Release Notes - Check Point Softwaredownloads.checkpoint.com/fileserver/SOURCE/direct/... ·...

Release Notes

Release Notes October 19, 2009

Pointsec PC 6.3.1 HFA5 © Copyright Check Point Software Technologies, 1997-2009.

This document contains product information about Pointsec PC for Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Vista.

Contents

About This Document .................................................................................................................... 2

Summary of Changes .................................................................................................................... 2

New in This HotFix Accumulator Release (6.3.1 HFA 5) ...................................................................... 2

System Requirements .................................................................................................................... 2

Tablet PCs That Support Touch-Pen Logon in Preboot ....................................................................... 4

IMPORTANT – Windows Integrated Logon (WIL) ................................................................................ 4

Upgrading .................................................................................................................................... 4

Possible Security Risk When Using SSO with a Remote Desktop Application ....................................... 5

Fragmented Disks ......................................................................................................................... 5

Modifying the Pointsec for PC.msi Package Not Supported ................................................................ 5

About File Systems/Volumes/OS Upgrades....................................................................................... 5

Software Incompatibilities .............................................................................................................. 6

Pointsec PC and VMware ............................................................................................................... 6

Pointsec PC and Windows Vista BitLocker Drive Encryption ............................................................... 6

Known Limitations ........................................................................................................................ 7

Fixed in This Release ..................................................................................................................... 9

Known Issues in This Release....................................................................................................... 12

FYI ............................................................................................................................................ 36

Late-breaking Documentation ....................................................................................................... 36

1

Pointsec PC 6.3.1 HFA5 October 19, 2009

Release Notes

About This Document This document contains information about Pointsec PC version 6.3.1 HFA5, such as what problems have been fixed since the previous release, and the system requirements. This document applies to both the EW version and the MI version of the product.

In this document, the abbreviation N/A is used. N/A means Not Applicable.

Summary of Changes This version of the Release Notes (October 19, 2009) contains the following changes (compared to the previous version, November 19, 2008):

• The text of CR00454539, under Known General Issues in This Release on page 12 has been updated.

• The date is now used to indicate the document version: to conform to Check Point standards, the date on the cover page or first page of any Pointsec PC documentation now indicates the document version. Letters are no longer used for this purpose.

New in This HotFix Accumulator Release (6.3.1 HFA 5) This HotFix Accumulator release, Pointsec PC 6.3.1 HFA5, contains:

• The corrections to the product that are described under “Fixed in This Release” on page 9.

System Requirements The following sections describe operating system, memory, and disk space requirements and limitations. It also describes other system software that is required.

Operating Systems Pointsec PC is supported when installed on an x86-compatible computer with: • Microsoft Windows Vista (32-bit only): Ultimate, Business, or Enterprise.

• Microsoft Windows Vista (32-bit only) SP1: Ultimate, Business, or Enterprise

• Microsoft Windows Vista (32-bit only) SP2: Ultimate, Business, or Enterprise

• Microsoft Windows XP Tablet PC Edition.

• Microsoft Windows Server 2003 (all variants and SPs) on workstations/PCs only; that is, not on servers.

• Microsoft Windows 2000 Professional SP4 UR1.

• Microsoft Windows XP Professional (SP1, SP2, and SP3. SP3 is recommended).

2


Release Notes

Pointsec PC is NOT supported when installed on a computer with:

• Microsoft Windows XP Home (all variants and SPs).

• Microsoft Windows Media Center Edition (all variants and SPs).

Pointsec PC is NOT supported on Apple Macintosh computers.

Other Systems Required Microsoft .NET Framework 2.0 or later is required to be able to use the Pointsec PC Management Console (PCMC). If, however, the PCMC will not be used on a machine, it is not required to install .NET on that machine.

Operating System Requirements/Limitations Stripe/Volume Sets On Windows 2000/ Windows XP, Pointsec PC should not be installed on partitions that are part of stripe or volume sets. Compressed Root Directory Pointsec PC cannot be installed if the root-directory (or root directories) is/are compressed. The root directory must be decompressed before Pointsec PC is installed. However, subdirectories of the root directory may be compressed. Windows User Account requirements for Installation and Uninstallation In order to install or uninstall Pointsec PC, the user account executing the action (either directly, through "Run As…", or as a service) must be authorized to perform installations, this usually means having Administrator permissions. Windows User Account Registry Permission Requirements In order to install, upgrade, change language and import profiles on a Windows 2000 PC, a user account needs the following registry permissions: Query value, Set value, Create subkey, Enumerate subkey, Notify, Create link, and Read control. In order to remove on a Windows 2000 PC, a user account needs the above registry permissions plus Delete.

Requirements for Dynamic Tokens Pointsec PC supports any dynamic token that supports the ANSI X.9.9 security standard if the DES algorithm is used together with these tokens.

Memory and Disk Space Requirements The current memory and disk space requirements are: Operating System Memory Disk Space Windows Vista 512 MB

RAM 100 MB, of which 2 MB must be contiguous, free space.

Windows XP 128 MB RAM

100 MB, of which 2 MB must be contiguous, free space.

Windows 2000 64 MB RAM


Windows 2003 Server

128 MB RAM


3


Release Notes

4

Operating System Memory Disk Space Note: Not server hardware

Windows XP Tablet Edition

128 MB RAM


Note: The disk encryption process does not require extra space on the hard disk.

Tablet PCs That Support Touch-Pen Logon in Preboot Pointsec PC 6.2 and all later versions support preboot authentication with touch pens on the following tablet PCs:

• HP TC1100 • HP TC4200 • IBM X41 • Toshiba Portégé M200 • Toshiba Portégé M400 • Motion Computing LS800 • Motion Computing LS1600 • Motion Computing LS1700 • Motion Computing C5 • AMTek Smart Caddie SCA002

IMPORTANT – Windows Integrated Logon (WIL) When implementing Windows Integrated Logon (WIL), weigh the total cost of ownership (TCO) impact of implementing Pre-Boot Authentication against the need for strong security when accessing the encrypted data at rest. WIL simplifies the user’s experience when logging on to encrypted machines at the cost of limiting the strength of the PC’s security configuration. Consider using Single Sign-On (SSO) in conjunction with proper Pre-Boot Authentication as an alternative to WIL. Carefully weigh the usage of WIL versus using user-authentication-based Pre-Boot Authentication according to the requirements of implemented enterprise security standards and goals.

Upgrading You can upgrade to Pointsec PC 6.3.1 from the following Pointsec for PC 4.x and 5x versions:

• Pointsec for PC 4.1 sr 2.14 or later

• Pointsec for PC 4.2 sr 1.4 or later

• Pointsec for PC 4.3

• Pointsec for PC 5 x.x

For more information about upgrading from these versions, see the Administrator’s Guide.


Release Notes

For information about upgrading from Pointsec for PC 6.x.x to 6.3.1, see the chapter in the Administrator’s Guide devoted to this topic.

