PGP Desktop Version 9.5 for Windows Release Notes

PGP Desktop Version 9.5 for Windows Release Notes

Thank you for using this PGP Corporation product. These Release Notes contain important information regarding this release of PGP Desktop for Windows. PGP Corporation strongly recommends you read this entire document.

PGP Corporation welcomes your comments and suggestions. Please use the information provided in Getting Assistance to contact us.

Product: PGP Desktop for Windows Version: 9.5.3

Warning: Export of this software may be restricted by the U.S. government.

What's Included in This File

y About PGP Desktop y Changes in this release y System Requirements y Installation Instructions y Licensing

y Additional Information y Getting Assistance y Copyright and Trademarks

About PGP Desktop

PGP Desktop is a security tool that uses encryption to protect your data, both while it is on your system and while it is in transit.

Changes in This Release

This section lists the changes and new features in PGP Desktop in this release.

Changes between 9.5.2 and 9.5.3 include:

y All changes in 9.5.2 Hotfix 2 (see "Changes in 9.5.2 - Hotfix 2 include:" on page 1) y Resolved: AIM proxy updated to support protocol changes made by AOL. [12598]

Changes in 9.5.2 - Hotfix 2 include:

y Resolved issue: Domain login users on Lenovo computers who had the "Allow wireless connection at Windows Logon" option selected in the ThinkVantage® Access Connections™ software application were unable to correctly use the Single Sign On feature of PGP Whole Disk Encryption. Local account login users were not affected. [12415] This issue has been resolved.

Changes between 9.5.1 and 9.5.2 include:

y Resolved issue: PGP SDAs do not retain their folder hierarchy. When opened, files are listed in a flat hierarchy and filenames are truncated. [11849, 11850] This issue has been resolved.

y Resolved issue:You may discover that you cannot decrypt mail when the key has expired and your passphrase is not cached. [11215] This issue has been resolved.

y Changes to PGP Whole Disk Encryption: Automatic encryption of removable media. PGP Desktop now enforces the encryption of data written to removable storage drives/devices and blocks the writing of data to unencrypted drives. This feature is enabled by policy. If enabled, PGP Desktop notifies the user that the inserted disk will be encrypted. The user can choose to abort and remove the disk prior to encryption. See the PGP Desktop User’s Guide for more information.

y Changes to policy enforcement: This release contains improvements to PGP Desktop's policy synchronization process.

y This release also includes resolution for other minor issues. Thank you to Peter Winter-Smith and NGS Software for identifying one of these. [11990]

Changes in 9.5.1 - Hotfix 1 include:

y There are no changes to PGP Desktop for Windows in this release.

Changes between 9.5.0 and 9.5.1 include:

y Localized for German and Japanese: PGP Desktop for Windows is available in German and Japanese. y USB disks inserted during startup may not show up property as candidate disks for Whole Disk Encryption.

This issue has been resolved. [10756]

What's New in PGP Desktop 9.5 for Windows

Building on PGP Corporation’s proven technology, PGP Desktop 9.5 for Windows includes numerous improvements and the following new features:

Installation

y PGP Universal Migration allows PGP Desktop software stamped from PGP Universal Server to be installed on top of an unstamped installation of PGP Desktop; this stamped version of PGP Desktop will reset the policies and bind the existing installation to the policies set on the Server.

General

y PGP Universal Server HTTPS Proxy Support enables policy connections from the client to PGP Universal through HTTPS proxies.

y Notifier enables direct user interface control over whether to send a message or block it. The Notifier feature displays the results of all automated key lookup operations and conveys exactly how the message will be sent to each recipient, enabling you to decide whether or not to send the message. The Notifier fades into view in a user-selected screen corner whenever a message is sent. Inbound messages also show

notifications, including details about the signature on the message. Other functions such as PGP Whole Disk Encryption and PGP NetShare are also fully integrated with the Notifier.

y Network Key and Group Selection for PGP Zip, PGP Whole Disk, PGP Virtual Disk, and PGP NetShare has been completely redesigned to support selection of keys from all local keyrings, smart keyrings, and keyservers. Additionally, this new interface fully integrates with LDAP directories on both Windows and Mac OS X, enabling selection of groups or mailing lists – when configured for policy synchronization with PGP Universal 2.5. This provides easy encryption of files, messages, and disks to defined groups in your enterprise directory.

y Support for Windows Remote Desktop (Terminal Services) has been added in this release. Note that some functionality—such as starting encryption of a disk with PGP Whole Disk—is explicitly prevented when you are logged in over a Terminal Services connection.

