Pointsec for PC EW...PC. • The way Pointsec PC groups and user account groups inherit the values...

Revision Tracking Version A

Pointsec for PC 6.3.1 HFA8 – Revision Tracking © Copyright Check Point Software Technologies Ldt., 1997-2009 This document contains information on changes and corrections implemented in previous versions of Pointsec for PC and Pointsec PC. For new functionality, changes, corrections and the latest information on the current release, see the Pointsec PC Release Notes. Contents Pointsec for PC 6 ....................................................................................................................................2

New in Release 6.3.1............................................................................................................. 2 Changes and Corrections in 6.3.1 HFA7 ............................................................................... 2 Changes and Corrections in 6.3.1 HFA6 ............................................................................... 4 Changes and Corrections in 6.3.1 HFA5 ............................................................................... 5 Changes and Corrections in 6.3.1 HFA4 ............................................................................... 7 Changes and Corrections in 6.3.1 HFA3 ............................................................................... 9 Changes and Corrections in 6.3.1 HFA2 ............................................................................. 12 Changes and Corrections in 6.3.1 HFA1 ............................................................................ 13 Changes and Corrections in 6.3.1 ...................................................................................... 17 New in Pointsec PC 6.2 ....................................................................................................... 25 Changes and Corrections in 6.2 HotFix Accumulator 1...................................................... 26 Changes and Corrections in 6.2 HF2................................................................................... 28 Changes and Corrections in 6.2 HF1................................................................................... 29 Changes and Corrections in 6.2 .......................................................................................... 29 New in 6.1.3 ......................................................................................................................... 34 Changes and Corrections in 6.1.3 Hotfix 4 .......................................................................... 34 Changes and Corrections in 6.1.3 Hotfix 3 .......................................................................... 35 Changes and Corrections in 6.1.3 Hotfix 2 .......................................................................... 35 Changes and Corrections in 6.1.3 Hotfix 1 .......................................................................... 36 Changes and Corrections in 6.1.3 ....................................................................................... 37 New in 6.1.2 ......................................................................................................................... 52 Changes and Corrections in 6.1.2 ....................................................................................... 52 Changes and Corrections in 6.1.1 ....................................................................................... 52 Changes and Corrections in 6.1.0 ....................................................................................... 56 New in 6.1.0 ......................................................................................................................... 59 Changes and Corrections in 6.0.1 ....................................................................................... 60 New in 6.0.1 ......................................................................................................................... 61 Changes and Corrections in 6.0.0 ....................................................................................... 61 New in 6.0.0 ......................................................................................................................... 63

1 Pointsec PC EW 6.3.1 HFA8, November 25, 2009


Pointsec for PC 6 This section contains information on changes and corrections made in the previous releases of Pointsec for PC (called Pointsec PC from 6.2 onward).

New in Release 6.3.1 The following new functionality and enhancements are included in Pointsec PC : • This Release Notes covers both the EW version and the MI version of Pointsec

PC. • The way Pointsec PC groups and user account groups inherit the values of

settings has changed, and the way specified values, default values, and effective values work has also changed. See the Administrator’s Guide for more information.

• How updates to the recovery file are triggered, and how Pointsec PC writes recovery files locally and to shares has changed. See the Administrator’s Guide for more information.

Changes and Corrections in 6.3.1 HFA7 The following items were corrected in Pointsec PC 6.3.1 HFA7: ID About Details 455983

Erratic USB-keyboard response in preboot on Dell Optiplex GX620.

On Dell Optiplex GX620 with Bios-version A11,

responses to keystrokes were sometimes delayed, or not registered, or the keystroke was repeated many times.

455972

Token issues on Lenovo X200.

Unable to use USB tokens on Lenovo X200 if

USB in BIOS was disabled but Pointsec PC USB support was enabled. The token worked but Windows was not loaded.

455544

When installing on a Vista machine, a bluescreen (0xED stop error) occurred at the first reboot.

At the first reboot during installation, the machine would bluescreen with a 0xED stop error. The next time the machine booted, the blue screen would not occur.

455235

The Registry value of CompatibleGinas is case sensitive, which caused SSO to fail.

Because the Registry value, CompatibleGinas, and the GinaPath must match exactly (even in regards to upper and lowercase), SSO would fail if the user cut and pasted from Explorer to the registry and there was a mismatch.

455096

Handling of Windows Restore Points when Pointsec PC was upgraded.

Windows (Vista / XP / 2000) were left as is after an upgrade. Now, when an upgrade is completed successfully, all restore points are deleted.

455074

Restore points created prior to Pointsec PC installation could be used.

Using Windows Vista Business (with and without SP1) and Pointsec PC 6.3.1 HFA5, restore points created prior to the Pointsec PC installation could be used.



ID About Details 454816

Authentication required when Windows password changed.

If a group policy forced a user to change password and password synchronzation was enabled, the user would be required to enter the "old" Pointsec PC password.

454723

One-time logon Remote Help error.

When a user account was locked because of too many failed logons and a one-time logon was performed, a ‘User account locked’ window appeared. But the user account would be logged onto Windows after clicking OK on the ‘User account locked window’ and then canceling the Remote Help window.

454423

Multiple certificates on token.

If tokens were initialized and more than one certificate per token was added with "Aladdin eToken PKI Client 4.55.22", logon to Pointsec preboot malfunctions.

This problem did not exist in the earlier Aladdin middleware the "Aladdin eToken Run Time Environment 3.65.26".

454282

When working on remote profiles, a user account that had been removed was still visible in the management console.

After editing a remote profile and removing a user account from a Group-> User Accounts, the user account was still visible in the folder which contained all users in the group.

454177

Logon screen in preboot unreadable.

When using: Pointsec 6.2.0/6.3.1 HFA3 on a HP Compaq dc7700 Small Form Factor with aMatrox P65-MDDAP64F (dual head graphic card), the

preboot logon screen was unreadable. It could be read after turning off ‘hign graphic’, but its performance was slow. When using the internal card (Intel), the preboot logon display and performance was normal.

453993

A unhandled exception occurred in the PCMC.

A unhandled exception occured when changing the values for "Set Max Failed Logons" in the PCMC.

452162

Messages in "New settings added and certain settings reset" will be garbled and symbolized.

After upgrading Pointsec PC (e.g. 6.1.3 to 6.3.1) and opening management console, a "New settings added and certain settings reset" message appears. But the messages in the screen were symbolized and garbled if operating system was Japanese.

428343

Limit of the amount of data that can be stored in pcmc.cfg.

When the amount of data that the PCMC was able to read from/write to pcmc.cfg was exceeded, one could not create any new sets without removing old ones. This issue has been resolved.

421616

Settings in PCMC were not grayed out although they were not editable.

Settings in PCMC were not grayed out although they are not editable. The main folders are greyed out but if you opened one there are three folders that are not grayed out..authentication settings, logon, and Password Sync..the rest are greyed out.



ID About Details 420302

Update Profile based on the local could not be imported (Japanese OS).