Possible Security Risk When Using SSO with a Remote Desktop Application Consider the possible security risk when using SSO with a remote desktop application. Normally this is not a problem because only Administrators have permission to connect to a remote computer via the remote desktop application.

Fragmented Disks 2 MBS of contiguous disk space is required for Pointsec PC installation. If this amount of continuous space is not available, the installation will fail. In general, it is considered good practice to avoid fragmented disks to enhance overall performance. It is also considered good practice to defragment disks prior to installing Pointsec PC.

Modifying the Pointsec for PC.msi Package Not Supported Do not modify the Pointsec for PC.msi package in any way. For instance, do not attempt to modify the Pointsec for PC.msi package by using transforms. Modification of the Pointsec for PC.msi package invalidates the supportability of the product.

About File Systems/Volumes/OS Upgrades Resizing Partitions and Using Disk Management Features/Utilities

Never use software that alters the workstation’s disk partitions when Pointsec PC is installed on the workstation. If you need to resize a partition, remove Pointsec PC completely first and then resize the partition. Overlapping Partitions

When moving disks between computers where the computers have different head counts (e.g. H=64 --> H=16) FDISK may produce overlapping partitions. The operating system does not notice this. Pointsec PC will not start encryption if overlapping partitions are found. This problem can sometimes occur on machines with multiple volumes. System on Volume without Drive Letter

If the system partition is not accessible using a drive letter when Pointsec PC is installed, necessary changes cannot be made; and the installation cannot be completed. Disk Utilities

Do not use disk utilities to change file systems or resize any volumes on the hard disk if Pointsec PC is installed on the computer; in most scenarios, doing so leads to an unusable system and loss of system data.

5


Release Notes

OS Upgrades

Do not upgrade from one operating system version to another while Pointsec PC is installed, for example upgrading from Windows 2000 to Windows XP. This may lead to an unusable system. However, you can install hotfix upgrades.

Software Incompatibilities Remote Help Malfunctions on Slaved Hard Disk Drives Remote Help’s remote password change and one-time logon do not function on slaved hard disk drives.

Anti-virus Software Pointsec PC is not fully compatible with some anti-virus software. The encryption process performed by Pointsec PC is performed in the background and does not affect computer performance noticeably. However, if anti-virus software runs a disk scan while Pointsec PC is encrypting the disk, performance will be impaired.

BIOS anti-virus feature functionality should be disabled. If active, it will cause the system to hang when reloading from suspend mode.

Pointsec PC and VMware Pointsec PC does not support VMware in a production environment. VMware is supported only for testing and demonstrations. In addition, note that the use of smart cards and smart card readers together with Pointsec PC is severely restricted in VMware sessions.

Pointsec PC and Windows Vista BitLocker Drive Encryption Windows Vista BitLocker Drive Encryption cannot be used together with Pointsec PC.

6


Release Notes

Known Limitations This section documents known limitations to Pointsec PC.

Unformatted Partitions Will Trigger the Cancellation of the Installation If computer on which Pointsec PC is being installed has an unformatted partition, the installation will be cancelled.

Multiple Drivers Can Hinder Upgrade Having multiple drivers allocated can cause upgrade to fail. Workaround: Reduce the number of drivers to one set of a card and a reader driver before upgrading. More drivers can be allocated after the upgrade is complete.

Smart Card Feature in the Pointsec Preboot Environment Systems that do not allow the disabling of USB Legacy support in the BIOS may be incompatible with the smart card feature in the Pointsec PC preboot environment.

Windows Vista’s ReadyBoost™ and ReadyDrive™ Are Not Supported Pointsec PC does not support the use of Windows Vista’s ReadyBoost™ and ReadyDrive™ technologies. Support for these technologies will be added to a future Pointsec PC release.

FIPS Compliant Dynamic Tokens Are Not Supported Pointsec PC does not support dynamic tokens that are formatted to be FIPS compliant.

Token Insertion/Removal Handling Feature The Pointsec PC Token Insertion/Removal Handling feature is unreliable except when using Aladdin eTokens.

Deployment Software When Pointsec PC is installed on a client using deployment software such as SMS or Tivoli, the software must be run as LOCAL_SYSTEM and have “Interact with desktop” activated. If the software is run as a normal user account, the installation will fail.

Alternative Boot Menu The options displayed in the alternative boot menu depend on what the BIOS of the machine supports and the hardware that is currently installed. Therefore, the fact that an option is listed in the menu does not mean it is supported by Pointsec PC.

SATA USB/CD/DVD devices not supported in Alternative Boot Menu SATA USB/CD/DVD devices are not supported in the Alternative Boot Menu.

Dual Booting Pointsec PC does not support dual boot environments.

7


Release Notes

Japanese Language Pack Does Not Contain All Japanese Characters The Pointsec PC Japanese language pack does not contain all Japanese characters. This means, for example, that if the computer name contains Japanese characters that are not contained in the Japanese language pack, these characters will be displayed as black boxes.

Multiple Hard Disks Pointsec PC 6.3.1 supports up to six hard disks, which together can have a maximum total of 12 volumes protected by Pointsec PC.

Recovery and Hibernation Do not attempt to perform recovery on a hibernated machine.

Hidden Volumes Pointsec PC cannot be installed on hidden volumes.

Mounted Volumes/Dynamic Disks Mounted volumes/dynamic disks are not supported.

USB and CD-ROM Limitations Devices with boot media should be removed while Pointsec Preboot Environment is loading. USB devices, bootable CD-ROMs, and bootable DVD-ROMS are not supported in the system during the Pointsec Preboot Environment and during preboot authentication.

Documentation Cosmetic errors exist in the documentation: some screen images can be “back-level” and/or do not match the text. Note that the text is correct; it is the screen captures that are back level.

8


Release Notes

Fixed in This Release The following items have been corrected in Pointsec PC 6.3.1 HFA5: ID About Details 454660 Stop error when a

second hard disk is attached via a MultiBay.

A bluescreen would sometimes occur during the first startup after Pointsec PC installation when a second encrypted hard disk was attached via a MultiBay unit.

454604 Token removal handling.

Certain aspects of token removal handling have been enhanced in Pointsec PC HFA5.

454457 The Administrator’s Guide incorrectly stated that smart cards can be used to authenticate to Remote Help.

The text of the Administrator’s Guide has been updated to the following: Select the type of authentication used by the account you are using to provide Remote Help:

For a fixed password, select: Password; for a dynamic token, select: Dynamic Token. Helper authentication using smart cards/USB tokens is not supported.

454362 Update profiles not deployed if they contained a Japanese character in the screen saver text.

Update profiles would not be deployed if they contained a Japanese character in the screen saver text. The profile would disappear from the work folder, and no error was logged in event viewer.

454322 The Administrator’s Guide incorrectly stated that "Clients accept only upgrade packages that have been created with their current serial number".

The text in the Administrator’s Guide has been updated, to say:

...

