Known Issues

This section describes the Endpoint Encryption issues and limitations grouped according to agent or console.

PolicyServer MMC Issues

The following are the PolicyServer MMC issues and limitations:

  1. If a domain user has the Enterprise Administrator or Enterprise Authenticator role, no event log is created when Active Directory synchronization is unsuccessful.

  2. PolicyServer MMC is unable to display information for multiple enterprises. PolicyServer is only able to display the first enterprise entered into PolicyServer MMC.

Control Manager Integration Issues

The following are the Control Manager issues and limitations:

  1. After deploying a new policy from Control Manager to PolicyServer, a new policy group does not immediately appear in PolicyServer MMC. To see the new policy group, log off from PolicyServer MMC and log back on.

  2. Users cannot be added to the policy if the Users panel in Control Manager Policy Management is disabled.

  3. Deleting a policy that was created in Control Manager does not delete the policy from PolicyServer. The policy can still be viewed in PolicyServer MMC.

Endpoint Encryption Deployment Tool Plug-in Issues

The following are the Endpoint Encryption Deployment Tool plug-in issues and limitations:

  1. If the OfficeScan administrator tries to deploy server settings to PolicyServer using an Endpoint Encryption user account, an error message returns that the connection was unsuccessful.

  2. Plug-in Manager does not display an error message when installing the Endpoint Encryption Deployment Tool Plug-in on a server that does not meet the minimum system requirement of 1 GB free hard disk space.

  3. The Endpoint Encryption device may still appear in Plug-in Manager even after the Endpoint Encryption agent has been uninstalled. Agents will disappear the next time that PolicyServer synchronizes with OfficeScan and the Plug-In Manager screen refreshes.

  4. Endpoint Encryption users with a one-time password (OTP) are only allowed to deploy agents using the Endpoint Encryption Deployment Tool Plug-in once. All future deployments are unsuccessful. After the first deployment, the user must set a fixed password before performing deployment again.

  5. When the uninstall command is deployed from OfficeScan to Full Disk Encryption devices, the message "Successful agent uninstallation request" appears before uninstallation has completed. Endpoint Encryption decrypts the endpoint before completing uninstallation.

Full Disk Encryption Issues

The following are the Full Disk Encryption issues and limitations.

  1. Full Disk Encryption does not support endpoints with multiple hard drives.

  2. The Full Disk Encryption preboot login may encounter reduced performance if the Wi-Fi adapter is connected to an access point with no network access to PolicyServer.

    This issue occurs when the PolicyServer IP address is used during Full Disk Encryption installation. Use the PolicyServer FQDN during installation to resolve the issue.

  3. The Full Disk Encryption preboot Wi-Fi is unable to automatically detect access points with WEP-Shared security.

    Manually specify WEP-OPEN or WEP-PSK security.

  4. The Full Disk Encryption preboot is unable to log on Windows 8, 8.1, or 10 when installed on a virtual machine using VMWare Workstation with the e1000e Ethernet driver.

    The e1000e Ethernet driver is the default driver for Windows 8 and 8.1. Full Disk Encryption does not support the e1000e Ethernet driver.

    To resolve this issue, change the driver to e1000:

    1. Shut down VMWare Workstation.

    2. Using a text editor, open the vmware.vmx file.

    3. Find the driver line:

      ethernet0.virtualDev = "e1000e"

    4. Change "e1000e" to "e1000".

    5. Save the file and restart the virtual machine.

  5. Full Disk Encryption displays an error message and is unable to lock the system when the "LockDeviceTimeDelay" policy is 999999 minutes.

  6. Full Disk Encryption is unable to log on by single sign-on when the endpoint wakes from hibernation.

  7. When a user logs on Full Disk Encryption, the tray icon shows the correct user name. However, if the user logs off after the endpoint hibernates and another user logs on, the user name stills shows the previous user name. No user data is at risk.

  8. Toshiba Tecra computers with self-encrypting drives may be unable to run Windows after installing Full Disk Encryption.

  9. The Full Disk Encryption preboot does not support combinations of characters with the "AltGr" key when using a Spanish keyboard layout.

  10. The Full Disk Encryption preboot is unable to control the Num Lock indicator for some HP laptops. In those cases, the Num Lock indicator can be configured in the BIOS settings.

  11. Full Disk Encryption does not support installation alongside other third-party full disk encryption products. If multiple encryption products are installed on the same endpoint, the endpoint may be unable to start Windows and may display a blue screen error message.

  12. The Full Disk Encryption Recovery Tool is unable to communicate with PolicyServer in a pure IPv6 network.

    To avoid this issue, ensure that your network includes an IPv4 connection to PolicyServer.

  13. The Full Disk Encryption Recovery Tool may encounter errors when logging on Zoom by single-sign on, or by using Google or Facebook accounts.

    To avoid this issue, only use Zoom to connect to meetings hosted by Trend Micro support. Do not attempt to host meetings through the Recovery Tool.

File Encryption Issues

The following are the Full Disk Encryption issues and limitations.

  1. If you attempt to delete files or folders in an encrypted folder, Windows prompts the following error: "Can't read from the source file or disk."

    This error occurs because File Encryption is unable to move deleted files and folders in an encrypted folder to the Recycle Bin. To delete files and folders in an encrypted folder, use the permanent delete command Shift + Delete.

  2. File Encryption does not support "Self Help" questions and answers. At registration, if the Endpoint Encryption user goes to the "Change Password" screen, the user should be given "Self Help" challenge questions.

  3. After upgrading PolicyServer and File Encryption from 3.1.3 SP1 to 5.0, policies are unable to synchronize if the File Encryption 3.1.3 agent uses port 8080 (TMEE Service) during registration.

  4. After upgrading PolicyServer and File Encryption from 3.1.3 SP1 to 5.0, authentication is locked at the "Change Password" screen if the File Encryption 3.1.3 agent used port 8080 (TMEE Service port) during registration.

  5. Uninstalling File Encryption without restarting the endpoint does not automatically remove the program from the Add/Remove Programs list.

  6. The legal notice does not appear when the endpoint starts.

  7. The File Encryption agent desktop shortcut and agent icon flash when the File Encryption agent synchronizes with PolicyServer.

Encryption Management for Microsoft BitLocker Issues

There are no known issues for Encryption Management for Microsoft BitLocker in this release.

Encryption Management for Apple FileVault Issues

There are no known issues for Encryption Management for Microsoft BitLocker in this release.