On a Japanese operating system, an update profile based on the local settings could not be imported when placed in the work folder on the administrator's machine.

399430

Memory dumps - Not possible to create minidumps successfully.

Windows minidumps would be corrupted when Pointsec PC was installed.

Changes and Corrections in 6.3.1 HFA6 The following items were corrected in Pointsec PC 6.3.1 HFA6: ID About Details 455255 Recovey files corrupt On some machines, both the local recovery file and the

recovery file copied to the share were corrupted when the Pointsec PC system area was full. It was possible to open the recovery file in the "Create Recovery DIsk" application, but it was not possible to create a media.

454969 Boot failed on Dell E6400.

If you installed Pointsec PC on a Dell E6400 with 1GiB RAM, it would not boot up. The system code for the volumes was added, but when it tried to boot the text "Full Disk" was displayed on the screen.

Environment: Dell E6400 with 1GiB RAM, BIOS ver A06, Windows XP.

454849 CentralLog.exe failed to write a log file if the path included a special character.

CentralLog.exe failed to write the log file if the path included a special character. For example, in a Czech Windows XP there is an "i" with acute accent in the general path: "C:\Documents and Settings\All Users\Data aplikaci\Pointsec\Pointsec for PC". This path is put as value in "UsersLocation" in "HKLM\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC" and Pointsec PC CentralLog.exe failed to write the log file there because of this letter.

454697 Expiration date - could not be disabled from group level.

It was not possible to remove the expiration date from the group level for a user. This made it impossible to manage users created from temp users on the group level.

454587 A timeout occurred when booting with PXE from Symantec Livestate Delivery.

A timeout occurred when booting using PXE from Symantec Livestate Delivery.

454524 Pointsec PC’s certificate expiration warning does not work in Windows Vista.

Pointsec PC failed to verify certificates stored on card only, so there was no "Certificate expiration warning" in either preboot or Windows.

454453 Screen saver text in installation profile reset.

The screen saver text in installation profile reset to the default text after the profile was saved.

453920 Token malfunctioned in preboot on a Toshiba Tecra A9.

After installing an Aladdin etoken PRO32k (4.2B) and

Pointsec PC 6.3.1 HFA3 (1328) on a XPSP2 Toshiba Tecra A9, and disabling USB in the BIOS and enabling



ID About Details USB in Pointsec PC, the token would malfunction.

430437 Inconsistent display of 30 Day license nagging dialog and, after the 30 day trial period, the product did not fully uninstall or did not uninstall at all.lll

After installing Pointsec PC with an evaluation license and after exceeding the 30 day limit, a nagging dialog was inconsistently displayed; and the product did not fully uninstall or did not uninstall at all.

424362 Cntrl+Alt+Del issues with WIL and PSSOGINA.

There were issues with Ctrl+Alt+Del when logging into a drive on which WIL was enabled. If the Crtl+Alt+Del option was disabled in group policies, forcing the users to use this when logging into Windows, Pointsec PC would turn it off and go straight to the login banner after 4-5 minutes.

420312 Pointsec 6.x did not comply with Windows Complexity requirements.

Pointsec 6.x is not complying with Windows Complexity requirements, for example, it would

accept the username or full name as part of the password and this caused an issue because it was out of sync with the AD Domain Password since the domain does not accept this.

400021 USB keyboard keypad malfunctioned in preboot.

When using an external USB or PS/2 keyboard, if you entered PBE with Num Lock turned on, the computer would not respond to keystrokes even though Num Lock lamp is turned on. If you pressed the Num Lock key once, the lamp would stay turned on, but keys would start working.

Changes and Corrections in 6.3.1 HFA5 The following items were corrected in Pointsec PC 6.3.1 HFA5: ID About Details 454660 Stop error when a

second hard disk is attached via a MultiBay.

A bluescreen would sometimes occur during the first startup after Pointsec PC installation when a second encrypted hard disk was attached via a MultiBay unit.

454604 Token removal handling.

Certain aspects of token removal handling have been enhanced in Pointsec PC HFA5.

454457 The Administrator’s Guide incorrectly stated that smart cards can be used to authenticate to Remote Help.

The text of the Administrator’s Guide has been updated to the following:

Select the type of authentication used by the account you are using to provide Remote Help:

For a fixed password, select: Password; for a dynamic token, select: Dynamic Token. Helper authentication using smart cards/USB tokens is not supported.

454362 Update profiles not deployed if they contained a Japanese character in the screen saver

Update profiles would not be deployed if they contained a Japanese character in the screen saver text. The profile would disappear from the work folder, and no error was logged in event viewer.



ID About Details text.

454322 The Administrator’s Guide incorrectly stated that "Clients accept only upgrade packages that have been created with their current serial number".

The text in the Administrator’s Guide has been updated, to say:

...

Use the serial number of the local installation

Select this checkbox when you upgrade from 4.x/5.x and the same serial number is used on the local machine and on the clients. See Serial number currently used by clients, below.

....

Serial number currently used by clients

Enter the 4.x/5.x serial number used by the clients in this text box if the serial number used on the local machine is not identical to the serial number used by the clients.

...

4) Select the Use the serial number of the local installation checkbox if you are upgrading from 4.x or 5.x and the serial numbers used on the local machine and on the clients are identical. If the serial number used on the local machine is not identical to the serial number used by the clients, ensure that the Use the serial number of the local installation checkbox is not selected, and then enter the serial number used by the clients in the Serial number currently used by clients field.

454316 Encryption did not start if the last specified recovery path is not accessible.

When multiple recovery paths were specified in the installation profile with which Pointsec PC was installed, and the last recovery path in the list was not accessible, encryption would not start even though the other paths were accessible. A log entry was created, warning that the recovery file creation failed.

454228 Unclear description of the requirement to reenter the Upgrade Validation Password after upgrading.

The text in the Administrator’s Guide has been updated to:

The Update Validation Password Must Be Reentered After Upgrade

The security of the update validation password has been enhanced, and because of this it has a new internal format. This requires that you re-enter the update validation password that was used in the version from which you have just upgraded after upgrading to Pointsec PC 6.2.0 Hotfix Accumulator 1 (HFA1) or later. When you start the PCMC immediately after upgrading, you will be prompted to set the update validation password. You must specify the update validation password that was used in the version from which you have just upgraded because this is the password that the other machines you want to upgrade use to validate profiles. Otherwise, no profiles will be accepted on those machines. After entering this update validation password in the PCMC, you should immediately publish an update profile that contains this password (in its new format).

454153 Recovery/log path was not displayed

Paths are now displayed correctly.



ID About Details correctly when it contained Japanese characters.

454110 When user account name contained the character '@', Remote Help could not be invoked.

If the username of the end user that was attempting to receive the Remote Help contained the character '@', neither one-time logon nor password change functioned. After entering the response, the challenge was displayed as 'invalid'.