Use the serial number of the local installation Select this checkbox when you upgrade from 4.x/5.x and the same serial number is used on the local machine and on the clients. See Serial number currently used by clients, below.

....

Serial number currently used by clients Enter the 4.x/5.x serial number used by the clients in this text box if the serial number used on the local machine is not identical to the serial number used by the clients.

...

4) Select the Use the serial number of the local installation checkbox if you are upgrading from 4.x or 5.x and the serial numbers used on the local machine and on the clients are identical. If the serial number used on the local machine is not identical to the serial

9


Release Notes

10

ID About Details number used by the clients, ensure that the Use the serial number of the local installation checkbox is not selected, and then enter the serial number used by the clients in the Serial number currently used by clients field.

454316 Encryption did not start if the last specified recovery path is not accessible.

When multiple recovery paths were specified in the installation profile with which Pointsec PC was installed, and the last recovery path in the list was not accessible, encryption would not start even though the other paths were accessible. A log entry was created, warning that the recovery file creation failed.

454228 Unclear description of the requirement to reenter the Upgrade Validation Password after upgrading.

The text in the Administrator’s Guide has been updated to:

The Update Validation Password Must Be Reentered After Upgrade The security of the update validation password has been enhanced, and because of this it has a new internal format. This requires that you re-enter the update validation password that was used in the version from which you have just upgraded after upgrading to Pointsec PC 6.2.0 Hotfix Accumulator 1 (HFA1) or later. When you start the PCMC immediately after upgrading, you will be prompted to set the update validation password. You must specify the update validation password that was used in the version from which you have just upgraded because this is the password that the other machines you want to upgrade use to validate profiles. Otherwise, no profiles will be accepted on those machines. After entering this update validation password in the PCMC, you should immediately publish an update profile that contains this password (in its new format).

454153 Recovery/log path was not displayed correctly when it contained Japanese characters.

Paths are now displayed correctly.

454110 When user account name contained the character '@', Remote Help could not be invoked.

If the username of the end user that was attempting to receive the Remote Help contained the character '@', neither one-time logon nor password change functioned. After entering the response, the challenge was displayed as 'invalid'.

454108 The Administrator’s

The description has been updated in multiple places, for example:


Release Notes

11

ID About Details Guide description of the Hardware Hash was incorrect.

Specifies if a hardware hash derived from, among other things, IDs found in the BIOS and on the CPU will be calculated to ensure that the hard drive has not been tampered with.

454082 Encryption did not

start during installation when IgnoreOldInstallation is set to ‘Yes’ in precheck.txt.

When reinstalling on one volume when other volumes are already encrypted, and thus ‘IgnoreOldInstallation’ is set to ‘Yes’ in precheck.txt to enable the reinstallation, encryption did not start.

453989 Unable to complete an upgrade from Pointsec for PC 4.x/5.x to Pointsec PC 6.3.1 HFA2 via a Remote Desktop.

When starting an upgrade from Pointsec for PC 4.x/5.x to Pointsec PC 6.3.1 HFA2 via Remote Desktop, the upgrade fails when trying to write the recovery file.

453725 EventID 1 error issued in System log after installing Pointsec PC 6.3.1 HFA2.

After installing 6.3.1 HFA2, the following error log was created in the system log/Windows event viewer:

‘The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.’

453111 Hard disk slaving caused an initial bluescreen: 0x0000007E.

After installing Pointsec PC 6.3.1 HFA1 on two PCs, enabling slaving of hard disks, and slaving the second PC’s hard disk to the first PC, a prot_2k.sys 0x0000007E bluescreen occurred when logging on to Windows. If the PC was then rebooted the slaved disk was accessible.

452396 Precheck.txt value InitalStartDelay malfunctioned.

The value specified for InitalStartDelay in the precheck.txt file did not trigger the expected delay.

418641 Blue screen occurred when slaving a hard disk.

When slaving a hard disk drive, if you allowed the slaving authentication to time out, you would get a blue screen with the error: STOP: 0x05001545.


Release Notes

Known Issues in This Release The following sections document known issues. There are three sections: Section On page Known General Issues in This Release 12

Known Hardware-related Issues in This Release 30

Known General Issues in This Release The following items are known general issues in this release: ID About Details 454901 Not possible to use

Japanese characters during a master installation.

If double-byte characters are used in the path specification during a master installation, the characters will not be displayed correctly.

454539 Too little free space left on recovery media created on a USB.

The size of the Pointsec PC recovery media is limited to 1.4mb to be able to fit onto a floppy media. This causes problems when there is a large number of users in the Pointsec PC Database. When creating the recovery media, the following message can be issued:

"Unable to write recovery information to recovery medium"

This message is most likely issued because the Pointsec PC user database does not fit on the 1.4mb recovery image.

Solution/workaround:

To resolve this problem, a Pointsec PC recovery-image language file, Recovery.img, has been compressed to contain only the US English language, thus reducing the amount of space taken by languages and thereby freeing space. The Recovery.img, file is located in the folder: US only recovery image in the Tools folder on the installation media. This file can be used if this issue occurs on a system.

To resolve the problem:

1) Place the Recovery.img file located in the US only recovery image in the Tools folder, together with the UseRec.exe file located in the Pointsec for PC installation folder.

Note! Make sure that you do not overwrite the original Recovery.img file because you will

12


Release Notes

13

ID About Details need this file to create recovery media with full language support.

2) Double click the UseRec.exe application and browse to the recovery file for the machine you need to decrypt.

3) Create your recovery media. 454423 Multiple certificates

on token. If tokens are initialized and more than one certificate per token is added with "Aladdin eToken PKI Client 4.55.22", logon to Pointsec preboot malfunctions.

This problem did not exist in the earlier Aladdin middleware the "Aladdin eToken Run Time Environment 3.65.26".

454222 Incorrect description of Fixed Password (Kotei Password) in the Japanese version of the Administrator’s Guide.

The description of Fixed Password (Kotei Password) in the Japanese version of the Administrator’s Guide incorrectly states that a Fixed Password can be of length 6-31 characters.

The correct length is: ‘4-31’ characters.

453737 MI recovery file is not written when resetting values.

When changing "Uninstall" or "Create recovery media" permissions at the user level, the recovery file is updated by the client. But when resetting the value (by right-clicking and choosing "Reset value") in the MIMC, the update is deployed to the client and the client writes a log entry and the changes in permissions are implemented on the client, but the recovery file is not updated.


Release Notes

14

ID About Details 452500 Removing a user

account via MIMC does not trigger the creation of a new recovery file.

Deleting a user account via MIMC fails to trigger the writing of a new recovery file.

The following scenario will produce the problem:

1) Pointsec PC is installed, running, and configured.

2) Add a user account which has uninstall and recovery permissions via MIMC.

3) A new recovery file that includes the new user account is written.

5) Remove the user account via MIMC.

6) A new recovery file is not written.

