Trend Micro Endpoint Encryption 5.0 Patch 3 Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • about
    • account types [1]
    • authentication [1]
    • client-server architecture [1]
    • Encryption Management for Microsoft BitLocker [1]
    • Endpoint Encryption [1]
    • Endpoint Encryption Service [1]
    • File Encryption [1] [2]
    • FIPS [1]
    • Full Disk Encryption
      • Encryption Management for Apple FileVault [1]
      • Encryption Management for Microsoft BitLocker [1]
    • groups [1]
    • Legacy Web Service [1]
    • Maintenance Agreement [1]
    • OfficeScan [1]
    • PolicyServer [1] [2] [3]
    • users [1]
    • widgets [1]
  • aboutEncryption Management for Apple FileVault [1]
  • Accessibility
    • on-screen keyboard [1]
  • accounts
  • Active Directory [1] [2] [3] [4] [5]
  • agents [1]
  • agent tree [1] [2]
    • about [1]
    • specific tasks [1]
  • alerts [1]
  • appendices [1]
  • authentication [1] [2]
  • authentication methods [1]
  • automatic deployment settings
    • Scheduled Download [1]
  • centrally managed [1]
  • central management [1] [2]
  • changing passwords [1]
  • changing setting permissions [1]
  • client-server architecture [1]
  • ColorCode [1] [2]
  • Command Line Helper [1] [2] [3]
  • Command Line Helper Installer [1]
  • community [1]
  • components
    • downloading [1]
  • configuring [1]
    • managed products [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • user accounts [1]
  • configuring proxy settings
    • managed server list [1]
  • Control Manager [1] [2] [3] [4] [5]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • Control Manager integration [1] [2] [3] [4]
  • copying policy settings [1]
  • creating
  • creating policies
    • centrally managed [1]
    • copying settings [1]
    • setting permissions [1]
  • CSV [1]
  • DAAutoLogin [1] [2] [3]
  • dashboard
  • data protection [1]
  • data recovery [1]
  • data views
    • understand [1]
  • Decrypt Disk [1]
  • decryption
    • Recovery Console [1]
  • deleting
  • deleting policies [1]
  • demilitarized zone [1]
  • deployment
  • deployment plans [1]
  • device [1]
  • devices [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • domain authentication [1]
    • File Encryption [1]
  • Download Center [1]
  • download components
  • downloading and deploying components [1]
  • draft policies [1]
  • editing managed servers [1]
  • editing policies [1] [2] [3]
  • encryption [1] [2]
  • Encryption Management for Apple FileVault
  • Encryption Management for Microsoft BitLocker
  • Endpoint Encryption
  • enhancements [1]
  • error messages
  • features [1]
  • File Encryption [1]
    • agent service [1]
    • authentication [1]
    • changing password [1]
    • file encryption [1]
    • first-time use [1]
    • PolicyServer sync [1]
    • Remote Help [1] [2]
    • reset password [1] [2]
    • secure delete [1]
    • single sign-on [1]
    • tray icon
    • unlock device [1] [2]
  • filtered policies [1]
    • reordering [1]
  • FIPS
    • about [1]
    • FIPS 140-2 [1]
    • security levels [1]
  • fixed password [1]
  • folders
  • Full Disk Encryption [1]
    • agent service [1]
    • authentication [1] [2]
      • changing password [1]
    • change [1] [2]
    • change PolicyServer [1]
    • changing enterprises [1]
    • clean up files [1]
    • connectivity [1]
    • Decrypt Disk [1]
    • menu options [1]
    • network configuration [1]
    • Network Setup [1]
    • patching [1]
    • PolicyServer settings [1]
    • port settings [1]
    • Recovery Console [1]
      • manage policies [1]
      • manage users [1]
      • Windows [1]
    • recovery methods [1]
    • Remote Help [1] [2]
    • Self Help [1]
    • synchronize policies [1]
    • TCP/IP access [1]
    • tools [1]
    • uninstall [1]
    • Windows patches [1]
  • Full Disk Encryption Preboot [1]
    • authentication [1]
    • keyboard layout [1]
    • menu options [1]
    • network connectivity [1]
    • on-screen keyboard [1]
    • wireless connection [1]
  • groups [1] [2]
    • creating offline groups [1]
    • install to group [1]
    • modifying [1]
    • offline groups [1]
    • remove device [1] [2]
    • removing [1]
    • subgroups [1]
    • types [1]
  • help desk policies [1]
  • importing users [1]
  • key features [1]
  • LDAP [1]
  • LDAP Proxy [1] [2]
  • log events [1] [2]
  • logs [1] [2] [3]
    • alerts [1]
    • managing events [1]
    • querying [1]
    • setting alerts [1]
  • maintenance [1]
  • Maintenance Agreement
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managed server list [1]
    • configuring proxy settings [1]
    • editing servers [1]
  • manually download components [1]
  • MBR
    • replacing [1]
  • MCP [1] [2]
  • modifying
  • Network Setup [1]
  • OfficeScan
    • uninstalling agents [1]
  • online
    • community [1]
  • on-screen keyboard [1]
  • passwords [1] [2] [3]
    • change fixed password [1]
    • change method [1]
    • Remote Help [1]
    • resetting [1] [2] [3]
      • Active Directory [1]
      • Enterprise Administrator [1]
      • Enterprise Authenticator [1]
      • Group Administrator [1]
