Full Disk Encryption Issues

The following are the Full Disk Encryption issues and limitations.

1. The Full Disk Encryption preboot login may encounter reduced performance if the Wi-Fi adapter is connected to an access point with no network access to PolicyServer.

   This issue occurs when the PolicyServer IP address is used during Full Disk Encryption installation. Use the PolicyServer FQDN during installation to resolve the issue.

2. The Full Disk Encryption preboot Wi-Fi is unable to automatically detect access points with WEP-Shared security.

   Manually specify WEP-OPEN or WEP-PSK security.

3. The Full Disk Encryption preboot is unable to log on Windows 8, 8.1, or 10 when installed on a virtual machine using VMWare Workstation with the e1000e Ethernet driver.

   The e1000e Ethernet driver is the default driver for Windows 8 and 8.1. Full Disk Encryption does not support the e1000e Ethernet driver.

   To resolve this issue, change the driver to e1000:

   1. Shut down VMWare Workstation.

   2. Using a text editor, open the vmware.vmx file.

   3. Find the driver line:

      ethernet0.virtualDev = "e1000e"

   4. Change "e1000e" to "e1000".

   5. Save the file and restart the virtual machine.

4. Full Disk Encryption displays an error message and is unable to lock the system when the "LockDeviceTimeDelay" policy is 999999 minutes.

5. Full Disk Encryption is unable to log on by single sign-on when the endpoint wakes from hibernation.

6. When a user logs on Full Disk Encryption, the tray icon shows the correct user name. However, if the user logs off after the endpoint hibernates and another user logs on, the user name stills shows the previous user name. No user data is at risk.

7. Toshiba Tecra computers with self-encrypting drives may be unable to run Windows after installing Full Disk Encryption.

8. The Full Disk Encryption preboot does not support combinations of characters with the "AltGr" key when using a Spanish keyboard layout.

9. The Full Disk Encryption preboot is unable to control the Num Lock indicator for some HP laptops. In those cases, the Num Lock indicator can be configured in the BIOS settings.

10. Full Disk Encryption does not support installation alongside other third-party full disk encryption products. If multiple encryption products are installed on the same endpoint, the endpoint may be unable to start Windows and may display a blue screen error message.

11. The Full Disk Encryption Recovery Tool may encounter errors when logging on Zoom by single-sign on, or by using Google or Facebook accounts.

    To avoid this issue, only use Zoom to connect to meetings hosted by Trend Micro support. Do not attempt to host meetings through the Recovery Tool.

12. Full Disk Encryption is unable to install on the HP Probook 6570b and HP EliteBook Folio 9470m, if the boot configuration for these endpoints is set to UEFI. To ensure successful installation, set the boot configuration to BIOS prior to installation.

13. The Full Disk Encryption installer is unable to upgrade older Full Disk Encryption versions on devices where the system disk contains more than 8 extended partitions. To upgrade these devices to the 6.0 version, uninstall the old version first and then perform a clean install instead.

14. Full Disk Encryption may display an inaccurate percentage of completion if the value of the Encrypt Policy setting changes during encryption. To fix this issue, decrypt the whole disk and encrypt it again.

15. Disk conversion from MBR to GPT cannot be performed on a disk managed by Full Disk Encryption. To convert a managed disk from MBR to GPT, decrypt the whole disk first, and then detach the disk from Full Disk Encryption. Afterwards, perform the disk conversion as usual.

16. During preboot, the Wire Network Configuration screen displays the hidden SSID \x00\x00\x00\x00\x00\x00\x00\x00.

17. In rare cases, sectors may become corrupted if the power is cut off while encrypting. To prevent this issue, ensure that the power cord is connected during the initial encryption period of Full Disk Encryption.

18. Multiple device encryption complete messages from the same device appear in the audit log for a period of time. This is because Full Disk Encryption generates an "encryption complete" message to PolicyServer for encrypted disks whenever the Full Disk Encryption service restarts to ensure that the encryption status on server side is up to date.

19. Full Disk Encryption is incompatible with the PLEXTOR PX-128M5 Pro (old firmware). The encryption status of the disk is displayed as (NaN%) when the encryption starts.

20. Full Disk Encryption usually queries DNS suffixes from Windows and applies it in preboot. However, Full Disk Encryption only uses the first DNS suffix found. To minimize issues, ensure that the preferred DNS suffix is set as the first DNS suffix in Windows.

21. Full Disk Encryption may incorrectly mark the network information display of Windows XP VMware images with an (X). However, this is only a display issue. There is no impact on network connectivity.

22. During preboot, the touchpad of an Acer V3-372 ASUS BU400A machine may be unresponsive. To solve this issue, change the touchpad setting in the firmware from Enhanced to Basic, or use an external USB mouse.

23. When deploying Full Disk Encryption using the Endpoint Encryption Deployment Tool Plug-in, the Endpoint Encryption Deployment Tool Plug-in does not display the result of safety check (a new feature of Full Disk Encryption in 6.0). As a workaround, administrators can manually review the safety check result from Control Manager or the Endpoint Encryption MMC console.

24. Full Disk Encryption may encounter issues if installed on an ASUS BU400A machine using a UEFI SED configuration. This causes the firmware to delete the boot entry after the device has booted into Windows, which makes unlocking the self encrypting drive difficult after the device is powered on again. To minimize issues, switch to BIOS with SED configuration, or UEFI with normal disk configuration. If the self encrypting drive cannot be unlocked, administrators may use the recovery tool to unlock the drive after authentication.

25. WiFi SSID settings deployed from Control Manager does not support angle brackets (< >). Remove angle brackets from the WiFi SSID settings.

26. The Full Disk Encryption preboot does not support the network port of the Microsoft Surface Dock. However, the Full Disk Encryption preboot supports the built-in Wi-Fi found on the Surface Pro 3 and Surface Pro 4. To establish a connection to PolicyServer, configure the Full Disk Encryption Preboot to use the built-in Wi-Fi.

27. Installation of Full Disk Encryption may cause the endpoint to require more time to resume from hibernation. On average, time to resume from hibernation may take 80 seconds for BIOS-configured endpoints, and 30 seconds for UEFI-configured endpoints.

28. If the Full Disk Encryption database of a data disk becomes corrupt, the data disk becomes inaccessible in Windows. To resolve this issue, use the Full Disk Encryption recovery tool. The Full Disk Encryption recovery tool reports the disk as "Not an FDE disk", but will still automatically repair the database on the data disk. If the issue persists, contact Trend Micro support for data recovery.

29. Full Disk Encryption is unable to complete installation on Lenovo Think Station P410 endpoints if the boot configuration is set to UEFI. To ensure successful installation, set the boot configuration to BIOS prior to installation.

30. Full Disk Encryption is incompatible with some Dell Optiplex 980 models. To use Full Disk Encryption on these endpoints, install Encryption Management for Microsoft Bitlocker.