PGP Whole Disk Encryption

y Single Sign-On allows you to synchronize your Windows password with your PGP Whole Disk Encryption passphrase. Then, at boot time, the PGP Whole Disk Encryption Single Sign-On feature automatically logs in to the Windows session for you.

y Partition Encryption enables PGP Whole Disk Encryption to encrypt select partitions of your disks, instead of the entire disk. This feature has many uses, including compatibility with multi-partition disks that use different operating systems on each partition. It also ensures that the laptop recovery partitions commonly used on recent laptops are not encrypted.

y Power Failure Safety optionally enables journaled initial encryption of disks to ensure recovery even if a power failure or serious system event occurs during the initial encryption.

y Maximum CPU Usage optionally allows significantly faster initial encryption of disks by increasing usage of the system at the expense of reduced system usability during the encryption process.

y Significant performance enhancements have been made to all aspects of the underlying PGP Whole Disk Encryption infrastructure. The time required to enter secure hibernation has been reduced, and high activity environments should see overall performance improvements.

y Resizable Virtual Disks now automatically expand to fit their contents. A PGP Virtual Disk can automatically expand as files are copied to it to the maximum size of the physical media on which the disk file resides. A PGP Virtual Disk can also be compacted down to the minimum size of the enclosed files.

PGP Messaging

y Messaging Policy Enhancements introduce the following new policies in the Messaging Policy Editor: y Send Signed policy action has been added to support signing messages without encryption, even when

a key is found.

y Message Size policies are now available to execute actions based on whether a message is greater than or less than specific sizes.

y Search keys.domain and policy has been added to allow implicit keys.domain lookup prior to searching any of the configured keyservers. This is now configured in all default policies. y Managed Local Keyring server policy now optionally allows the local keyring to be used for key

lookups. The local keyring is queried when this option is on before all other key sources.

y Mailing List Expansion automatically expands each mailing list to list all individual recipients for encryption, enabling creation of secured mailing lists when PGP Desktop is configured for policy synchronization with both PGP Universal Server 2.5 and a configured directory server.

y Full S/MIME Support has been added to the Outlook MAPI and Lotus Notes messaging components. All supported environments now include full support for S/MIME encryption, decryption, and signing.

y PGP Universal Server Messaging Policy extends PGP Desktop messaging policy to support the new PGP Universal 2.5 content filtering system.

y International Characters in messages have received significant compatibility improvements in this release.

PGP NetShare

y PGP NetShare introduces on-the-fly encryption and decryption of files and folders, including those stored on network volumes and shared with others. Featuring integration with Active Directory via PGP Universal, PGP NetShare allows groups of users to work together on secure documents.

PGP Keys

y Signing Subkeys treats your master key as a subkey authorizer, to authorize sets of signing and encryption subkeys over time.

y Bundle Keys allows you to import multiple X.509 certificates, including those on smartcards, as subkeys onto a new PGP key so as to retain the integrated identity inherent in such certificate collections.

Additionally, X.509 certificates can be imported from PKCS 12 or PFX files as subkeys of existing PGP keys. Export as certificates is also supported.

y Preferred Encoding is a new key property that can be configured on your private keys. Preferred encoding states whether you can receive PGP/MIME, PGP Partitioned, or both encoding formats. All components of the 9.5/2.5 product suite observe this property.

y FIPS 140-2 Integrity Checking provides a comprehensive test suite used to verify the PGP SDK for NIST FIPS validation that can now be executed whenever PGP Desktop starts up. This test suite verifies PGP Corporation's signatures on each PGP SDK binary and verifies the algorithmic integrity of each FIPS-validated cipher and public key algorithm.

y FIPS 186-3 (Read Only) support for verification of signatures from the newly defined DSA key sizes of 2048 and 3072 has been added. A future release of PGP products will allow generation of such signatures.

System Requirements

y Windows 2000 (Service Pack 4), Windows Server 2003 (Service Pack 1), or Windows XP (Service Pack 1 or 2).

Note:

The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

Note:

PGP Corporation products do not yet run on the Microsoft Vista operating system.