Workaround: To trigger the creation of a new recovery file, change the password of an existing user account that has uninstall and recovery permissions.

451763 Token removal malfunctions when using a SafeNet iKey 2032 USB token.

Token removal function "Lock workstation" fails when using a SafeNet iKey 2032 USB token.

Lock workstation works when the token is removed, but when it is reinserting nothing happened and the smart card error dialog displays: "An internal error occurred".

Environment:

Middleware: SafeNet AS470MU20

PC: Lenovo T61p

Partition set: 9 volumes

Algorithm: Blowfish 451753 Possible problems if

HID drivers are deployed to non-tablet PC EW/MI clients.

If you deploy Pointsec PC to non-tablet EW/MI clients, and the deployment contains HID drivers; the clients might not be able to boot into PPBE.

Workaround: disable the HIB drivers in the double-shift menu on the non-tablet PC EW/MI clients that have experienced the problem.

451750 Password synchronization fails when a UNC username is used in Windows Vista.

If you log on to Windows Vista using an UNC username for example,

"[email protected]",

password synchronization will not function.

Workaround: Log in as, for example, "maer\pmt-test.pointsec.com" and password synchronization will function correctly.


Release Notes

15

ID About Details 451653 2048 bit certificates

fail in PPBE when using an ActivKey Display token.

A 2048 bit certificate will fail on the ActivIdentity Activkey Display token. The token supports 2048 bit certificates, and you can install the certificate on the token; but when authenticating in preboot the message "Invalid logon - The token or reader driver entered an unexpected error condition" is displayed. With a 1024 bit certificate, the ActivIdentity Activkey Display token works without problems.

451535 Event ID 1002 was not logged in the central log.

When an update profile is successfully deployed to a PC, event ID 1002 'Configuration update by profile' is logged in the local event database. However, it was not logged on the central log.

451435 Pointsec PC-to-Windows password synchronization and Novell single sign-on (SSO) do not work together.

The scenario that produces the problem is:

1. Install Novell Client 4.91 SP3.

2. Install Pointsec PC.

3. Enable "Synchronize Preboot Password to Windows" and "Enable SSO" on a user account.

4. Make sure to initially have the same password in Windows, Novell and Pointsec PC.

5. Establish the SSO chain between Pointsec PC and Novell.

6. Change Pointsec PC password in preboot. During logon to Novell/Windows you get the message that Windows password has been synchronized with Pointsec PC.

7. Reboot and logon with new password in preboot. During logon to Novell/Windows a message that SSO is enabled pops up (this is ok) but authentication halts on the Windows credentials (since it has been synchronized). Enter the new Windows password and you will logon but SSO will not re-establish. Reboot and re-enter the new Windows password several times but SSO chain will still be down.

Note: The other password synchronization feature "Synchronize Windows to Preboot Password" works with SSO.


Release Notes

16

ID About Details 429292 Hibernating a

computer during encryption causes a bluescreen.

A bluescreen (stop error) occurs when a computer is hibernated during the encryption after installing Pointsec PC on Vista SP1.

Workaround: do not initiate hibernation until the encryption is complete.

417558 Exceeding Max failed logon in Windows Integrated Logon triggered Error 0x5000000.

Exceeding Max failed logon in Windows Integrated Logon triggered Pointsec PC error 0x5000000 followed by a blue screen.

416560 Possible to record credentials for an SSO user in Windows logon screen via Radmin.

It is possible to record the credentials for an SSO user in Windows logon screen via Radmin. The credentials are recorded in the SSO chain after logging on with an SSO, connecting via Radmin, and rebooting.

400016 A memory error delays booting of Pointsec PC immediately after installation on a Dell D830 laptop with Flash Cache active.

If Pointsec EW/MI is installed on a Dell D830 that uses a Flash Cache module, a memory error occurs on the first reboot after installing. If the PC is turned off after the error message is displayed and then is started again, the PPBE code is written, and Pointsec PC is installed successfully.

This occurs on Dell D830s with the flash cache module enabled in BIOS.

399936 Recovery file not written after resetting the value of the 'Logon authorized' setting.

After setting 'Logon Authorized' to 'No' for a user account, a new recovery file is written. But if you then change this setting by right clicking and selecting 'Reset value' so that you once again inherit the value (in this case YES) from the group, a new recovery file is not written. If you however set the value to YES you will get a new recovery file. Resetting the value does not seem to trigger the writing of a new recovery file even though the value has changed from 'No' to 'Yes'.


Release Notes

17

ID About Details 399894 Sanity check

warning is issued when it should not be issued.

The sanity check which appears when closing PCMC warns that fewer then two user accounts have permission to perform uninstall in the following scenario:

1. For the System group, specify the settings "Uninstall" and "Create recovery media" to: No.

2. On two user accounts in the System group, set "Uninstall" and "Create recovery media" to: Yes.

3. According to the new inheritance rules, the user account settings should override the group settings.

4. Close PCMC, and a Sanity check will be displayed warning that fewer than two user accounts have permission to perform uninstall.

399878 Cannot install Pointsec PC on some Windows 2000 clients if Pointsec PC has previously been installed.

Sometimes it is not possible to install Pointsec PC 6.3.1 on a Windows 2000 client which previously had Pointsec PC 6.3.1 installed and subsequently successfully decrypted and removed. This problem only occurs if the client had been upgraded first from version 5.2.3 to 6.3.0 and then to 6.3.1.

399872 Recovery file not written to recovery paths added after the installation.

If you add new additional recovery paths after installation, new recovery files should be written to the directories addressed by the new paths. Three new paths were added after installation but recovery files were not written to the paths. Neither logging on to Windows several times nor running crerec.exe manually resolved the problem. The recovery file was written only after changing a value that triggers a recovery file update.


Release Notes

18

ID About Details 399820 Exception occurs

when upgrading from the Pointsec PC 6x series if a USB memory stick is inserted on Dell Inspiron 9400.

The scenario that produces the error is:

Upgrade from Pointsec PC 6.2HF2 to 6.3.1 on a Dell Inspiron 9400 with Vista installed.

Insert a USB memory stick (in this case, a SanDisk Cruzer).

Reboot.

An exception occurs (green screen) prior to display of the PPBE.

Press a key and the PPBE is displayed and normal operation proceeds. Thus the green screen occurs only once.

The problem also occurs when trying to upgrade from 6.1.1 to 6.3.1 on same type of PC but with Windows 2K as the OS.

The green screen you only get once. When the USB memory stick is removed and you boot the machine, a black screen is displayed. This can be fixed by rebooting and disabling USB legacy in the BIOS.

399732 Error message in Remote Help session in PCMC.

When providing Remote Help from PCMC and navigating with the keyboard and Tab key (the mouse is not used) you got an error message with code 1280.