454108 The Administrator’s Guide description of the Hardware Hash was incorrect.

The description has been updated in multiple places, for example:

Specifies if a hardware hash derived from, among other things, IDs found in the BIOS and on the CPU will be calculated to ensure that the hard drive has not been tampered with.

454082 Encryption did not start during installation when IgnoreOldInstallation is set to ‘Yes’ in precheck.txt.

When reinstalling on one volume when other volumes are already encrypted, and thus ‘IgnoreOldInstallation’ is set to ‘Yes’ in precheck.txt to enable the reinstallation, encryption did not start.

453989 Unable to complete an upgrade from Pointsec for PC 4.x/5.x to Pointsec PC 6.3.1 HFA2 via a Remote Desktop.

When starting an upgrade from Pointsec for PC 4.x/5.x to Pointsec PC 6.3.1 HFA2 via Remote Desktop, the upgrade fails when trying to write the recovery file.

453725 EventID 1 error issued in System log after installing Pointsec PC 6.3.1 HFA2.

After installing 6.3.1 HFA2, the following error log was created in the system log/Windows event viewer:

‘The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.’

453111 Hard disk slaving caused an initial bluescreen: 0x0000007E.

After installing Pointsec PC 6.3.1 HFA1 on two PCs, enabling slaving of hard disks, and slaving the second PC’s hard disk to the first PC, a prot_2k.sys 0x0000007E bluescreen occurred when logging on to Windows. If the PC was then rebooted the slaved disk was accessible.

452396 Precheck.txt value InitalStartDelay malfunctioned.

The value specified for InitalStartDelay in the precheck.txt file did not trigger the expected delay.

418641 Blue screen occurred when slaving a hard disk.

When slaving a hard disk drive, if you allowed the slaving authentication to time out, you would get a blue screen with the error: STOP: 0x05001545.

Changes and Corrections in 6.3.1 HFA4 This version (HFA4) of the Release Notes applies to build 1352 of Pointsec for PC 6.3.1.



This version of the Release Notes (Pointsec_PC_6.3.1_HFA4_Release_Notes_B.pdf) contains the following changes (compared to the previous version, Pointsec_PC_6.3.1_HFA4_Release_Notes_A.pdf):

• CRs: 00453770, 00451750, 00399981, 00399838, 00399545, 00398321, 00398150 (103369), 00398074 (10259) 9752, and 6693 have been removed because they were fixed in previous releases.

• The section “Tablet PCs That Support Touch-Pen Logon in Preboot” has been added. The following items were corrected in Pointsec PC 6.3.1 HFA4: ID About Details 454109 PC did not reboot

even though the value specified for "Set Max Failed Windows Logon Attempts" was exceeded.

The machine did not reboot when the value specified for the Windows Integrated Logon setting "Set Max Failed Windows Logon Attempts" was exceeded.

453964 Support for the Turkish Q keyboard layout was lacking in the product.

The Turkish Q keyboard layout was previously not supported, but it is now supported in Pointsec PC 6.3.1 HFA4. This is documented in the Administrator’s Guide.

453923 During an upgrade, Pointsec PC failed to retrieve the MI communications key from the Framework.

When Pointsec PC was upgraded, the program attempted to retrieve a new MI communications key; but the new key had not been saved in the Framework so profiles could not be decrypted by the client.

453922 Upgrade could lead to abnormal termination of Pointsec PC.

Upgrading a Pointsec for PC or Pointsec PC 6.x client on which smart card drivers were installed could lead to abnormal termination of the product.

453887 Windows Integrated Logon failed if the Enable Hardware Hash setting was enabled during installation or upgrade.

The Windows Integrated Logon (WIL) function failed if the Enable Hardware Hash setting was enabled during installation or upgrade.

453886 Erroneous OHCI register values could cause Pointsec PC to freeze during preboot.

Lack of a sanity check of OHCI register values in the Pointsec PC preoot environment could cause Pointsec PC to freeze during preboot if the register values contained erroneous values. Pointsec PC now performs a sanity check to ensure that the OHCI registers are correct before proceeding with preboot processing. If the OHCI values are not correct, Pointsec PC will boot the system after disabling the USB functionality.

453591 ‘Decryption completed’ message was issued repeatedly after uninstalling Pointsec PC.

After uninstalling Pointsec PC 6.3.1 HFA1 via Add or Remove Programs, the ‘Decryption Completed’ message was displayed at each subsequent logon to Windows after rebooting the system.

453534 After upgrading to Pointsec PC 6.3.1 HFA2, the Event

After upgrading to Pointsec PC 6.3.1 HFA2, the Event Viewer reported an ‘invalid current state’ in the event viewer logs at every logon and every time the workstation



ID About Details Viewer reported an invalid current state.

was unlocked.

453494 Central log -- Logs for machines with computer names containing ‘.log’ could not be viewed in the PCMC Log Viewer.

If the computer name of the machine on which Pointsec PC was installed contained ‘.log’, for example, computername.login.se, the Log Viewer (PCMC -> Remote -> Set -> Log Viewer) was not able to display the contents of the log. The Log was displayed under the set, but the contents could not be viewed.

452287 When the ‘"Differentiate smart cards based on their serial numbers" setting was enabled, the smart card account would be rejected as an ‘Invalid Logon’ ’in the Pointsec PC preboot environment (PBA).

In the Pointsec PC 6.3.1 HFA2 preboot environment (PBA), a smart card account would be rejected as an ‘Invalid Logon’ when the ‘Differentiate smart cards based on their serial numbers’ setting was enabled.

452113 Some Japanese characters in the PPBE Failure WIL Message were displayed incorrectly.

If Japanese characters are included in the PPBE Failure WIL Message, some of them were displayed incorrectly.

Changes and Corrections in 6.3.1 HFA3 The following items were corrected in Pointsec PC 6.3.1 HFA3: ID About Details 453353 Token removal

handling failed intermittently.

Token removal handling was not consistent. When unplugging an Aladdin Etoken PRO 32K, the workstation was not locked if the etoken was ejected within less than a minute after its insertion.

453083 HP Compaq 6910p blue screened intermittently in preboot.

An unrecoverable error occurred intermittently in preboot on HP Compaq 6910p Notebook laptops.

452953 Unable to tab the cursor to ‘Show Log’ in the preboot environment.

After passing preboot authentication, user was unable to tab to 'Show Logs'.

452786 Windows Logon User Interface Host crashed upon eToken PRO logon.

An application error occurred, terminating Windows Logon User Interface Host when using PKI Client v4.55 for eToken PRO 32k and Aladdin eToken PRO 32K drivers.

452774 A "Missing" error was displayed in the single sign-on (SSO) dialog.

When choosing a language that is not a Legacy language and logging in with a user (SSO enabled) you would get a "Missing" error in the SSO dialog instead of the translated text.

452684 The “slash” special character (/) on the

If you used de-DE/sv-SE in PBE and typed the a slash (/) on the numeric keyboard, you got a dash (-). If you enable



ID About Details numeric keyboard did not work properly.

NumLock, you got an underscore (_).