PGP Whole Disk Encryption (WDE) is supported on client versions of Windows 2000 (Service Pack 4) and Windows XP (Service Pack 1 or 2); it is not supported on Windows 2000 Server or 2003 Server.

y 512 MB of RAM y 64 MB hard disk space

Supported Email Client Software

PGP Desktop will, in many cases, work with Internet-standards-based email clients other than those listed here. PGP Corporation, however, does not support the use of other clients.

PGP Desktop for Windows has been tested with the following email clients: y Microsoft Outlook 2003 SP2 y Microsoft Outlook XP SP3 y Microsoft Outlook 2000 SP3 y Outlook Express 6 y Eudora 6.2 y Mozilla 1.7 y Thunderbird 1.0

y Lotus Notes 5.0.11, 6.x, and 7.0.1 y Novell GroupWise 6.5.1 or later.

Instant Messaging Client Compatibility

PGP Desktop supports the following instant messaging clients when encrypting AIM instant messages, file transfers, and direct connections:

y AIM 5.5 – 5.9.x

y Encryption of file transfers and direct connections requires AOL Instant Messenger 5.9.3702 on

Windows (with the Firewall preference set to “AOL proxy server only”) or Apple iChat 2.1 or 3.0-3.1.5 on Mac OS X. Audio and video connections are not encrypted by PGP Desktop.

y Continued interoperability with the AIM service may be affected by changes made to the underlying AIM protocols after PGP Desktop version 9.5 is released.

y Trillian 2.2 – 3.1

Other instant messaging clients may work for basic instant messaging, but have not been certified for use.

Anti-Virus Software Compatibility for Windows

In all anti-virus programs, enabling real-time scanning detects any viruses as the email or attachments are opened. Therefore, although it is recommended to disable email scanning for some of the anti-virus products listed below, your email is still being scanned and you are still being protected by your anti-virus product from viruses spread via email. Computer Associates eTrust EZ-Antivirus 7.x

y Selective scanning is not compatible with PGP Desktop or PGP Universal Satellite. Computer Associates eTrust EZ- Security Suite 3 upgrade

y This product is incompatible with PGP Desktop and should not be installed on the same system as PGP Desktop. [12023]

McAfee Internet Security Suite 2006, McAfee Internet Security Suite 2005, McAfee Internet Security 8.0, McAfee VirusScan 8.x through 10.x

y If email scanning is enabled, the email will not be processed by PGP Desktop or PGP Universal Satellite. Disable email scanning in the McAfee product and enable real-time scanning.

y No additional special configuration requirements for MAPI email.

y When using McAfee VirusScan Enterprise 8.0i, disable

Prevent mass mailing worms from sending

mail

in the

Access Protection Properties

dialog box of the VirusScan console. If this option is enabled,

SMTP email will be blocked. To disable this option, right-click the McAfee icon in the System Tray and choose VirusScan Console. Double-click

Access Protection

. In the

Access Protection

dialog box, under

Ports to block

, deselect the box to

Prevent mass mailing worms from sending mail

(this option is enabled by default).

McAfee VirusScan 7.x

y No special configuration required. Panda Platinum 2005 Internet Security 9.x

y No special configuration required. Sophos Anti-Virus

Symantec Norton AntiVirus 11.x through 12.x, Symantec Norton Internet Security 2005, Symantec Norton Internet Security 2006

y No special configuration required for MAPI email.

y When using POP email, enable

Auto-Protect

and disable the

Anti-Spam

and

Email Scanning

options.

Auto-Protect

, which is enabled by default, provides protection against viruses in email messages when the

message is opened.

y Disable SSL/TLS in Server Settings in PGP Desktop or PGP Universal Satellite. (In PGP Desktop, select the PGP Messaging Control Box and then choose

Messaging > Edit Server Settings

. For

SSL/TLS

, select

Do Not Attempt

. In PGP Universal Satellite, on the

Policies

tab, select

Ignore SSL/TLS

.) These versions of Norton AntiVirus prevent all mail clients from using SSL/TLS, regardless of the use of PGP software.

Symantec Norton AntiVirus 9.x through 10.x, Symantec Norton Internet Security 2003, Symantec Norton Internet Security 2004

y Disable email scanning.

y For Norton Internet Security users, disable

Norton Privacy Control

and

Spam Alert

.

y Disable SSL/TLS in Server Settings in PGP Desktop and PGP Universal Satellite. (In PGP Desktop, select the PGP Messaging Control Box and then choose

Messaging > Edit Server Settings

. For

SSL/TLS

, select

Do Not Attempt

. In PGP Universal Satellite, on the

Policies

tab, select

Ignore SSL/TLS

.) These versions of Norton AntiVirus prevent all mail clients from using SSL/TLS, regardless of the use of PGP software.

