Dell Endpoint Security Suite Enterprise Technical Advisories v3.9

Advanced Threat Prevention v1.4

• Setting an Action in a Client Firewall rule to Block IPv4 traffic prevents client connectivity with the Dell Server. Do not set such an Action when running in Connected Mode. [DDPC-5716]
• The Client Firewall and Web Protection features of Endpoint Security Suite Enterprise v1.4 require Dell Enterprise Server or VE v9.7 or later. Before upgrading clients to use these features, Dell Server v9.7 or later must be installed and the policy, Memory Action: Exclude executable files, must be enforced on pre-v1.4 clients. Prior to client upgrade to the new features, refer to Upgrade to Endpoint Security Suite Enterprise v1.4 for the policy's new default value. Do not begin client upgrade before the new policy is enforced on the client. [DDPS-5112]
• Endpoint Security Suite Enterprise will be supported with the Windows 10 Creators Update (Redstone 2 release) in a later release.

Technical Advisories - Auto-Updates

For information about periodic Advanced Threat Prevention updates for enterprises enrolled for Agent Auto Update on the Dell Server, see http://www.dell.com/support/article/us/en/19/SLN305419/dell-data-protection-endpoint-security-suite-enterprise-and-dell-data-protection-threat-defense-release-notes?lang=EN. Select the Saas Updates tab.

For instructions on how to enroll for Agent Auto Update on the Dell Server, refer to AdminHelp, accessible from the Remote Management Console.

Encryption Client v8.13

• After policy update that requires reboot, the reboot prompt occasionally displays off-screen on the Dell Latitude 7280. [DDPC-5376]
• Encryption overlay icons display on unmanaged users' files when overlay icons are enabled for managed users on the same computer. [DDPC-5415]
• High resolution prevents use of the recovery option on the Precision Mobile Workstation 7520 and 7720, due to the sizing of the recovery user interface. [DDPC-5421]
• The Local Management Console temporarily displays the messages "No fixed storage is found" and "Not connected to the encryption system" when running the Encryption client on a virtual machine that is paused after an Encryption sweep with the registry entry, EnableNGMetadata, enabled. To immediately work around this issue, close then reopen the Local Management Console. [DDPC-5567]
• On some computers, a file extraction error displays during prerequisite installation. To work around this issue if it occurs, delete files in the \temp folder and resume installation. [DDPC-5582]
• An executable file cannot be run a second time from EMS Explorer if the user runs the file but then cancels the operation at the prompt after entering the EMS password. To work around this issue, close then reopen EMS Explorer and run the file. [DDPC-5781]
• On some computers, Microsoft KB4015219 may fail to install. [DDPC-5789]

Preboot Authentication v8.13

• Amended 8/2017 - Preboot Authentication fails with some docking stations and adapters. For a list of docking stations and adapters that are supported with PBA, see www.dell.com/support/article/us/en/19/sln296720/. [DDPC-2693, DDPC-6228]

SED Client v8.13

• Amended 7/2017 - Configuration of self-encrypting drives for Dell’s SED management differ between NVMe and non-NVMe (SATA) drives, as follows.

  • Any NVMe drive that is being leveraged as an SED – The BIOS’ SATA operation must be set to RAID ON, as Dell’s SED management does not support AHCI on NVMe drives.
  • Any NVMe drive that is being leveraged as an SED – The BIOS's boot mode must be UEFI and Legacy option ROMs must be disabled.
  • Any non-NVMe drive that is being leveraged as an SED – The BIOS’ SATA operation must be set to AHCI, as Dell’s SED management does not support RAID with non-NVMe drives.
    • RAID ON is not supported because access to read and write RAID-related data (at a sector that is not available on a locked non-NVMe drive) is not accessible at start-up, and cannot wait to read this data until after the user is logged on.
    • The operating system will crash when switched from RAID ON > AHCI if the AHCI controller drivers are not pre-installed. For instructions on how to switch from RAID > AHCI (or vice versa), see http://www.dell.com/support/article/us/en/19/SLN306460.

  Supported OPAL compliant SEDs require updated Intel Rapid Storage Technology Drivers, located at http://www.dell.com/support/home/us/en/19/product-support/product/dell-dp-endpt-security-suite-enterprise/drivers.

  Dell recommends Intel Rapid Storage Technology Driver version 15.2.0.0 or later, with NVMe drives.

  [DDPC-5941, DDPC-6219]

BitLocker Manager v8.13

• The top part of the option "Use a password to unlock the drive" is cut off in the BitLocker Drive Encryption dialog. [DDPC-5728]
• Added 8/2017 - Due to changes to Microsoft validation profiles level (PCRs), BitLocker Manager might not begin encrypting on Windows 10. To correct this issue, obtain and apply the Enterprise Server v9.7 update that corrects this issue or upgrade to Security Management Server v9.8. For more information about the v9.7 update, see http://www.dell.com/support/article/us/en/19/sln305948/. [DDPC-5790]