452682 Characters were missing in the French keyboard in preboot.

Various characters were missing from the French keyboard layout in preboot, and the keys of the virtual keyboard were empty.

452675 Caps Lock was not available with Japanese keyboard in PBA.

When Japanese keyboard was specified in PBA, the user could not activate "Caps Lock".

452665 Removing a user failed to trigger the writing of a new recovery file.

Deleting a user would fail to trigger the writing of a new recovery file even though the user had been deleted from the machine.

452653 Use of tab key in WebRH Challenge/Response not obvious.

Some customers were confused by the use of the tab key during the challenge/response interaction when receiving remote help.

452629 AES algorithm was used instead of Blowfish.

The AES algorithm was used for encryption when Blowfish had been specified in a silent installation profile and an algorithm-specific license was used..

452563 Error issued when installing the MSRC.MSI or InstallRRU.msi before the Pointsec PC installation had completed.

An error was issued if the MSRC.MSI or InstallRRU.msi files were installed before the Pointsec PC installation had completed with a restart of the computer after the Pointsec PC installation.

452558 Unable to change/set Windows XP welcome screen after Pointsec PC had been uninstalled.

After Pointsec PC 6.1.3 was uninstalled, the error message was displayed while trying to change setting in : Control Panel -> User Accounts -> Change the way users log on or off]

Error Message: ‘A recently installed program has disabled the welcome screen and fast user switching. To restore these features, you must uninstall the program. The Following file name might help you identify the program that made the change: msgina.dll’.

452529 License handling - Some Pointsec for PC 4.x license numbers were not accepted in 6.x upgrade profiles.

Customers were prevented from using their Pointsec for PC 4x license numbers in upgrade profiles.

452360 The ‘Disable expire date’ checkbox did not work if the user account had expired.

Once a user account had expired, it was not possible to disable the expiration date by selecting the ‘Disable expire date’ checkbox.

452359 Not possible to disable expire date from group level.

It was not possible to remove the expiration date of a user account at the group level. This would have made it impossible to manage users created from temp users on the group level.



ID About Details

452358 An expired account behaved inconsistently in Windows.

If you provided remote help to an expired account, the account had access to Windows, but after Windows logon a dialog was displayed saying that the account has expired and the account was logged out of Windows after a couple of seconds or after several minutes. In addition, if you clicked OK on the ‘Your account has expired’ dialog, you would still be able to logon to the machine to work for several minutes (perhaps hours) before the dialog appeared again.

452336 An old password was accepted after the first authentication.

If case sensitivity was set to 'No' for a user group, and a new user account was created and the ‘Force change of password at next logon’ box was selected, the password that was initially used could be used at the next logon.

452305 PPBE did not respond immediately to space key input.

In the preboot authentication when entering a user account name that contains a space character, PPBE did not respond immediately to the space keystroke. It seemed as if nothing occurred. However, when you press another key, the stored space character was displayed.

452275 'Set Temporary Lockout Time' became '2147483647' in a converted installation profile.

When installing Pointsec PC 6.3.1 with a converted installation profile created in Pointsec PC 6.1.3, even though 'Set Temporary Lockout Time' was set to 'Disabled' in the original profile, the temporary lockout time was set to '2147483647' after conversion.

452268 Slaving of a hard disk drive was allowed when the Allow Hard Drive To Be Slaved setting was set to ‘No’.

A hard disk drive encrypted with Blowfish could be slaved on an AES-encrypted machine and accessed without the Allow Hard Drive To Be Slaved setting being set to Yes.

452156 An update profile based on an installation profile was not imported.

An update profile based on an installation profile was not imported from the Work folder. No log entry was produced.

452081 The word "Credentials" was misspelled in the PCMC.

The word "Credentials" was misspelled in the PCMC’s ‘Change credentials’ dialog.

452005 Unable to use the keyboard or mouse in PBE on an Acer TravelMate 6410.

Customers were unable to use the keyboard or mouse in PBE when turning USB = ON in Pointsec PC. No options were available in the BIOS for ‘USB legacy support’.

451712 HP 6220 smart card reader not working.

The smart card reader built into the HP 6220 did not work when either PCMCIA was enable or when it was disabled.

451701 SSO fails on Vista when using the ‘@’ character in the Vista username.

SSO failed on Vista when using the ‘@’character in the Vista username. The operating system seemed to loop.



ID About Details 451608 The volume

protection information was missing from an installation profile based on an update profile.

The volume protection information was missing from an installation profile based on an update profile. If the profile was saved, no warning was displayed about volume protection not being set, and if this profile was used to install, it failed with the error: 'Disk Configuration not Supported'.

416025 Centrallog.exe crashed intermittently.

The Centrallog.exe crashed intermittently, and the crash led to corruption of the database after the next reboot.

408057 Windows Integrated Logon did not shut down the machine in a timely manner.

Windows Integrated Logon did not shut down the machine in a timely manner: after a failed logon, the machine would hang if the message box was not acknowledged. Nor would it reboot immediately.

407825 Problem booting from Bart PE.

When using Bart’s PE with a new filter driver for Pointsec PC 6.3.1.and booting directly to the Bart disk, the machine would blue screen.

400068 An unhandled exception would occur when creating a new profile.

An unhandled exception would occur when creating a new profile, immediately after configuring a new set and clicking ‘Finish’.

399604 The encryption status text in Japanese was confusing when booting from a recovery disk.

The encryption status in Japanese was confusing when booting from a recovery disk. This was an error in the translation from the English.

399343 An USBSTOR error, Event ID 6, was logged in the Windows event viewer (system log) every time a user inserted a USB memory stick.

An USBSTOR error, Event ID 6, was logged in the Windows event viewer (system log) every time the user inserted a USB memory stick on a Pointsec PC-protected system.

396303 The Windows event log settings could not be changed or saved due to missing registry entries.

The Windows event log settings could not be changed or saved because all the registry entries that are required for the Windows event log to work properly were not created.

N/A Deploying Pointsec PC 6.x with a software deployment tool that installs under the local machine’s system context

When deploying Pointsec PC 6.x with a software deployment tool that installs under the local machine’s system context, a problem could occur when executing the CheckProfile custom action. The problem was specific to XP SP2 because certain changes to DCOM permissions were introduced with XP SP2. The problem was caused by an InstallShield InstallDriver account that was set to run as the interactive user rather than as the launching user.

Changes and Corrections in 6.3.1 HFA2 The following items were corrected in Pointsec PC 6.3.1 HFA2: ID About Details



ID About Details 452773 SSO credentials not

cleared after 4 min. When using a Windows legal notice functionality or third-party application at logon, the SSO session was not cleared if halted during a process longer than 4 min. This has now been corrected.

452772 Possible for remote desktop session to use SSO session (Vista).

When connecting to a Windows Vista Client with SSO in progress, you were able to logon with SSO credentials via remote desktop. This has been corrected so that a remote desktop must use the normal Windows authentication.