Symantec Norton AntiVirus 8.x

y PGP Corporation does not recommend using PGP software with this version of Norton AntiVirus. PGP Corporation recommends that you upgrade to Norton AntiVirus version 10.x or later. [10419]

Trend Micro Antivirus 12.x, Trend Micro PC-cillin Internet Security 2005 y No special configuration required.

Personal Firewall Compatibility

y Zone Alarm: The Zone Alarm firewall, by default, restricts access to localhost. Because PGP Desktop redirects connections to localhost, this stops PGP Desktop from working correctly. To fix this, add localhost (127.0.0.1) as a trusted IP address in Zone Alarm (on the Firewall/Zones screen). Email proxying by PGP Desktop will work normally once this is accomplished. [6446]

y CyberArmor Personal Firewall: PGP Desktop 9.5 is not compatible with InfoExpress CyberArmor Personal Firewall versions 2.6.050802 or 3.2.050802 or prior. Before you install PGP Desktop, you must upgrade these versions: contact your helpline or the vendor (InfoExpress at support@infoexpress.com) for more information. [7010]

Citrix and Terminal Services Compatibility

PGP Desktop for Windows has been tested with the following terminal services software: y Citrix Presentation Server 4.0

Windows 2003 Terminal Services The following features of PGP Desktop for Windows are available in these environments, as specified:

y Email encryption is fully supported. y PGP Zip functionality is fully supported.

y PGP Shred functionality is fully supported.

y PGP Virtual Disks cannot be mounted at a drive letter over Citrix/TS, but can be mounted at directory mount points on NTFS volumes.

y PGP Whole Disk Encryption is not supported. y PGP NetShare is not supported.

Installation Instructions

 To install PGP Desktop on your Windows system:

1. Locate the PGP Desktop installer application and double-click it.

2. Follow the on-screen instructions.

Licensing

PGP Desktop uses a licensing system to determine what features will be active. Depending on the license you have, some or all PGP Desktop features will be active. Consult your PGP administrator if you have questions about what features are available with your license.

Use the Setup Assistant to enter your PGP Desktop license after installation. If you are in a domain protected by a PGP Universal Server, your PGP administrator may have configured your PGP Desktop installer with a license.

The PGP Desktop features that will be active on your system depend on the type of license you have: y PGP Desktop Professional 9.5 includes PGP Desktop Email and PGP Whole Disk Encryption. y PGP Desktop Storage 9.5 includes PGP Whole Disk Encryption and PGP NetShare.

y PGP Desktop Enterprise 9.5 includes PGP Desktop Email, PGP Whole Disk Encryption and PGP NetShare. You can also use PGP Desktop without a license, but for non-commercial use only. Commercial use of PGP Desktop without a license is a violation of the End-User License Agreement (EULA). If you choose to use PGP Desktop without a license (and you are legally permitted to do so under the EULA for non-commercial use), most PGP Desktop features will not work; only basic functionality will be available.

For more information about PGP Desktop licensing and purchase options, go to the PGP Store (https://store.pgp.com/) .

Additional Information

Installation

y Upgrading from standalone to managed builds: To migrate users who have been using PGP Desktop in standalone mode, a bound and stamped version of PGP Desktop must be installed over their existing, standalone installation and users must complete the enrollment process. (Provide a .msi file for Windows users to install a bound and stamped version.) [11498]

General

PGP Messaging

y MAPI and Message policies: Policies based on the condition "Message is <x>" are not currently supported with MAPI. [9448]

y Some email services and Internet Service Providers use multiple mail servers for a single DNS name in a round-robin fashion such that PGP Desktop may create multiple messaging services for a single email account. PGP Desktop ships with wildcard support for common email services, such as *.yahoo.com, *.mac.com, and *.earthlink.net. If you see PGP Desktop create multiple services for a single email account, and you check the settings and see that the settings are the same except that the mail server for the first service is mail1.example.com, the mail server for the second service is mail2.example.com, and the mail server for the third is mail3.example.com, and so on, then you need to change the server name on the Server Settings screen for one of the services to mail*.example.com, then delete the other services. [5611] y PGP Desktop 8.x and International Characters: Note that PGP Desktop 8.x did not support international characters in message body content. To use languages other than English in your message content, please ensure your correspondents are using at least PGP 9.0.0 or above. In some cases, you may be able to cause PGP Desktop 8.x or below to create a proper message by forcing the use of the UTF-8 character set. [11257, 11888]

