Supported Platform

SecureCloud now supports the following platform:

Recovery Tool

Many situations can occur that might prevent a user from starting a computer or retrieving a key from a key request. All of these problems will effectively prevent a user from accessing a boot volume that has been encrypted on SecureCloud. Trend Micro has implemented a Recovery Tool that allows technical support or development engineers to repair components on computers that are having such problems so that boot volumes can return to accessibility again. Contact technical support for more information.

SecureCloud Agent Logs Changed to UTC

To maintain consistency between the Key Management Server and the SecureCloud Agent, the SecureCloud Agent now uses the UTC local time for agent logs.

Passphrase Update

To reduce some potential problems with command line configurations, SecureCloud has limited the valid special characters for use with passphrases. Passphrases chosen before upgrading SecureCloud are not affected, and users will be notified of the valid characters the next time they change their passphrases.

Legacy SecureCloud Agent Provisioning

This feature allows users who have existing registered devices with the version 2.0 or 3.0 SecureCloud Agent to maintain their legacy environments, but still provision and encrypt new volumes attached to those devices with SecureCloud 3.6. Refer to Managing Devices on Legacy SecureCloud Agents for more information.

Format-Erasing Encryption

In previous versions of SecureCloud, when a user encrypted a data volume, SecureCloud erased all of the data form the volume before encryption. SecureCloud version 3.5 exclusively used "in-place encryption", which preserved data when encrypting. In SecureCloud version 3.6 SP1, users can choose which method of encryption they wish to do: in-place encryption or format-erasing encryption, which is the method that the previous versions used. Format-erasing encryption is optional, but may be faster and easier to use for certain users. Options to preserve or erase existing data have been added to all methods found in Provisioning Devices.

Boot Volume Encryption for Amazon Web Services EC2

Specific Policy Rules for Amazon Web Services EC2

Policy rules have been divided into two categories: General Policy Rules and CSP-Specific Policy Rules. General policy rules are rules that affect all devices regardless of what computers or instances they are on. CSP-specific policy rules only affect devices managed by their specific Cloud Service Providers. This allows users to set rules that use data specific only to those CSPs. This version introduces policy rules specific to Amazon Web Services. Refer to CSP-Specific Policy Rules for more information.

Previously Encrypted Device Recognition

This enhancement allows a user to clone or move an encrypted device to another SecureCloud Agent, or clone that device onto the same SecureCloud Agent, without needing to import the encryption key. Refer to Previously Encrypted Device Recognition for more information.

Static IP Address Support for Boot Volume Encryption

SecureCloud supports boot volume encryption for boot configurations that use either dynamically assigned IP addresses or static IP addresses. The SecureCloud Agent detects the network settings of the main operating system and applies them to the pre-boot operating system. The SecureCloud Agent also updates these settings when agent starts or stops.