Changes and Corrections in 6.3.1 HFA1 The following items were corrected in Pointsec PC 6.3.1 HFA1: ID About Details 452256 Upgrade from Pointsec

5.x to 6.2 HFA1 freezes prior to completion.

The following scenario will produce the problem:

1. Before applying the upgrade package make sure that HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> "GinaDLL" is set to something other than pssogina.dll, for example, msgina.dll

2. Start the upgrade from Pointsec 5.x to 6.2 HFA1 (set UpdateSSO=0 in precheck.txt in the 6.2 package).

3. During upgrade, Pointsec PC will freeze.

Customer environment:

- Pointsec PC 5.x

- McAfee HIP (Host Intrusion Prevention). McAfee suite to prevent access to McAfee registry keys.

452232 Certain special characters do not work in the preboot environment with Canadian English language.

When the PC is set to English Canada language, you are not able to use some of the special characters in preboot. If you try to type them, it will not show the character you are typing. The following characters do not work {}",/<>=?@

If you use the Virtual keyboard with the en-CA setting, (English Canada) instead of a physical keyboard, the following characters are available and can be used ",/<>=?

The same issues is found with DE-AU (German Austrian) keyboards.

452198 Password history is case insensitive.

Environment: The 'Password History' setting is set to greater than 1, and password is set to be case sensitive.

When the user changes the password to something which is only a change of case from the previous password (for example, 'passWORD' => 'PASSword'), it is not accepted. It seems to be recognized as an existing password in the password history. However password is set to be case sensitive so it should be treated as a brand new password.

The following text has been added to the Administrator’s Guide: Pointsec PC’s Password History function does not consider case sensitivity when assessing password uniqueness. Thus, if you change a password that is recorded in Password History by changing only the case of one or more of its letters, it will not be accepted as unique,



ID About Details and therefore that altered password will not be allowed.

452191 Customer name found in PTD.INF file.

The customer name is erroneously found in a Pointsec PC token driver file, PTD.INF.

452173 Installing Pointsec PC 6.3.1 on a Dell XT Tablet fails.

When installing Pointsec PC 6.3.1 on a Dell XT Tablet, the installation stalls when installing the system code.

452163 Invalid Profile causes exceptions in PCMC.

An install profile causes problems after install.


1) Install version 6.3.1 with a profile that has an erroneous “Set Max Failed Logons” value.

2) In Windows, start PCMC and go to Local.

3) You will receive a error.

4) Press OK and you will get access to the Local settings but both buttons on bottom right are blank.

452011 It is possible to find the encryption key in RAM after system shutdown (if done within x minutes.).

Data in DRAM actually fades out gradually over a period of seconds to minutes after the system shuts down. This enables an attacker to read the full contents of memory by cutting off power and then rebooting into a malicious operating system. When the memory content has been dumped, it can be analyzed; and by using a known algorithm it is possible to find the expanded partition key in memory. When a probable key is found, it could be used to try to decrypt a sector from the encrypted disk, and since this can be automated with a tool there is a high risk that the correct encryption key can be found.

451958 Driver may overrun memory at startup.

When the system boots (from scratch or from hibernation), the driver may be interacting with memory which is not within the driver’s scope. This can cause unexpected behavior such as a stop error (BSOD).

451815 SideBySide errors are listed in the event viewer during installation.

SideBySide errors appear in the event viewer during Pointsec PC installation. They are caused by a Microsoft Visual Studio Manifest bug. Workaround: install the latest Visual Studio Service Pack on the client machine before installing Pointsec PC.

451555 If USB is enabled in Pointsec PC, the computer will hang after the Pointsec PC progress bar is displayed.

If USB is enabled in Pointsec, the computer will hang after Pointsec progress bar is displayed. Even if USB legacy support is disabled in the BIOS, it will still hang with a black screen after the Pointsec PC progress bar is displayed.


1. Install Pointsec PC 6.2 HFA1 with smart card drivers (set USB to Yes).

2. Reboot, then get the Pointsec PC system code installation, then do a second reboot.

3. The progress bar will appear and load.

4. After it is loaded, it will halt with a black screen.

Environment:

Toshiba Tecra M9, but the problem has also been reported on other Toshiba models such as the A200 and the A8.



ID About Details Pointsec PC 6.2 HFA1

451499 Remote Help (RH) challenge code becomes <invalid>.

If the name of a Remote Help (RH) helper account is identical to one of the group names, the challenge code becomes <invalid>.

Example 1:

System Group :SYSTEM

User account 1 : SYSTEM (helper account)

User account 2 : ADMIN

User Group: USER

User account 1 : POINTSEC (RH recipient) --> challenge code becomes <invalid>

Example 2:

System Group :SYSTEM

User account 1 : USER (helper account)

User account 2 : ADMIN

User Group: USER

User account 1 : POINTSEC (RH recipient ) --> challenge code becomes <invalid>

NOTE: This problem occurs only when the group name is all in uppercase. If the group name is "System" or "User", RH works.

451427 Prevent duplicate GUIDs when saving profiles.

It is possible to create two (or more) users with the same GUID when creating profiles. This is now prevented in the “sanity check” dialog prior to writing the profile to disk.

399939 AcvtivIdentity ActivKey V2 is not recognized in PBA.


1. Install the elements listed below, and ensure that the smart card is recognized in Windows and in Pointsec PC.

2. Define a smart card user account and choose the certificate.

3. Reboot with the smart card inserted.

4. There is no PIN dialog; the smart card does not work in PBA.

Environment:

XPSP2

ActivClient_5.4_bn457

ActivIdentity Device Installer 2.1 x86 (BN 12)

Pointsec PC 6.2.0 HFA1 (1226)

Smart card:

ActivIdentity ActivKey V2

Axalto Cyberflex Access 64K V1 SM 2.1

Pointsec PC drivers installed:



ID About Details Ac_p11.bin

ActivKey.bin

399707 The “Smart Card Triggers Windows SSO logon” setting fails to work.

The “Smart Card Triggers Windows SSO logon” setting does not work. Enabling the setting should trigger SSO for the smart card user account, but it does not.


1. Install Pointsec PC 6.2 HFA1.

2. Create a smart card account and confirm that it works.

3. Enable the "Smart Card Triggers Windows SSO logon" setting for the smart card user account.

4. Reboot the machine. When logging on to Windows, the user will be asked to enter account/password. SSO does not work.

399093 Upgrade from Pointsec for PC 4.x not aborted when the MSI is executed manually.

Upgrade from 4.x/5.x is normally performed via the 4.x/5.x upgrade functionality. In this case the upgrade is triggered by storing an upgrade package in the work folder/software update folder on an installation.

It should not be possible to perform an upgrade by executing the Pointsec PC MSI package (which is part of upgrade packages) manually. When this is done on a 5.x installation, the upgrade is aborted with an MSI error dialogue. However, on a 4.x installation the upgrade progresses quite far (at least if an upgrade profile is available), for example, the upgrade fails during the recovery file handling.

398155 (10341)

USB keyboards do not work when “Legacy USB Support” is enabled on Hewlett Packard Compaq dc7700 Small Form Factor PCs.