y To ensure proper display of comments added to secured messages per the "Add a comment to secured messages" option, PGP Corporation recommends using ASCII text in the Comment field. [11127] y Japanese Characters and Current Window/Clipboard Processing: The Current Window/Clipboard

encryption and decryption features do not support ISO-2022-JP. [7489] y S/MIME Messages:

y RC2 128-bit S/MIME Messages: PGP Messaging does not support the decryption of RC2 128-bit S/MIME-encrypted email. [12140]

y RC2 40-bit S/MIME encryption: By default, some old Microsoft email clients default to RC2 40-bit S/MIME encryption. PGP Corporation considers this weak encryption and does not support it. Usually, simply replying with S/MIME to the sender of such a message will record your capability for strong encryption on the sending side and correct the issue. [11476]

y S/MIME-signed email messages: PGP may not process S/MIME signed emails if the signing X.509 certificate is not included in the email. The certificate is almost always included with the email unless the sender turns off this option. If the message is not processed by PGP, it may still be processed by the mail client application. [9489, 9491]

y S/MIME and MAPI: S/MIME users who intend to use S/MIME with MAPI should ensure that they have an X.509 certificate attached to their keys; otherwise, it is possible that these messages when saved in the Sent Items folder cannot be processed by PGP Desktop. [9858]

y Microsoft Outlook:

y MAPI/Exchange users and inline objects: If you are a MAPI/Exchange user, and you are sending messages containing embedded content in a proprietary format (inline objects), PGP Desktop will secure the complete message. This will cause inline objects to be readable/viewable only by recipients in a MAPI/Exchange environment. [5530]

y MAPI and attachments: If you have an Outlook MAPI email account, under some circumstances you may not be able to save attachments from an email message via the

File

menu (

File > Save

Attachments

). To save the attachments, open the message and save the attachments from within the

message. [5860]

y Outlook MAPI: If you are using Outlook in a MAPI environment, use the Messaging Log to confirm the validity of PGP signature annotations in message bodies unless the message was decrypted by your PGP Universal Server, which will do this for you. [6819 + 7304]

y Outlook 2000 MAPI: Composing messages while in offline mode when using Outlook 2000 with MAPI is not supported. [8165]

y Outlook Connector for Notes: The Outlook Connector for Notes that allows an Outlook client to emulate a Lotus Notes client is not supported. [7567]

y Outlook Offline Mode: If you force Outlook to send mail while it is in Offline Mode, or while you do not have network connectivity, PGP Universal Satellite may not process the message. To work around this issue, instead of clicking Send/Receive when in Offline Mode, go Online first and then click

Send/Receive. Note that in a PGP Universal Server protected environment, the server will apply policy to outbound messages if they were not processed by PGP Universal Satellite.

y Microsoft Outlook and Delivery receipts: While using PGP Universal Satellite, if you enable the Delivery receipt option for a Microsoft Outlook message on a POP or IMAP account, the Delivery receipt will never arrive, even after the message is in fact delivered. Note that Read receipts work correctly and MAPI accounts are not affected.

y Lotus Notes:

y A PGP messaging service may not be created properly if a Lotus Notes user name contains Japanese characters. To avoid this situation, use English alphanumeric characters in Lotus Notes IDs. [10852] y When a user has been disabled, email sent to the user is initially blocked. To work around this issue,

send the email again and email is sent in the clear, as expected. [12234]

y When a user has been disabled, and then re-enabled, the user must restart Lotus Notes to send encrypted email. [12236]

y When sending an encrypted attachment without also encrypting the message, the encrypted attachment is not automatically decrypted when received by Lotus Notes. [11969]

y Mozilla Thunderbird: If you are using Mozilla Thunderbird as your email client, you should change your message forwarding preference to

Inline

to make sure that messages you forward as attachments display correctly for Thunderbird IMAP users. To change the message forwarding preference to