      • Group Authenticator [1]
      • user [1] [2]
    • resetting active directory [1]
    • resetting Enterprise Administrator/Authenticator [1]
    • resetting fixed password [1]
    • resetting Policy Administrator/Authenticator [1]
    • resetting to fixed password [1]
    • resetting user [1] [2]
    • Self Help [1]
  • pending targets [1]
  • Personal Identification Number (PIN) [1]
  • PIN [1]
  • Plug-in Manager [1]
  • policies [1] [2]
  • policy
    • install devices [1]
  • policy control [1]
  • policy list [1] [2]
  • policy management [1]
    • centrally managed [1]
    • copying policy settings [1]
    • deleting policies [1]
    • draft policies [1]
    • editing managed servers [1]
    • editing policies [1] [2] [3]
    • filtered policies [1]
    • managed server list [1]
    • pending targets [1]
    • policy list [1] [2]
    • policy priority [1] [2]
    • reordering policies [1]
    • setting permissions [1]
    • specified policies [1]
    • targets [1]
    • understanding [1]
    • upgrading policy templates [1]
  • policy mapping
    • Control Manager [1]
    • PolicyServer [1]
  • policy priority [1]
  • PolicyServer
  • PolicyServer MMC [1] [2] [3]
  • policy settings
  • policy targets [1]
  • policy templates [1]
  • policy types
  • product components [1]
  • product definitions [1]
  • Product Directory
    • deploying components [1]
  • product overview [1]
  • proxy settings
    • managed server list [1]
  • query logs [1]
  • recovering
    • managed products [1]
  • recovery
    • clean up files [1]
  • recovery console
  • Recovery Console [1]
    • access [1]
    • changing enterprises [1]
    • changing PolicyServer [1] [2]
    • Decrypt Disk [1]
    • functions [1]
    • log on [1]
    • manage policies [1]
    • manage users [1]
    • Mount Partitions [1]
    • network configuration [1]
    • Network Setup [1]
    • recovery methods [1]
    • Repair CD [1]
    • Restore Boot [1]
    • users
    • view logs [1]
    • Wi-Fi [1]
  • recovery methods [1]
  • registering
    • to Control Manager [1]
  • registration
  • Remote Help [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]
  • renaming
    • folders [1]
    • managed products [1]
  • Repair CD [1] [2] [3]
    • data recovery [1]
    • decryption [1]
  • reporting [1] [2]
  • reports [1] [2] [3]
  • report templates [1]
  • Restore Boot [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • searching
    • managed products [1]
  • security
    • account lock [1] [2]
    • account lockout action [1] [2]
    • account lockout period [1] [2]
    • anti-malware/antivirus protection [1]
    • device lock [1] [2]
    • erase device [1] [2]
    • failed login attempts allowed [1] [2]
    • remote authentication required [1] [2]
    • time delay [1] [2]
  • Self Help [1] [2] [3] [4]
    • answers [1]
    • defining answers [1]
    • password support [1]
  • setting permissions [1]
  • showing permissions [1]
  • smart card [1] [2] [3]
    • authentication [1]
  • smart cards [1] [2] [3]
  • specified policies [1]
  • SSO [1]
  • summary dashboard [1]
    • adding tabs [1]
    • deleting tabs [1]
    • modifying tabs [1]
    • tabs [1]
  • support
    • knowledge base [1]
    • resolve issues faster [1]
    • TrendLabs [1]
  • tabs
    • about [1]
    • deleting [1]
    • modifying [1]
    • summary dashboard [1]
  • targets [1]
  • terminology [1]
  • tokens [1] [2] [3]
  • tools
    • Command Line Helper [1]
    • DAAutoLogin [1]
    • Recovery Console [1]
    • Repair CD [1]
  • top group [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager
    • managed product user access [1]
    • registering to [1]
  • trial license [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • understanding
    • Endpoint Encryption [1]
  • uninstalling
  • upgrading policy templates [1]
  • URLs
    • registration [1]
  • users [1] [2] [3] [4]
    • Active Directory passwords [1]
    • adding [1] [2]
    • adding existing user to group [1] [2] [3]
    • adding existing user to policy [1]
    • adding new user to group [1] [2] [3]
    • add new enterprise user [1] [2]
    • change default group [1]
    • change default policy [1]
    • finding [1]
    • group membership [1]
    • group vs enterprise changes [1]
    • import from AD [1] [2]
    • importing with CSV [1]
    • install to group [1]
    • install to policy [1]
    • lockout [1] [2]
    • modifying [1]
    • passwords [1] [2]
    • policy membership [1]
    • remove from group [1] [2]
    • remove user from policy [1]
    • restore deleted [1] [2] [3]
  • users and groups [1]
  • viewing
    • managed products logs [1]
  • widgets
    • adding [1]
    • adding tabs [1]
    • configuring [1]
    • customizing [1]
    • deleting [1]
    • description [1]
    • Endpoint Encryption [1]
    • Endpoint Encryption Device Lockout [1]
    • Endpoint Encryption Security Violations Report [1]
    • Endpoint Encryption Status [1]
    • Endpoint Encryption Unsuccessful Device Logon [1]
    • Endpoint Encryption Unsuccessful User Logon [1]
    • options [1]
    • understanding [1]
  • Wi-Fi [1] [2]
  • Windows patch management [1]