When “Legacy USB Support” is active in the BIOS on a Hewlett Packard Compaq dc7700 Small Form Factor PC, USB keyboards do not work.

Workaround: (1) Disable USB Legacy Support in the BIOS, or (2) use a PS/2 keyboard, or (3) connect a USB keyboard and a PS/2 keyboard (and both will work).

398122 'Record New Credentials' dialog box is not displayed when SSO is re-enabled.

When SSO is disabled and then enabled again, a 'Record New Credentials' dialog box should be displayed. But under Windows Vista it is not displayed.


1. Install P4PC 6.2 on Windows Vista.

2. Enable SSO for a user account.

3. Restart the PC, and login as the user account with SSO box selected.

4. At Windows startup, the SSO welcome screen is displayed.

5. After logging onto Windows, restart the PC.

6. Login at PBA as the same user, account but this time with the SSO box cleared.

7. After logging into Windows, restart the PC.

8. Login as the same user account, selectng the SSO



ID About Details check box again to re-enable SSO.

9. The 'Record New Credentials' dialog box should be displayed, but it is not. The- user account is logged onto Windows directly.

380812 Logs are one hour behind in PCMC.

When viewing logs in management console (PCMC), the logs are incorrectly an hour behind the correct time. But if the logs are exported to a CSV file they are correct.

Changes and Corrections in 6.3.1 The following items were corrected in Pointsec PC 6.3.1: ID About Details 399639 SSO chain is lost while

logging on in NOVELL in offline mode.

When a user attempts to use SSO functionality in offline mode in NOVELL, the entire SSO chain is lost. First, the user receives verification that the SSO chain is working while connected to NOVELL. But if a user then unplugs the network cable and tries to log on in offline mode, the SSO chain is lost for the online mode, and SSO does not work at all in offline mode.

The scenario that produces the error is:

1. Install Novell 4.90 SP2.

2. Install Pointsec for PC 6.2 HFA1.

3. Enable SSO and set 'Synchronize Windows Password' to Yes.

4. Verify that you have a working SSO chain when the network cable is plugged in.

5. While in Windows and connected to Novell, press Ctrl+Alt+Delete and change the password.

6. Shut down the computer.

7. Unplug the network cable.

8. Start the computer, enter credentials in Pointsec, and verify that SSO is selected.

9. The system halts at the NOVELL log on; choose to log on with a local account.

10. A Pointsec message appears prompting for 'Enter Pointsec password to Sync with Windows password'.

11. Enter the password.

12. Windows loads, and the SSO chain should be saved (but no message confirming this is displayed).

13. Restart the computer, and log on to Pointsec.

14. The system now halts at the NOVELL log on, thus SSO is not working. The same is true if you plug in the network cable and reboot, the SSO chain has been lost.



ID About Details 399570 (see 399566)

The "Don't show this message again" checkbox in the PPBE WIL message dialog box is active even when it has not been checked.

If the user enables the "Bypass PPBE WIL Message" setting in the PCMC, the PPBE WIL message dialog will not be displayed during the next PBA even if the user has not selected the "Don't show this message again" checkbox in the PPBE WIL message dialog box during the previous preboot authentication (PBA).

399566 (see 399570)

PPBE Failure WIL Message continues to be displayed.


1. Set the following.

Windows Integrated Logon: "Enabled".

Set PPBE Failure WIL Message to: "Test!".

Enable Network Locational Awareness: "Yes".

Set Network Locations: "with an IP".

2. Reboot the PC and see that WIL is working.

3. Disconnect the PC from the network.

4. Reboot the PC --> After Windows authentication, PC shut down.

6. Reboot the PC

7. PPBE Failure WIL Message is displayed at PBA --> Login.

8. Check that WIL is disabled and reboot the PC.

9. PPBE Failure WIL Message continues to be displayed.

399565 Intermittent Error code 0x5001400 leading up to tray-crash.

Intermittently after Windows authentication, the customer gets an error message, code 0x5001400, and the P95Tray crashes right after that.

In the Windows Event Viewer, there is only one error logged:

plantage de P95tray : (French)

> Faulting application P95tray.exe, version 6.0.2.1207 faulting module

> [...] fault address 0x0004F485.

399554 WIL - One-time logon does not enable WIL.

The "Enable WIL" switch does not work with one-time logon.


1) Set "Max failed logon attempts" to 5.

2) Fail to login to Windows 5 times (the computer will shutdown).

3) Boot up machine, PPBA will be enabled.

4) Select the "Enable WIL" switch; then provide one-time logon remote help to the user.



ID About Details Outcome: WIL will still be disabled after next reboot.

399510 If changing UVP after upgrade to HFA1, profiles are not accepted.


if you upgrade 2 machines having the same UVP, to HFA1, open up the PCMC, you are then prompted to set your UVP.

If you set the UVP to a NEW password, and don't reuse the old UVP, the profiles created will not be accepted.

Machine A and B are installed with same UVP

Machine A and B are upgraded from 6.1.3 to 6.2 HFA1.

PCMC is opened on machine A.

Admin gets prompted to set a UVP.

If the password is a brand new one, machine B will not accept the update profiles from machine A.

Machine B will only accept profiles from machine A if the UVP is set to the 6.1.3 UVP...

399463 Slow keyboard in PreBoot Authentication.

Keyboard response is slow in PreBoot Authentication, and this results in the user entering the wrong credentials.

This problem has been reported as occurring on the following computers:

- OEM / Manufacturer: Dell

- Model: D620

- Processor: Intel Centrino Duo T2400 @1.83GHz

- Graphics: Nvidia Quadro NVS 110M

- Memory: 2048 MB

- BIOS Version: A08

and

IBM/Lenovo T40.

399409 Pointsec PC installation failure on Sony Vaio.

On certain hardware, it has been found that, after installation of Pointsec PC, the system can crash during Vista’s start sequence.

The unrecoverable error occurs:

1. On the first reboot after Pointsec PC installation, or

2. After several (less than 10) reboots after Pointsec PC installation, or

3. On the 6th reboot after Pointsec PC finishes encrypting the HDD 100%.

Environment:

Hardware model: SONY VGZ-SZ94NS and SONY VGZ-SZ93NS



ID About Details Number of disk: 1

Number of partition: 1

OS: Windows Vista

Timing of error: while Windows is loading.

399307 The Windows Screen Saver Timeout setting is enforced although it is set to “disabled” in management console (PCMC).

This issue seems to occur only in Windows XP. It does not occur in Windows Vista.


1. Install P4PC.

2. Set 'Allow Windows Screen Saver' to Yes in the Local settings.

3. Check that by default, Set Screen Saver Timeout is set to 10 minutes for the logged in user.

4. Select 'Disabled' in the check box in the 'Set Screen Saver Timeout' window, in order to disable the timeout setting.

5. In Windows, change screen saver to 'Windows XP' and set the timeout to 9 minutes.

6. Reboot the PC.

7. Even though Set Screen Saver Timeout setting is disabled, 'Windows XP' screen saver timeout is reset to 10 minutes.

399147 Converting a temporary user account to a normal user account whose name consists of only a single space.

When converting a temporary account to a normal account, the new user account name can consist of only a single space character, even though a space is not one of the special characters that is allowed. This user account that is created is unable to receive remote help.