Inline

, pull down

the

Tools

menu and select

Options

. Click the

Composition

icon, and then choose

Inline

from the

Forward Messages

drop-down menu. [5982]

y POP: Verizon POP accounts return an incorrect response when connecting to the POPS/SMTPS ports if you have not purchased Verizon’s Silver/Gold services. In this situation you must set the ports manually to 110/25 in the Policy user interface for the account, respectively, to avoid connecting to the normal ports. [NBN]

y SMTP: Activate SMTP AUTH in your email client if it is not currently active. [NBN]

y PGP license change: If you change the license for PGP Desktop from a license that does not support the PGP Messaging feature (PGP Whole Disk Encryption for Enterprises, for example) to a license that does support PGP messaging, you must reboot your system once the new license is accepted. This ensures that PGP Desktop can properly protect your messages. [8107]

y Instant Messaging:

y AIM Pro: PGP Desktop does not support AIM Pro. To use AIM Pro with unencrypted instant messages, change the port it uses to communicate with the AOL server from the default port 5190. Other standard ports used by AOL are 5191-5193.

y Multiple AIM connections: If your system has multiple ways to access the AIM service (LAN and wireless network accesses, for example), and you lose your connection to AIM but the AIM server doesn’t see the connection as lost, and your IM client accesses the AIM service again using the other network access, the AIM server will see you as signed in to the same AIM account from two locations. This will cause PGP Desktop to disable the AIM proxy because of the error condition and the AIM server will display a message telling you that your account is logged in from two different locations. To solve this problem, simply reply to the message from the AIM server with a 1. The old AIM session will be discontinued and PGP Desktop will encrypt the remaining AIM session. [NBN]

PGP NetShare

y A defect in Oracle JInitiator (#13125) prevents the PGP NetShare icon badges from appearing properly. If you use Oracle JInitiator, you may want to temporarily disable the icon badges by running the following command at the DOS prompt to unregister PGPfsshl.dll: regsvr32 /u PGPfsshl.dll. Please note that you

cannot view nor use the PGP NetShare Properties tab (available by right-clicking a NetShare file or folder) for protected files/ folders after issuing the command to unregister PGPfsshl.dll. [11542]

y Protected folders mounted on a Windows box from a UNIX system running Samba version 3.0.23 or 3.0.23a are not recognized as protected folders. To work around this issue, turn off Samba MSDFS support, either globally or on a per-share basis. To turn support off globally, in the smb.conf file, change the value of "host msdfs" to "no". To turn support off locally, in the smb.conf file, set "msdfs root" to "no". [11165]

PGP Whole Disk Encryption

y Certain types of removable flash devices cannot be encrypted with the vendor-supplied format. They must be formatted within Windows prior to encrypting. [12362]

y (Dell systems only) Advanced boot diagnostics that are normally accessible by pressing F12 during the boot process are not available on disks encrypted with WDE. To run advanced boot diagnostics using F12, first decrypt the disk, and then run diagnostics. [12120]

y In a Universal-managed environment, if a disk is encrypted with PGP Whole Disk Encryption prior to enrollment with PGP Universal, the Automatically Encrypt boot disk upon installation" must be selected on the PGP Universal Server for the Whole Disk Recovery Token (WDRT) to be uploaded to the PGP Universal Server; otherwise the token will not be automatically uploaded when the system is enrolled with PGP Universal. [12183]

y Supported Passphrase Characters: The chars "\", "|", "~" and "_" are not supported in PGP Whole Disk Encryption passphrases. Supported passphrase characters are defined in the PGP Desktop User’s Guide. [11551]

y Using PGP WDE-Protected Disks with PGP Desktop 9.0 and 9.5: Disks encrypted with PGP Desktop 9.0 can be used on aPGP Desktop 9.5 system, and work as expected. However, if you make any changes to the disk using PGP Desktop 9.5 software (such as changing the passphrase, adding or removing users, and so on), the disk will no longer function on the PGP Desktop 9.0 system. [11610, 11845]

y Disk Recovery: As a best practice, if you need to perform any disk recovery activities on a disk protected with PGP Whole Disk Encryption (WDE), PGP Corporation recommends that you first decrypt the disk (by using the P