1. Open the PCMC.

2. Go to Remote Help.

3. Enter the End user account name and Helper account name.

4. Select Dynamic token in the Type of helper authentication field.

5. Use the keyboard and tab to generate the response.

6. Press Enter.

7. Error with code 1280 is displayed.


Release Notes

19

ID About Details 399654 The Windows

Integrated Logon (WIL) setting on the client is overridden by any manual update from the MI Framework.

If Windows Integrated Logon (WIL) is enabled on an MI client, and then WIL is temporarily disabled using the tray, WIL is re-enabled by any manual update sent from the MI Framework to the client. Note: If you want to use WIL, ensure that the WIL setting in the MIMC is enabled. It is not enough to enable WIL for an end user using only the WIL switch in the PPBE.

399600 The keyboard and mouse do not both work in PPBE if "Mouse support" is enabled in PABM on HP DX2000MT.

If "Mouse support" is enabled in the PABM on a HP DX2000MT either the USB/PS2 Keyboard or the USB mouse works, but not both, in PPBE. If you disable "Mouse support", the keyboard works. If "Mouse support" is enabled and BIOS "USB legacy support" is disabled, both the mouse and the keyboard work in PPBE.

399560 The Wake-on-LAN (WOL) setting "Set Max Number of Logons Allowed" is not updated in the MI Framework.

After a Wake-on-LAN (WOL) logon, the number of remaining allowed WOL logons is not reported to the MI Framework. The next time an update is sent to the MI client, the number of logons allowed on the client will be erroneously reset to the original number of allowed WOL logons.

399120 Hibernation start fails when using 3DES.


1) Install Pointsec and encrypt the system volume using the 3DES algorithm.

2) Once encryption has finished, hibernate the PC.

3) Start the PC, and log on to PPBE.

Note that it says "Starting Windows" instead of "Resuming Windows" as it should. Apparently the PC can be hibernated, but it can not be restored afterwards. Unsaved documents etc. at the time of hibernation are lost.

Hibernation using the CAST algorithm on XP SP2 and using the AES algorithm on 2000 UR1 works fine.

Environment:

OS: 2000 UR1

FS: FAT32/NTFS

HDD/Vol: 1/3 (First hidden)

Algo: 3DES

PC: Dell D830 and Dell D600.


Release Notes

20

ID About Details 399058 After upgrading, the

CreRec.exe fails upon start of the tray application.


1) Install Pointsec for PC 6.0.0.

2) Upgrade to Pointsec PC 6.2 HFA1.

A few seconds after the first start of the Pointsec tray application after the upgrade, CreRec.exe fails with the following message: "CreRec.exe has generated errors and will be closed by Windows...". After a minute or two, the error message disappears. The error can be reproduced by logging off and on again.

If CreRec is run manually, the error message isn't displayed any more.

397785 Token removal handling does not function with all tested smart cards and smart card readers.

Tested different settings of the token removal feature on three different PC's using two different sets of smart cards/readers. Only the token removal setting "Do nothing" worked. It seemed to work only the first time because only the first attempt was added to the logs.

This feature has been tested earlier on Windows 2003 Server and Windows Vista with Alladin eToken middleware, and was reported that it worked.

Environment info:

PC1: Dell D370

PC2: IBM T60

PC3: Dell D620

OS: Windows XP SP2 on all PC's

Middleware 1: RSA authenticator 1.0B25

Middleware 2: AuthentIC 3.6.2

Smart card 1: RSA 5200

Smart card 2: Oberthur Cosmo 64 RSA v5.3


Release Notes

21

ID About Details 397774 (9958)

Clearing System Settings when creating a profile based on another profile or on local settings creates an installation that fails.

Create a profile (e.g. upgrade) and base it on an Upgrade profile and clear the System Settings check box when creating it. All System settings are blank in the new profile.

When using this profile, Pointsec upgrades; but the installation crashes when a user tries to use any of the System Settings.

Workaround: When making an upgrade profile, make sure to include all settings if it's based on another profile or on the local installation’s settings. Do not clear any of the ‘Base on’ check boxes.

397727 Impossible to create recovery media on an MI server.

Description:

Administrators cannot use the UseRec.exe application directly on the MI server to create recovery floppy disks, etc.

Two problems:

1. In the directory: 1_Pointsec for PC\Tools\Reco_img\6.3.0, ccore32.bin is missing. This makes it impossible to run the UseRec tool directly from, for instance, a Pointsec installation CD.

2. The Visual Studio 2005 runtime files are not installed with the Pointsec PC 6 module. They need to be added as merge modules in the installer in order to run UseRec.exe.

This means that the admin has to use a deployed client to create recovery media for other clients.


Release Notes

22

ID About Details 395374 Novell SSO needs 3

reboots to re-establish the SSO chain.

If the SSO chain between Pointsec and the Novell Client is established and password synchronization is performed, it will take 3 reboots to re-establish SSO.


1. Establish the SSO chain between P4PC and Novell Client.

2. Activate password sync. with Windows.

3. Change password in Novell/Windows.

4. Reboot and SSO chain will be broken. It will take two additional reboots before SSO is established again.

Note that performing the same scenario with Windows GINA instead of Novell GINA requires only 2 reboots.

Environment info:

P4PC version: 6.1.3 build 1108

PC: HP T3350

USB controller: OHCI

OS: XP SP2

FS: NTFS

MSI: Windows Installer 3.1

.NET: 1.1 & 2.0

Novell Client: 372217 Pointsec PC and

Imprivata compatibility issue.

A blue screen is displayed when Windows boots after installing Pointsec PC, Imprivata, and the registry has been modified.

9975 Cannot use "&" in the profile name when creating a profile.

An ampersand (&) cannot be used in a profile name when creating a profile.

Workaround: use only English upper- and lowercase characters and the digits 0-9.


Release Notes

23

ID About Details 9958 (397774)

Clearing System Settings when creating a profile based on another profile or on local settings creates an installation that fails.

Create a profile (e.g. upgrade) and base it on an Upgrade profile and clear the System Settings check box when creating it. All System settings are blank in the new profile.

When using this profile, Pointsec upgrades; but the installation crashes when a user tries to use any of the System Settings.

Workaround: When making an upgrade profile, make sure to include all settings if it's based on another profile or on the local installation’s settings. Do not clear any of the ‘Base on’ check boxes.

9935 DoD CAC Smart Card user with Token Removal Handling enabled is locked out of Windows after approximately 5 min.

When a smart card user is configured with "Use Pointsec Token Insertion / Removal Handling" enabled, and uses a DoD CAC with ActivCard Gold for DoD CAC middleware, once the system takes the setting, the removal of the smart card takes a short while to lock the system (a few minutes), but then locks the system. If the card is inserted, the system will automatically "lock" (i.e. go to screen saver mode) after a few minutes (about 3-5 minutes), regardless of user activity, so it is not behaving like the screen saver. The screen saver setting is configured for 10 minutes, but changing that value has no effect.