1. Install 6.2 HFA1 and create a temporary account.

2. Login as the temporary account, and when prompted for a new username set it as a single space character (space is not visible on the screen, but it is accepted).

3. From next reboot, logging in as this user is possible if a single space is entered in the username filed.

399075 Changing 'Name and Authentication' of an upgraded legacy account causes an unhandled exception.

A customer has P4PC 5.2.3 installed on their client PCs, and they are trying to upgrade to version 6.2. They want to control individual legacy user accounts in PCMC after the upgrade. And they want to deploy an update profile that changes the authentication method of an upgraded legacy account.

The scenario that produces the problem is:

1. Create an upgrade profile in 6.2 PCMC.

2. In this upgrade profile, add a legacy account giving it the same account name as the v5.2.3 user account. Set upgrade action as 'upgrade'.

3. Create an update profile based on this upgrade profile.



ID About Details 4. Right-click on the legacy account, and choose 'Name and Authentication' in order to change authentication method.

5. Unhandled exception occurs.

6. Therefore it is not possible to change the authentication method of an upgrade legacy account using an update profile.

398985 The Management Console (PCMC) displays English, even though "operating system" is selected on Japanese OS.


1 Install Pointsec PC 6.2 on a Japanese Windows XP machine.

2 Select "Operating System" as language (it is selected by default).

3 Open the Management Console, and all menus are in English.

Environment info:

VMware workstation 6.0.0

Windows XP SP2 Japanese.

398299 Token removal and Novell client issue.

Description:

A token user is logged on with SSO from preboot and Lock computer is selected under Token Removal Handling .

When the token is removed from the computer, two lock screens appear. Pointsec PC’s and Novell’s. The active window changes 10 times a second so it is difficult to enter the token PIN.

The scenario that produces the error is

-Install Pointsec 6.2 and Novell Client 4.91 SP3.

-Setup a token user that uses SSO.

-Enable Token Removal Handling and choose “lock computer when token is removed”.

-Remove the token.

- Now two lock screens appear.

Environment info:

Windows XP SP2

Alladin E-Token 32

Novell Client 4.91 SP3.

398279 P95tray.exe error when enable export of status to file in Install settings on Win2k.


Enable export of status to file in the Install settings, (the user has administrator privilege to the log path).

At the next reboot, an application error message is displayed immediately after desktop is displayed.



ID About Details The status file is not created.

(The above scenario works fine with Windows XP and Vista.)

Environment info:

Pointsec PC 6.2

Windows 2000 SP4 Japanese + UR1.

398269 Memory leak. The psutil.dll leaks memory when logs are fetched.

398165 PC does not shut down by WIL (Windows Integrated Logon) when a user exceeds the max failed logon attempts if this value is set to 1 or to 255.

When WIL'S Max Failed Logon Attempts is set to the value 1 or to 255, the machine will not shut down when user exceeds the specified maximum number of logon attempts.


1 Enable WIL.

2 Set "Set Max Failed Windows Logon Attempts" to 1.

3 Try to fail 2 times when logging on to Windows.

4 Machine will not shut down.

This issue ONLY occurs when the value is set as 1 or 255.

Environment info:

Windows XP SP2 Japanese version

[Japan support] NEC VERSAPRO VJ17F/RF-X

[Partner's environment] Hitach ILIOS F8000II.

398160 PC does not reboot when the WIL Max Windows Logon Attempts limit is exceeded after resuming from hibernation.


1. Install Pointsec PC 6.2

2. Wait until all volumes are fully encrypted.

3. Open the PCMC and enable WIL.

4. Reboot the machine. Confirm that WIL works.

5. Hibernate the machine.

6. Turn on the machine again to resume the OS.

7. Keep trying to fail when logging on Windows. It will not reboot or shutdown even if it exceeds the limit for Windows Logon Attempts (default is 5).

Environment info:

Windows XP SP2 Japanese

NEC versapro VF17F/RF-X.

398107 'Helper Challenge' field is not cleared by Refresh button.

In the Pointsec PC 6.2 Management Console Remote Help window:

If the helper uses a dynamic token to authenticate, the



ID About Details 'Helper Challenge' and 'Helper Response' fields are displayed in 'Step Three'.

The value in 'Helper Challenge' field is not cleared when the Refresh button is clicked.

All other fields are correctly cleared when navigating to and from other tabs and when the Refresh button is clicked.

Environment info:

VMware Workstation 6.0

Windows XP SP2.

398052 Click “Create Recovery Media” in the Set Information window triggers an unhandled exception message.

If you click “Create Recovery Media” in the Set Information window, you will get unhandled exception message. You can continue or close the application from this dialog.

398028 Japanese characters in the PPBE WIL failure message are not displayed correctly.

Japanese characters in the specified WIL message are not displayed correctly.

The following scenario reproduces the problem:

1 Open the PCMC.

2 Navigate to Local > System Settings > Windows Integrated Logon.

3 Edit the Set PPBE Failure WIL message, entering Japanese characters.

4 Click OK and close PCMC.

5 Open PCMC and navigate to the same setting again.

6 The characters in the Japanese WIL message are not displayed correctly.

Environment info:

VMware workstation 6.0.0 build-45731

Windows XP SP2 Japanese version.



ID About Details 397990 After updating a

temporary smart card account with the relevant smart card and certificate, the user cannot log on.

After a temporary smart card user has updated the account in Windows using his/her smart card and certificate, that user is no longer able to log on.

The following scenario produced the error:

1. Create temp smart card user.

2. Logon in PPBE using temp smart card user.

3. Change credentials and get the confirmation that the certificate has been updated.

4. Reboot and try to log on in Pre-boot.

5. Depending on the card you get "invalid logon" or "trouble accessing the card".

Works fine for normal smart card users.

Environment info:

Pointsec PC 6.2.01108 & 6.3.1.1211 Windows XP SP1

Oberthur 5.2/AuthentIC Manager 2.8.0.0

Aladdin eToken Pro 32-bit/CRT 3.65.

397892 Upgrading from an Upgrade Path fails intermittently when using a service start account.

When upgrading Pointsec PC 6.2 to Pointsec PC 6.3.1 from a share specified in the Upgrade path, the upgrade fails intermittently when using a service start account.

397836 Legacy user accounts with the authority level Admin are not removed during upgrade from 4.x/5.x.

If inline editing is used to set the parameter Upgrade Action to Remove in the PCMC, legacy user accounts with the authority level Admin are upgraded instead of being removed.

The problem is caused by errors in the language files for the PCMC.

Note: legacy user accounts with the authority levels Sysadmin and User are not affected by this issue.

