McAfee Endpoint Encryption Manager

McAfee

®

Endpoint Encryption Manager

Product Release Notes

McAfee, Inc.

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, USA

Tel: (+1) 888.847.8766

Internet: www.mcafee.com

Document: Endpoint Encryption Manager Product Release Notes

Last updated: Wednesday, 17 November 2010

Copyright (c) 1992-2010 McAfee, Inc., and/or its affiliates. All rights reserved.

McAfee and/or other noted McAfee related products contained herein are registered trademarks or

trademarks of McAfee, Inc., and/or its affiliates in the US and/or other countries. McAfee Red in

connection with security is distinctive of McAfee brand products. Any other non-McAfee related

products, registered and/or unregistered trademarks contained herein is only by reference and are the

sole property of their respective owners.

Introduction

| 3

Introduction

Intention of the Release Notes Document

This paper describes the new functions and features introduced with the new product release of the McAfee Endpoint Encryption Manager (EEM). This document contains two main sections:

1. Notes on the Product – issues you should know about. 2. Release Notes - New functions and features in this release.

8B

Upgrading from Previous Releases

To apply this release to previous V4.0/V5.0 installations please follow the instructions in the Endpoint Encryption Update and Migration Guide which can be found in the root folder of the software build.

Notes on the Product

4 |

Notes on the Product

Adding new features and fixes to an existing Enterprise

Migration Guide, which can be found on the root folder of the software build. This

document describes how to update an existing enterprise version of Endpoint Encryption to the latest version and how to implement dedicated features like Smart Cards and Tokens. If you are installing from new, please follow the instructions of the

Endpoint Encryption Quick Start Guide.

Adding new Smart Cards and Tokens

To implement new smart cards and tokens in the Endpoint Encryption Manager please follow the instructions in the Endpoint Encryption Update and Migration Guide, which can be found, on the root folder of the software build. If you are performing a fresh installation, please follow the instructions in the Endpoint Encryption Quick Start

Guide. Furthermore, please ensure your PC has the reader drivers installed before

trying to install Endpoint Encryption for PC. You can find drivers for supported readers in the Tools software package, which can be downloaded from www.mcafee.com.

Split Builds

The Endpoint Encryption Manager is now a separate build from the products it manages. This action was taken to allow Endpoint Encryption Manager and other products to have their own release schedules.

Moving forward these builds will be maintained, updated, installed/upgraded and potentially released separately. Administrators will need to install the Endpoint Encryption Manager first, followed by the product(s) they wish to use. The overall functionality of the products remains the same but their install/upgrade procedure can and may vary.

The Endpoint Encryption Manager can be upgraded independently from the products it manages.

Anti-Virus Exceptions

It is not necessary to use a virus scanner on the database (SBDATA). Most of the data is encrypted, so there is nothing to be scanned and scanning will reduce much of the performance.

Notes on the Product

| 5

It is recommended you create the following exceptions for the Endpoint Encryption Database Server:

SBDATA Database: The Endpoint Encryption Database Folder and all subfolders

should be excluded from any scanning. The database is currently stored in c:\SBDATA.

Database Service: The Database Process should be excluded from any scanning. The

process is called SbDbServer.exe.

Connector Manager: It is recommended you exclude the active directory connector.

The process is “SbConnectorManager.exe”.

Database Backup Tool: The Database Backup Tool should be excluded. The process

is called SFDBBack.exe.

WebHelpDesk: The WebHelpdesk and WebSelf Recovery https Service should be

excluded. The process is called SbHttp.exe.

Reporting Tool: The Reporting Tool should be excluded from any scanning. The

process is called SbReports.exe.

Scripting Tool: The McAfee Encryption administration command line tool should be

EEM Release Notes for 5.2.6

6 |

EEM Release Notes for 5.2.6

Reference

Description

5260.1

The Connector Manager was importing the wrong certificate via LDAP

To allow the connector Manager to function in both ways a new setting can be

added to the ‘CmSettings’ file. <CheckCertEncrypt>1</CheckCertEncrypt> is the

new setting to check for encryption on a certificate. The default is 0 and works as

in previous releases.

5260.2

Modify PIV tokens to allow self-initialization

This release now supports the PIV token support and is able to handle

self-initialization.

5260.3

Count incorrect in ‘Machine Client Versions’ report.

This issue has been corrected. It was experienced due to an internal logic error.

5260.4

Users able to request a force password change for users of a higher level.

This issue has been corrected. It was experienced due to an internal logic error.

5260.5

Validate PKI Smartcard certificate expiry date

Smartcard certificate expiry date is now stored in the management center as the

Valid until date. This date is then validated within the client.

For Smartcards that use Self-initialization, the certificate is validated from the

token when presented for logon.

5260.6

Include support for Gemalto GX4 144K Smartcards

Support for these Smartcards has now been implemented.

5260.7

Add additional modules to Self-test verification when operating in FIPS mode.

Additional DLL’s have been added to the list of modules to verify.

5260.8

Support the internal readers on HP nc8430

Support for the internal reader on the HP nc8430 has now been implemented.

5260.9

Display ‘Pin’ instead of ‘Password’ when authenticating using a PIV Smartcard

This change to the logon UI has now been implemented.

5260.10

SbDbServer crashing

Some issues occurred with the SbDbServer crashing. This was caused by memory

release problems which under a rare combination of multiple client interactions

eventually lead to the crash.

EEM Release Notes for 5.2.6

| 7

5260.11

Enhance the Scripting tool command ‘CreateUser’ to allow the option to Force

Password change.

A new option –ForcePasswordChange has been added to the command.

5260.12

Enhance the Scripting tool command ‘CreateUser’ to allow the option to Force

Password change.

A new option –ForcePasswordChange has been added to the command.

5260.13

A new report to determine which users have registered/not registered for

WebHelpDesk.

The ‘Users WebHelpDesk Registration Report’ is now available. This report

determines if a user is registered for WebHelpDesk.

5260.14

The Group Counts report to show the number of items in a group

A new report has been produced to see the number of items in a group.

5260.15

A new report to show all machines that have a certain file set attached

A new report has been produced to see all machines that have a certain file set

attached.

5260.16

When using multiple group mappings within the LDAP or AD connector, the

users in the final group do not import.

This would result in user deletion if a group mapping was being used to import

the users.

This issue was due to an internal logic error that failed to correctly handle the

final element in the group list.