What's New in Version 5.0 Patch 3 Parent topic

Trend Micro Endpoint Encryption 5.0 Patch 3 offers the following new features and enhancements.

What's New in Endpoint Encryption 5.0 Patch 3

Features / Enhancements
Description
Supported Platforms
Endpoint Encryption supports agent installation on the following platforms:
  • Windows 10 (32-bit/64-bit)
    Supported agents: Full Disk Encryption and File Encryption
  • Windows 10 Enterprise and Professional editions (32-bit/64-bit)
    Supported agent: Encryption Management for Microsoft BitLocker
  • Windows Embedded POSReady 7 (32-bit/64-bit)
    Supported agents: Full Disk Encryption, File Encryption, and Encryption Management for Microsoft BitLocker
  • Mac OS X El Capitan
    Supported agent: Encryption Management for Apple FileVault
In-place Windows Upgrade
Endpoint Encryption supports upgrading devices encrypted by Full Disk Encryption to Windows 8.1 and Windows 10 without decrypting the boot device.
To perform an in-place Windows upgrade, you will need to modify the Windows ISO file.
Wi-Fi Settings Enhancements
To prevent users from unintentionally modifying Wi-Fi settings, the Wi-Fi settings have been enhanced as follows:
  • Adminstrators can apply a policy to prevent or allow users to configure Wi-Fi settings. To modify the Wi-Fi settings policy, on PolicyServer MMC, go to PoliciesFull Disk EncryptionAgentAllow User to Configure Wi-Fi.
  • Wi-Fi settings have been moved to the Recovery Console accessible from the Full Disk Encryption Preboot. To see the Wi-Fi settings, on the preboot Recovery Console, go to the Wi-Fi tab on the Network Setup screen. If users are allowed to configure Wi-Fi settings, users can still use the wireless connection icon (fde_wifi.jpg) to access Wi-Fi settings.
Active Directory Fine-Grained Password Policy Support
Endpoint Encryption supports fine-grained password and account lockout policies for Windows Server 2008 and Windows Server 2012 Active Directory servers. To enable this feature, add the PolicyServer computer to the Password Setting object (PSO) Security list on the Active Directory server.
Usability Enhancement
The Full Disk Encryption preboot logon screen now displays indicators if Caps Lock or Num Lock are enabled.

What's New in Endpoint Encryption 5.0 Patch 2

New Feature
Description
Active Directory Synchronization across Multiple OUs
Endpoint Encryption now supports policy enforcement, authentication, and synchronization across multiple organizational units (OUs). This enhancement allows administrators to manage users with the same policy over different security groups, cross-functional groups, or regional groups. Endpoint Encryption requires that separate OUs must be within the same Active Directory tree.
Simplified Active Directory Integration
The process for enabling automatic account synchronization from Active Directory has been streamlined. When managing Endpoint Encryption from Control Manager, administrators no longer need to access PolicyServer MMC in addition to the Control Manager web console.
In addition, when configuring Active Directory from PolicyServer MMC, administrators no longer need to use the AD Synchronization Configuration Tool to complete configuration.
Supported Platforms
Endpoint Encryption supports PolicyServer installation on the following operating systems:
  • Windows Server 2012
  • Windows Server 2012 R2
Endpoint Encryption supports the following database management systems for PolicyServer:
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2012 Express
Endpoint Encryption supports Encryption Management for Apple FileVault installation on the following operating system:
  • Mac OS X Yosemite™
Automated Deployment of Encryption Management for Apple FileVault
Endpoint Encryption supports automated deployments of Encryption Management for Apple FileVault agents. The process uses the same parameters and Command Line Helper tool for automated deployments of Full Disk Encryption, File Encryption, and Encryption Management for Microsoft BitLocker agents.
SanDisk Self-Encrypting SSD Support
Endpoint Encryption supports enabling and disabling of hardware-based full disk encryption of SanDisk™ self-encrypting solid-state drives (SSDs).