9872 Unable to change installed win language pack

Under Windows XP and Vista, if, for example, you install the Europe1 language pack and then realize that you wanted Europe2; you will not be able to install the Windows part of the Europe2 pack. When running the command shell as an administrator, you run the pscontrol command "install-win-language" and it fails with the error message "Cannot create the file when that file already exist"

Workaround: Remove the existing plang32. file from C:/Program files/Pointsec/Pointsec for PC/ and from C:/Windows/System32/, and run the command again.


Release Notes

24

ID About Details 9864 Ctrl+Alt+Delete

required when logging on in Vista with SSO.

In some circumstances even though SSO is enabled in Pointsec PC, Vista forces the logged in user to press “Ctrl + Alt + Delete”. After pressing “Ctrl + Alt + Delete”, the user is l automatically logged in.

To eliminate the “Ctrl + Alt + Delete” step, go to the Control Panel -> User Accounts. Click "Manage User Accounts" and click the "Advanced" tab. To eliminate the need to press “Ctrl + Alt + Delete”, clear the “Require users to press Ctrl + Alt + Delete” check box.

9752 Issue with RSA smart cards and Pointsec Token Insertion/Removal handling.

The Pointsec Token Insertion/Removal handling does not work with RSA smartcards. The problem is due to incompatibilities with the RSA middleware used to access the RSA smart cards.

Workaround: Utilize similar Token Insertion/Removal handling in RSA middleware.

9607 Upgrade only silent in Vista.

Pointsec PC 6.2 contains an Automatic upgrade function. This function is used to for perform upgrade by distributing an Upgrade package to the "Upgrade path" or the "Work folder". In Windows 2000 and Windows XP, the end user is notified of the progress of the Automatic upgrade and is notified when the upgrade has been finalized. In Vista the upgrade does not display this information.

9411 PME setting "Use SSO with P4PC" issue.

The PME setting "Use SSO with P4PC" works only when Pointsec PC is installed before PME.

9403 PPBE hangs when a docking station is attached to the PC Acer TM 4400.

The PPBE hangs if a docking station is attached to the PC Acer TM 4400 and USB is enabled. If USB is disabled, the PPBE does not hang. However, in this latter case, the keyboard and mouse attached to the docking station do not work.

Workaround:

Disable USB support in PPBE via the PCMC setting "Enable USB".

9137 Cannot perform SSO with Entrust smart card user.

Cannot perform SSO with Entrust smart card user

The reason for this is that an error occurs when an attempt is made to store an Entrust profile required for SSO, on the smart card.


Release Notes

25

ID About Details 8980 The windows driver

(prot_2k.sys) crashes if the system contains only 4.x/5.x volumes.

The Windows driver (prot_2k.sys) crashes if the system contains only 4.x/5.x volumes. This situation may occur if an upgrade is aborted in the PPBE and recovery is not performed on all volumes.

The situation can be fixed by performing recovery on all volumes.

8965 Possible failure of Remote Help with legacy users

A user account with password authentication and the setting Case sensitivity = No or Convert to uppercase in 4.x/5.x = Yes may experience trouble providing Remote Help if he/she has not entered the password in uppercase letters.

Workaround: Request that the person providing Remote Help use capital letters when entering the password in his/her system.

8811 Incorrect message displayed when disabling WIL

When disabling WIL via the tray menu, the message “Access to your user account failed” is displayed. This message is incorrect; the message should request the user to log off.

8183 Proventia Desktop stops the Pointsec PC installation.

The installation of Pointsec PC is stopped if the Proventia Desktop version 8 or 9 is installed.

Workaround:

There are two possible workarounds for this issue:

1. Disable the Proventia Desktop during installation of Pointsec PC.

2. Add prot_ins.sys to Proventia Desktop exclusion list during installation.

8012 No PPBE logon displayed on Dell Inspiron when using an eToken NG Flash

No PPBE logon screen is displayed if an eToken NG Flash USB smart card is used on a Dell Inspiron 9400. After PC boot, the screen goes black and the PPBE screen is displayed.

Workaround: Set the BIOS setting "USB Emulation" under POST behavior to "OFF" to avoid the problem.

7813 A Pointsec for PC upgrade fails if the machine is hibernated.

Hibernation should not be allowed to start during an upgrade, but Pointsec for PC does not inhibit it.

Workaround: Disable hibernation during upgrade.


Release Notes

26

ID About Details 7773 Unable to read logs

after upgrading from Pointsec for PC 6.0.0 to 6.1.3.

If you upgrade directly from Pointsec for PC 6.0.0 to 6.1.3, the system, local, and remote logs will be unreadable.

Workaround: Upgrade from 6.0.0 to 6.0.1 first, then upgrade from 6.0.1 to 6.1.3, and the logs will be readable.

7510 Re-establishing single sign-on after password synchronization requires three reboots when SSO chain is between Pointsec for PC and a Novell Client.

If the single sign-on (SSO) chain between Pointsec for PC and a Novell Client is established and the following password synchronization scenario occurs, it will take three reboots to re-establish SSO.

Here is the scenario:

1. Establish the SSO chain between Pointsec for PC and a Novell Client.

2. Activate password synchronization with Windows.

3. Change the password in Novell/Windows.

4. Reboot and the SSO chain will be broken. It will take two additional reboots before SSO is established again.

The same scenario with Windows GINA instead of Novell GINA requires only two reboots.

7367 Deselected volume disappears from list.

While deselecting volumes one of the volumes suddenly disappeared from the list. The "lost volume" reappears after any key is pressed.

7261 PPBE - Machine stops during the Pointsec for PC load screen --compatibility issue with Computrace software.

Due to architectural difference between Pointsec for PC and Computrace software, there is compatibility issue between Pointsec for PC and Computrace software when Computrace is run in software persistence mode.

Workaround: Rewriting the master boot record makes the machine boot normally, for example, fdisk /mbr.


Release Notes

27

ID About Details 6934 Access to Local and

Access to Remote settings

Note that when upgrading from 6.0.0 or 6.0.1 to 6.1, the values of Access to Local setting and Access to Remote setting are, by default, set to “Yes”. These settings can of course be set to “No” after installation.

Workaround:

Deploy a profile where you set this permission to NO for your end-users as soon as you have successfully upgraded your clients.

6905 Interoperability problem with PME and recovery media creation

When creating recovery media to a USB memory stick while having PME installed, there may be a problem after the first part of the creation is done. After unplugging and re-inserting the USB memory as instructed by the program, a blank (all white) PME window will sometimes pop up after you have pressed OK. Both windows (PME and Pointsec recovery media) will stop responding, and you will have to close the applications via the Task Manager.

6844 RRU boots before PPBE when ordering restore from Windows.

When ordering a restore from within the Windows part of RRU, the computer restarts and then boots into RRU before allowing you to authenticate in PPBE. If you reboot from within RRU, you will get to PPBE; and then you will boot into RRU and it will perform the requested restoration.

