feedback


Documentation FeedbackCheck Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to:

[email protected]

2291 Issue with Windows XP restore points.

Pointsec PC handles Windows XP restore points in the following way:

• Restore points that exist prior to the installation of Pointsec are removed.

• Restore points created after Pointsec has been installed can be used to restore Windows. If Pointsec is uninstalled, these restore points are removed.

Table 6 FYI

ID Short Description Description/Info

mailto:[email protected]?subject=Check Point User Guide feedback

Pointsec PC EW 6.3.1 HFA6 Release Notes€¦ · Environment: Dell E6400 with 1GiB RAM, BIOS ver...

Documents

Transcript of Pointsec PC EW 6.3.1 HFA6 Release Notes€¦ · Environment: Dell E6400 with 1GiB RAM, BIOS ver...