What's New in Endpoint Encryption 5.0 Patch 1

New Feature
Description
Control Manager License Management
Endpoint Encryption PolicyServer integrates with Control Manager License Management. Control Manager supports the following features with Endpoint Encryption:
  • View the current Endpoint Encryption license information
  • Deploy a full license to PolicyServer
  • Renew a license to PolicyServer
Control Manager User-Centered Visibility
Endpoint Encryption integrates with Control Manager User-Centered Visibility. The status logs sent to Control Manager include the user information for the following Endpoint Encryption agents:
  • Full Disk Encryption
  • File Encryption
  • Encryption Management for Microsoft BitLocker
  • Encryption Management for Apple FileVault
NIC and Wi-Fi adapter Support
Endpoint Encryption supports the following groups of network interface controllers (NIC):
  • Intel Ethernet Controller l217 Family
  • Intel Ethernet Controller l218 Family
Endpoint Encryption also supports the Intel Dual Band AC 7260 Wi-Fi adapter.

What's New in Endpoint Encryption 5.0

New Feature
Description
New Communication Interface
Endpoint Encryption 5.0 introduces a new communication interface (Endpoint Encryption Service) that all Endpoint Encryption 5.0 agents and management consoles use to communicate with PolicyServer. Endpoint Encryption Service uses a Representational State Transfer web API (RESTful) with an AES-GCM encryption algorithm. Endpoint Encryption Service has three key features:
  • Access control: After user authentication, PolicyServer generates a token for that user in that session only.
  • Policy control: Before user authentication, Endpoint Encryption Service restricts all PolicyServer MMC, Control Manager, and OfficeScan policy transactions until after user authentication.
  • Automatic policy updates: After successfully registering with PolicyServer, Endpoint Encryption agents automatically obtain new policies without user authentication.
Control Manager Integration
Endpoint Encryption 5.0 integrates Control Manager for PolicyServer management.
For information about Control Manager, see About Control Manager Integration.
OfficeScan Integration
Endpoint Encryption 5.0 provides support for OfficeScan deployments. Use the new Endpoint Encryption Deployment Tool plug-in to centrally deploy or uninstall Endpoint Encryption agents to any endpoint currently managed by OfficeScan.
License Management
Endpoint Encryption 5.0 integrates with the Trend Micro licensing portal. As in previous product versions, you can try Endpoint Encryption free for 30 days. After the trial license expires, an Activation Code is required.
For information about licensing, see Maintenance Agreement.
Support for Apple FileVault™ and Microsoft BitLocker™
Endpoint Encryption 5.0 advances Full Disk Encryption by integrating with encryption solutions built into the host operating system through two new Endpoint Encryption agents:
  • Encryption Management for Microsoft BitLocker
  • Encryption Management for Apple FileVault
PolicyServer centrally manages both agents with policy controls to remotely wipe or kill the Endpoint Encryption device.
FileArmor Name Change and Move to Common Framework
Endpoint Encryption 5.0 renames the FileArmor agent to File Encryption to better match the Endpoint Encryption agent's new functionality. File Encryption has the benefits from FileArmor 3.1.3, including improved support for removable media.
File Encryption is also now better aligned with Full Disk Encryption for improved password and policy management.
Maintenance, Log, and Report Enhancements
Endpoint Encryption 5.0 has several improvements to product maintenance, logs and reports.
  • Mechanism to purge log database: It is now possible to purge the log database based on specific criteria.
  • Delete inactive Endpoint Encryption users and devices: To clean up the Enterprise devices and users, it is now possible to purge devices and users that are inactive for a specified time period.
  • Enterprise report for inactive users: The new Enterprise report shows all Endpoint Encryption users who have not logged on Endpoint Encryption devices for a specified period of time.
  • Enterprise report for inactive devices: The new Enterprise report shows all Endpoint Encryption devices that have not been logged on to for a specified duration of time.
Smart Card Enhancements
Endpoint Encryption 5.0 provides the following smart card enhancements:
  • Improved Endpoint Encryption agent deployment in environments using smart cards
  • Support for smart card password-sharing