5437 Difficulties when creating an installation profile based on local settings for smart card users.

You can experience difficulties when creating an installation profile that is based on local settings when you are required to provide new authentication for the profile and you want to use a smart card you have used previously. In this case, Pointsec requires that you re-associate the smart card (plus certificate) and the user; and this it may not always be possible to acquire all the certificates needed for all the users. Workaround: Rather than trying to re-assign the smart card to the user, assign the user a fixed password and switch to smart card and certificate later. Alternatively, define a temporary smart card user so the user can reassign the certificate him/herself on the next boot of the PC.


Release Notes

28

ID About Details 5239 Do not remove

PCMCIA reader or smart card until authentication is completed in PPBE.

Do not remove the PCMCIA reader or smart card while authenticating. They can be removed when authentication has been completed in PPBE.

5233 Changing the password in Windows temporarily disables single sign-on.

When single sign-on is enabled, if you change your password in Windows, single sign-on will be temporarily be disabled. The next time you log on, a message will be displayed saying that Pointsec cannot log on to Windows - please enter your Windows password. After you correctly enter your Windows password, single sign-on will again function.

5135 Problems when opening a recovery file.

Users can encounter problems when attempting to open a file by double clicking it. Workaround: Start the recovery program, and open the recovery file there.


Release Notes

29

ID About Details 5019 Password rules

conflict with Unicode support

The following password rules conflict with full Unicode support: * "Require letters and integers". * "Allow Special Characters". The current description in the PCMC of this setting is: "Besides a-z, A-Z and 0-9, allow the use of the semicolon and the following other special characters: ! " # $ % & ' ( ) * + , - . / : < = > ? @ { }". As described, the setting would not allow the full range of Unicode characters to be used whether set to “On” or “Off”. With regards to actual Pointsec functionality, the following is a more accurate description: “Allow use of the following special characters: ; ! " # $ % & ' ( ) * + , - . / : < = > ? @ { }.” If this setting is set to “No”, these special characters are not allowed in passwords. However, all other Unicode characters are allowed regardless of the setting. * "Require upper and lower case". This only makes sense in alphabets that have case forms. * "Allow password of adjoining characters." This is meant to prevent entering series of characters from adjoining keys on the keyboard. However, only western-style keyboard layouts are used to detect adjoining characters.

4679 RRUinstall.msi installer installs driver on wrong volume.

The RRUinstall.msi installer installs the driver required by Pointsec for PC to support RRU, on the wrong volume. Workaround: specify the target drive with the MSI Property TARGETDIR=C:\ For example: msiexec /i InstallRRU.msi TARGETDIR=C:

4298 Difficulties recovering selected volumes when running the Recovery program

If you lose mouse functionality when running the recovery program individual volumes cannot be selected. Workaround: Recover all volumes rather than selected volumes.


Release Notes

Known Hardware-related Issues in This Release The following items are known hardware-related issues in this release: ID About Details

398232 No support for hybrid disk

Description:

If ‘NV cache’ is enabled, the installation will fail to install.

The Pointsec SA seems to be written on a cache part. So the SA seems to be flushed and the installation fails.

Disable NV cache and install Pointsec, then enable NV cache gives database corrupt randomly in preboot.

Environment info:

Znote 6224w

Vista Ultimate

HDD: Samsung HM16HJI ATA Hybrid Hard Disk 398074 (10259)

The combination of an Axalto Cyberflex Access 64K Pegasus v2c smart card and a Schlumberger USB Reflex Version 1. smart card reader fails in preboot.

Preboot authentication using the combination of an Axalto Cyberflex Access 64K Pegasus v2c smart card and a Schlumberger USB Reflex Ver 1. smart card reader fails.

7909 Dell D410 does not always boot into PPBE when connected to a Dell external USB bay.

Connecting a Dell D410 to a Dell external USB bay can prevent the machine from booting into PPBE. If the bay is connected in PPBE, the machine can terminate with a black screen immediately after PPBE logon. Both behaviors are intermittent, and both occurred when a CD-ROM (with no CD) was connected to the bay.

7891 Blinking cursor on the MPC ClientPro 365.

Using a smart card on an MCP ClientPro 365 machine with the following BIOS settings, will cause the cursor to blink:

plug and play os = no

legacy usb = disabled

Workaround: Use the factory BIOS settings, which are:

plug and play os = yes

legacy usb = enabled.

30


Release Notes

31

ID About Details

7633 PPBE authentication window freezes when both a smart card reader and Iomega USB BXXU0130 floppy disk drive are present.

The PPBE authentication window freezes when both a smart card reader and an Iomega USB BXXU0130 floppy disk drive are attached to the machine. Removing the Iomega USB floppy disk drive will activate the PPBE authentication window again, and you can proceed.

This problem has occurred on the following PCs: Dell Inspiron 9400, Dell Latitude D600, Sony Vaio Z1.

7532 PCMC crashes after logon in the Windows environment with a with Setec EID IP2 smart card.

Logon in Windows environment with the Setec EID IP2 smart card will crash the PCMC/tray because of problems with the CSP.

7464 Mouse does not work when creating a recovery file on a USB memory stick on an Acer TM4401.

When creating a recovery file with a USB memory stick on Acer TM4401 the mouse does not work. When the recovery menu is displayed, neither the keyboard nor the mouse works for the first 2-3 minutes. After this delay, it is possible to use keys and to tab but it is not possible to select volumes to recover -- you have to select all volumes.

7396 USB optical mouse malfunction in the PPBE.

The USB mouse does not work in PPBE on the Acer Ferrari 3200. The optical USB mouse has its light on in the BIOS, the operating system, and in the Pointsec alternative boot menu; but not in the PPBE.

7388 Unregistered characters when entering keystrokes with a USB enabled keyboard with built in smart card reader.

If setting for USB is enabled in PCMC (under Hardware) and a keyboard with built in smart card reader is used, the following behavior occurs in the PPBE: when entering the user account name, the first character is not registered or visible. For example, if the user account name is ADMIN you must enter AADMIN for it to be interpreted as ADMIN.

Tested on Hewlett Packard T3350 and T3350-2.

7215 Hot plugging of USB devices does not work on the IBM-Lenovo ThinkPad T60.

Hot plugging of USB devices does not work on the IBM-Lenovo ThinkPad T60.

You can log on with a USB token if it is plugged in from start.


Release Notes

32

ID About Details

7164 PCMC logon fails when using a Setec EID IP2 smart card together with a CardMan 4040 reader.

The PCMC crashes when trying to read the certificates stored on smart card "Setec EID IP2". The PPBE does not recognize any certificates stored on smart card "Setec EID IP2" when using smart card reader: CardMan 4040 (PCMCIA) together with the following drivers:

cm4040.bin and opensc.bin.

Workaround: Copy the certificate to Windows the personal store using smart card middleware.