GP Desktop Disk > Decrypt

option, your prepared PGP WDE Recovery Disk, or by connecting the hard disk via a USB cable to a second system and decrypting from that system's PGP Desktop software). Once the disk is decrypted, proceed with your recovery activities. [NBN]

y When resuming from Hibernation, an extra domain password prompt may appear even if Single Sign-on is active. [9935]

y PGP WDE recovery disks are compatible only with the version of PGP Desktop that created the recovery CD. For example, if you attempt to use a 9.0.x recovery disk to decrypt a disk protected with PGP WDE 9.5 software, it will render the PGP WDE 9.5 disk inoperable. [10556]

y PGP Whole Disk Encryption is compatible only with the BIOS configuration of Absolute Software's CompuTrace laptop security and tracking product. Using CompuTrace in MBR mode is not compatible. [10884]

y If you experience errors in attempting to encrypt your disk, we recommend you use disk defragmentation software (such as SpinRite) to ensure the health of your disk. If your disk is seriously fragmented, PGP Corporation recommends that you defragment your disk prior to encryption. [10561]

y The PGP Desktop UI is not compatible with logical drives contained on extended partitions. Therefore, if you are encrypting a logical drive on an extended partition, you will not receive visual feedback on the encrypted status of the drive and also will not be able to decrypt the drive using PGP Desktop; you will need to use PGP Command Line instead. [11365]

y Dell USB SK-8125 keyboard: Do not use the Dell USB SK-8125 keyboard if you are encrypting your boot drive using the PGP Whole Disk Encryption feature. The keyboard inserts extra characters under these circumstances and thus you can’t authenticate correctly. [5686]

y Programs incompatible with the PGP Whole Disk Encryption feature: Certain programs are

incompatible with the PGP Whole Disk Encryption feature; do not install these products on a system with PGP Desktop, and do not install PGP Desktop on a system with these products installed:

y Absolute Software's CompuTrace laptop security and tracking product. PGP Whole Disk Encryption is compatible only with the BIOS configuration of CompuTrace. Using CompuTrace in MBR mode is not compatible. [10884]

y Hard disk encryption products from GuardianEdge Technologies: Encryption Anywhere Hard Disk and Encryption Plus Hard Disk products, formerly known as PC Guardian products. [12005, 12065] The following programs will co-exist with PGP Desktop on the same system, but will block the PGP Whole Disk Encryption feature:

y Safeboot Solo y SecureStar SCPP

y Whole Disk Recovery Token and Aladdin eTokens: If you need to use a Whole Disk Recovery Token to log in to a drive that has been PGP Whole Disk Encrypted, be sure to remove any Aladdin eTokens from the system before you attempt to log in. [7505]

PGP Zip

y Self-decrypting archives: When the recipient of a self-decrypting archive (SDA) decrypts it, all dialogs that PGP Desktop displays will be in English, regardless of what version of PGP Desktop—English, German, or Japanese—was used to create the SDA and regardless of what language your system is currently running. This applies only to the dialogs that appear; filenames and the content of the SDA are not affected. [7144]

PGP Shred

y Wiping small files: Wiping small files (under 1 K) on some NTFS-formatted disks can leave remnants of the file behind due to an NTFS optimization that stores file data in internal data structures for very small files. These structures are not considered freespace even after deleting a file, and thus they also will not be wiped using PGP Desktop’s Freespace Wipe feature. In addition, NTFS supports Journaling, which can save wiped file data in an internal operating system cache. For the highest security wiping on NTFS disks, we

recommend starting your system from an OS on a different partition and using PGP Desktop’s option in the Freespace Wipe feature to overwrite these NTFS data structures (the

Wipe NTFS internal data

structures

checkbox). This does not affect FAT32 or other supported filesystems. [NBN]

Getting Assistance

This section provides contact information and additional resources.

Contacting Technical Support

y To learn about PGP support options and how to contact PGP Technical Support, please visit the PGP Corporation Support Home Page (http://www.pgp.com/support).

y To access the PGP Support forums, please visit PGP Support (http://forums.pgpsupport.com).

y To access the PGP Support Knowledge Base or request PGP Technical Support, please visit PGP Support Portal Web Site (http://www.pgpsupport.com). Note that you must have a valid support agreement to request Technical Support.

y For any other contacts at PGP, please visit the PGP Contacts Page (http://www.pgp.com/company/contact/index.html).

Available Documentation

PGP Desktop documentation is installed onto your computer during the installation process. To see it, select

Start >

Programs > PGP > Documentation

. All documents are saved as Adobe Acrobat Portable Document Format

(PDF) files. You can view and print these files with Adobe Acrobat Reader, available on the Adobe Web site (http://www.adobe.com). PGP Desktop also includes integrated Windows online help

.

Copyright and Trademarks

Copyright © 1991–2007 by PGP Corporation. All Rights Reserved. “PGP”, “Pretty Good Privacy”, and the PGP logo are registered trademarks and “Rest Secured” is a trademark of PGP Corporation in the U.S. and other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.