Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.8

• The client computer must have network connectivity to activate.
• To reduce initial encryption time, run the Windows Disk Cleanup Wizard to remove temporary files and any other unnecessary data.
• Windows Hello for Business support requires Endpoint Security Suite Enterprise v3.0 or later running on Windows 10.
• Windows Hello for Business support requires activation against a Dell Server running v11.0 or later.
• Turn off sleep mode during the initial encryption sweep to prevent an unattended computer from going to sleep. Encryption cannot occur on a sleeping computer (nor can decryption).
• Encryption does not support dual boot configurations since it is possible to encrypt system files of the other operating system, which would interfere with its operation.
• Dell Encryption cannot be upgraded to v2.7 from versions earlier than v1.6.0. Endpoints running versions prior to v1.6.0 must upgrade to v1.6.0 then upgrade to v2.7.
• Encryption now supports Audit Mode. Audit Mode allows administrators to deploy Encryption as part of the corporate image, rather than using a third-party SCCM or similar solution. For instructions about how to install Encryption on a corporate image, see KB article 129990.

• Encryption client is tested against and is compatible with several popular signature-based antiviruses and AI-driven antivirus solutions including McAfee Virus Scan Enterprise, McAfee Endpoint Security, Symantec Endpoint Protection, CylancePROTECT, CrowdStrike Falcon, Carbon Black Defense, and several others. Hard-coded exclusions are included by default for many antivirus providers to prevent incompatibilities between antivirus scanning and encryption.

  If your organization uses an unlisted antivirus provider or any compatibility issues are being seen, please see KB article 126046 or Contact Dell ProSupport for assistance validating configuration for interoperation between your software solutions and Dell Data Security solutions.

• Dell Encryption utilizes Intel's encryption instruction sets, Integrated Performance Primitives (IPP). For more information, see KB article 126015.
• The TPM is used for sealing the General Purpose Key. Therefore, if running Encryption, clear the TPM in the BIOS before installing a new operating system on the target computer.

• In-place operating system re-install is not supported. To re-install the operating system, perform a backup of the target computer, wipe the computer, install the operating system, then recover the encrypted data following established recovery procedures.

• The master installer installs these components if not already installed on the target computer. When using the child installer, you must install these components before installing the clients.

  Prerequisite

  Visual C++ 2012 Update 4 or later Redistributable Package (x86 or x64) Visual C++ 2017 or later Redistributable Package (x86 or x64) As of January 2020, SHA1 signing certificates are no longer valid and cannot be renewed. Devices running Windows Server 2008 R2 must install Microsoft KBs https://support.microsoft.com/help/4474419 and https://support.microsoft.com/help/4490628 to validate SHA256 signing certificates on applications and installation packages. Applications and installation packages signed with SHA1 certificates will function but an error will display on the endpoint during installation or execution of the application without these updates installed

• The Secured Windows Hibernation File and Prevent Unsecured Hibernation policies are not supported in UEFI mode.
• Deferred activation allows the Active Directory user account used during activation to be independent of the account used to login to the endpoint. Instead of the network provider capturing the authentication information, the user instead manually specifies the Active Directory-based account when prompted. Once the credentials are entered, the authentication information is securely sent to the Dell Server which validates it against the configured Active Directory domains. For more information, see KB article 124736.

• Following Windows 10 feature upgrade, a restart is required to finalize Dell Encryption. The following message displays in the notification area after Windows 10 feature upgrades:

  

Hardware

• The following table details supported hardware.

  Optional Embedded Hardware
  TPM 1.2 or 2.0

Operating Systems

• The following table details supported operating systems.

  Windows Operating Systems (32- and 64-bit)

  Windows 10: Education, Enterprise, Pro v1909-v22H2 (November 2019 Update/19H2 - November 2022 Update/22H2) Note: OEMs and ODMs do not ship Windows 10 v2004 (May 2020 Update/20H1 and later) with 32-bit architecture. For more information, see https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview. Windows 10 2019 LTSC Windows 10 2021 LTSC Windows 11: Enterprise, Pro v21H2 - 22H2 Deferred Activation includes support for all of the above

Encryption External Media

• External media must have approximately 55MB available plus open space on the media that is equal to the largest file to be encrypted to host Encryption External Media.
• The following table details the operating systems supported when accessing media protected by Encryption External Media:

  Windows Operating Systems Supported to Access Encrypted Media (32- and 64-bit)

  Windows 10: Education, Enterprise, Pro v1909-v22H2 (November 2019 Update/19H2 - November 2022 Update/22H2) Note: OEMs and ODMs do not ship Windows 10 v2004 (May 2020 Update/20H1 and later) with 32-bit architecture. For more information, see https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview. Windows 10 2019 LTSC Windows 10 2021 LTSC Windows 11: Enterprise, Pro v21H2 - 22H2 Deferred Activation includes support for all of the above

  Mac Operating Systems Supported to Access Encrypted Media (64-bit kernels)
  macOS High Sierra 10.13.5 - 10.13.6 macOS Mojave 10.14.0 - 10.14.4 macOS Catalina 10.15.5 - 10.15.6