6883 USB keyboard intermittently malfunctions in PPBE on a Hewlett Packard T3350

The USB keyboard intermittently stops functioning in PPBE on a Hewlett Packard T3350. This happens in the following environment: - USB mouse was connected and worked flawlessly in PPBE - USB was enabled in PCMC - USB legacy support was enabled in BIOS - Plug n Play OS was disabled in BIOS Workaround: Unplug the keyboard in PPBE and then plug it in again.

6854 Not possible to log on in PPBE with RSA SID 800 and Ferrari 3200

The following scenario produces the problem: 1. Install Pointsec for PC using an interactive profile with one smart card account. The files: msc_p11.bin and prd_ccid were added to precheck.txt. 2. Middleware was installed after installation of Pointsec for PC. 3. After reboot, with the smart card inserted, no pin code dialog box is displayed in the PPBE. 4. Nor is the pin code dialog box displayed when the smart card is inserted after reboot but before logging in to PPBE. This problem concerns RSA SID 800 and Ferrari 3200.

6779 USB hub Targus PAUH210 does not work with the HP T3350.

The USB hub Targus PAUH210 does not work with the HP T3350 in the PPBE (the Pointsec for PC preboot environment).


Release Notes

33

ID About Details

6701

HP T3350 hangs before PPBE with USB smart card support enabled

When USB smart card support is enabled, and no PPBE smart card drivers are installed, the HP T3350 desktop PC may hang before the PPBE authentication is displayed. Workaround: Specify the following BIOS settings: • PNP operating system should be set to YES • USB legacy support should be set to ON Note that the above settings are the factory settings.

6693 Recovery fails when using certain USB devices on some machines

The recovery program can fail when creating a recovery medium on certain USB devices. For example, the recovery program failed when using a USB memory stick on an IBM x60s machine, but it ran successfully on the same machine using a USB floppy disk. Workaround: BIOS upgrade to 2.10 resolves this issue.

6690 Not possible to use USB mouse/keyboard in PPBE when they are connected via USB hub Targus PAUH210 to a Fujitsu Siemens 7020.

On a Fujitsu Siemens 7020, a USB mouse/keyboard will not work in PPBE if they are connected via a Targus PAUH210 hub. USB mouse and keyboards did work when connected via other hubs.

6679 Error with recovery using USB media on IBM A51.

When USB media is used to perform recovery on the IBM A51, an error occurs when you boot into the recovery program. The error message is as follows: Divide error ***Program terminated, rc=03*** This seems to have to do with the startup device menu, where the USB media must come before the HDDs instead of after them. Workaround: It is possible to perform recovery with USB media if you ensure that the USB device comes before the HDDs in the startup device menu.

6570 Keyboard function lost

Unable to use the keyboard in the preboot customization menu after USB smart card support has been enabled on an ACER TM 4401 notebook. The keyboard does not function in the PPBE either, so you cannot logon. The problem does not occur on each reboot. It appears more frequently when other USB devices are connected or used or both during preboot.


Release Notes

34

ID About Details

6553 Wrong smart card driver for smart cards with identical ATR string in PPBE.

In the PPBE smart cards are handled via loadable drivers. The driver that is used for a specific smart card is set up via registry (.inf) files. The registry files may contain one or more smart card entries. Each entry consists of the smart card ATR string and the name of the PPBE driver that will be used for the smart card. Unfortunately, several smart cards may use the same ATR string, and therefore the same ATR string may be present in several entries, which each identify a different driver. When a smart card is detected in the PPBE, the ATR string is extracted. The first driver, according to the registry file, that is available in the PPBE is thereafter loaded and used to handle the smart card. This means that if several smart card drivers which support the same ATR string are available in the PPBE, the wrong driver may be used. To minimize the probability of this happening, the number of smart card drivers in the PPBE should be minimized.

6266 Error if a SanDisk CompactFlash® PC Card Adapter is present at preboot authentication.

If a SanDisk CompactFlash® PC Card Adapter is present at preboot authentication, a fatal error occurs with error code 0x50010DA during Windows boot. This occurs even if PCMCIA support is disabled in preboot.

6255 RSA SecurID dynamic token not detected on Acer Ferrari 3200, Dell Inspiron 6400, and Dell P670 when inserted in PPBE.

An RSA SecurID dynamic token is not detected on an Acer Ferrari 3200, a Dell Inspiron 6400, and a Dell P670 when inserted in PPBE. Workaround: insert the RSA SecurID dynamic token before you turn on the PC.


Release Notes

35

ID About Details

6199 Pointsec for PC preboot environment does not detect a smart card token, for example´, an RSA SecurID 800 authenticator.

On certain machines, Pointsec for PC does not detect the presence of a smart card token and does not display the PIN dialog in the preboot environment. This can happen in the following two scenarios: Scenario one:

1. The machine is on and the preboot logon dialog is displayed.

2. Insert the smart card token, but no PIN dialog is displayed.

Workaround:

With the smart card token still inserted, turn the power off and wait a few seconds.

Then turn the power on while the smart card token is still inserted, and the PIN dialog will be displayed.

Scenario two:

Insert the smart card token and turn the machine on. The preboot logon dialog is displayed, but the PIN dialog is not displayed.

Workaround:

Remove the smart card token, turn the power off, and wait a few seconds.

Turn the machine on again. The Pointsec PC preboot logon dialog is displayed.

Insert the token and the PIN dialog will be displayed. 6035 Booting from a

USB memory stick fails immediately after authentication on an HP dx5150.

Booting from a USB memory stick recovery medium created by the create recovery program fails on the HP dx5150. The machine hangs after you have entered your user account name and password. Workaround: using a floppy disk in a floppy disk drive connected via the USB port.

5513 eTokens do not function on Acer Ferrari 3200 PCs.

eTokens do not function on Acer Ferrari 3200 PCs.


Release Notes

36


FYI This section contains information that may be valuable in certain situations.

ID Short Description Description/Info 397163

Errors when copying files to a local copy during the installation of the Pointsec PC 6 module into the MI framework

Errors may occur during installation of the Pointsec PC 6 module into the MI framework when copying files to a local copy. If the error message says "The file name is too long" and "Fails to copy files to specified directory", the problem is due to long paths to the installation package. If the error occurs, the installation cannot be stopped. You will have to copy the Pointsec PC 6 files manually from the installation package afterwards. The folder containing the Pointsec PC files is called “PPC6 MI Client”. Workaround: Initiate the installation from C:\ or from a CD.

2291 Issue with Windows XP restore points.

Pointsec PC handles Windows XP restore points in the following way:

- Restore points that exist prior to the installation of Pointsec are removed.

- Restore points created after Pointsec has been installed can be used to restore Windows. If Pointsec is uninstalled, these restore points are removed.

Late-breaking Documentation The following is late-breaking documentation which will be added to the relevant guide as soon as possible:

ID Description/Info

Release Notes - Check Point Softwaredownloads.checkpoint.com/fileserver/SOURCE/direct/... ·...

Documents

Transcript of Release Notes - Check Point Softwaredownloads.checkpoint.com/fileserver/SOURCE/direct/... ·...