The following three workarounds are available:

1. Double click on the parameter Upgrade Action and select Remove in the dialog that is displayed.

When the dialog is closed, the value will be displayed as Ignored. However, the actual value set in the profile will remove the user accounts during upgrade.

2. Use French in the PCMC. This works because the issue is not present in the French language files.

3. Use an update profile to remove the legacy user accounts that have the authority level Admin after the upgrade.



ID About Details 397778 Cannot open a 6.0.0

profile in 6.2. A Pointsec for PC 6.0.0 profile cannot be opened in Pointsec PC 6.2. But Pointsec for PC 6.1.1, 6.1.2, and 6.1.3 profiles can all be opened in Pointsec PC 6.2.

Workaround: open the 6.0.0 profile in Pointsec for PC 6.1.1, 6.1.2, or 6.1.3, save it; and then open it in Pointsec 6.2.

397766 ‘Windows Integrated Logon’ does not work together with ‘Hardware Hash’ on certain machines.

‘Windows Integrated Logon’ does not work together with ‘Hardware Hash’ on IBM T60 or IBM T42 computers.

397325 Pointsec crashes when installing on a computer which has multiple HDDs of different types.

Pointsec does not support multiple HDDs of different drive types (ex. IDE + SCSI).

Pointsec for PC crashes (Error code:0x5000d2d) at the initial reboot after P4PC 6.1.3FH1 installation on a machine with multiple HDDs of different drive types (for example,. IDE and SCSI). Without the SCSI, Installation and Encryption complete without a problem.

Environment:

Machine: Built-in IDE disk and SCSI HDD (connected with SCSI board)

Drives

C: Boot protect only?@(IDE)

D: Boot protect and Encryption (IDE)

E: Boot protect and Encryption (SCSI)

Machine: Built-in IDE disk and SCSI HDD (connected with SCSI board).

395533 (7677)

Wake on LAN does not work on NEC VersaPro VJ17.


9364 Only a maximum total of 10 volumes can be protected by Pointsec for PC.

Currently only a maximum of ten volumes can protected with Pointsec for PC.

7677 (395533)



New in Pointsec PC 6.2 The following new functionality and enhancements are included in Pointsec PC 6.2. For more information on the new functionality, please refer to the Administrator’s Guide. • Upgrade from Pointsec for PC 4.x & Pointsec for PC 5.x

o It is now possible to upgrade from versions 4.x.x and 5.x.x to Pointsec PC 6.2.0. • Extended operating system support. Pointsec PC 6.2.0 supports the following operating

systems: o Microsoft Vista 32-bit support



o Microsoft Windows XP tablet edition o Microsoft Windows Server 2003 (on workstation hardware only).

• Support for virtual keyboard in PPBE o Authentication to the Pointsec PC preboot environment is now possible by means

of a pointing device. • Token removal and re-insertion handling

o It is now possible to configure Pointsec PC actions to be taken if a smart card is removed by the user.

• Token and certificate uniqueness handling o Pointsec PC can differentiate between Aladdin E-tokens even if the certificate on

the tokens is identical. • Log protection with authentication

o The option to enforce password authentication to view logs now exists. • Pointsec Service account

o It is now possible to configure a Pointsec Service start account from within PCMC.

• Password synchronization (both ways) o Password synchronization now works in both directions.

Windows to Pointsec PC preboot Pointsec PC preboot to Windows.

• System setting password policy o Password policy for passwords used on system level (i.e Update Validation

Password) implemented. • Group Authority Level

o Group Authority Level allows you to control what settings/permissions are granted to a group and the users bellowing to that group.

• Windows Integrated Logon Tampering awareness o Pointsec PC can now be configured to require preboot authentication if hardware

changes on a system running Windows Integrated Logon are detected. • Windows Integrated Logon Localization awareness

o Pointsec PC can now be configured to require preboot authentication based on available IP addresses.

• New localized languages o Polish, Thai, and Hungarian are now available in the Pointsec PC preboot

authentication. • Key Import

o It is now possible to import seed for the creation of partition keys. • Certificate creation tool

o Pointsec PC self-signed certificate capability is now available. • Improved set configuration management

o Improved usability in connection with set configuration. • Pointsec PC supports using the Tablet PC pen in preboot on the following systems:

o IBM X41 o HP TC 1100 o HP TC 4200 o Toshiba Portégé M200.

Changes and Corrections in 6.2 HotFix Accumulator 1 The following items have been corrected in Pointsec PC 6.2 HotFix Accumulator 1:



ID About Details 10619 P95_tray.exe can

crash in Win 2000 After installing Pointsec PC 6.2 using a profile, the P95_tray.exe will crash in Windows.

10430 Machine randomly crashes when PME, McAfee software, and Pointsec PC are installed on the same system.

When PME, McAfee software, and Pointsec PC are installed on the same system, the machine randomly crashes with Blue screen 0x00000024.

10429 Temporary smart card user is not able to logon after associating with a certificate.

When the setting Token Insertion/Removal Handling is enabled, the following happens: a temporary smart card user logs on in PPBE, changes credentials, and receives confirmation that the certificate has been updated. But when the user reboots attempts to logon in PPBE, depending on the smart card used, logon fails; and the user receives “Invalid logon” or “Trouble accessing the card” messages.

10428 Double-byte characters in a temporary user default username cause a crash when installing.

If P4PC is installed with a user whose Window username contains double-byte characters characters, Pointsec PC can crash during the Temporary user conversion process.

10427 Usernames that contain a space character cause an unhandled exception in the PCMC.

If you upgrade from an earlier P4PC version and have users whose usernames contain one or more space characters, an unhandled exception occurs if you try to editing name and authentication for these users in the PCMC.

10426 Group settings and user settings could be changed even without the required permissions being specified.

A user with Create User Accounts or Create Group permission could change even other user account and group settings.

10425 Checkpoint start kit license was not working

Start kit license was not working with Pointsec PC 6.2.

10424 Smart card differentiation does not work with temp smart card users

Smart card differentiation does not work when creating temporary smart card users.

10423 An upgrade from Pointsec for PC 6.x to 6.2 fails with critical system error.

A critical system error occurs and renders the PC unbootable, when P4PC 6.1.3 HF4 is upgraded to 6.2 in a Windows 2000 environment.

Now upgrade requirements (for example, UR1 for Windows 2000) are checked before the Windows files are upgraded, and, if any checks fail, the upgrade is aborted.

10422 Uninstallation is possible with only one account and one eToken

In P4PC 6.2, uninstallation is possible with only one system administrator's account if a smart card is inserted.

10421 Upgrade from 6.x version crashes with 27 or more groups

The MSI crashes during upgrade when the PPBE files are upgraded. This happens only if the sum of all groups and



and user accounts. users is or has been larger than 27.

10405 During upgrade to 6.2, PME stops functioning.

When an upgrade from Pointsec Pc 5.x to 6.2 is performed, PME stops working.

Changes and Corrections in 6.2 HF2 The following items have been corrected in Pointsec PC 6.2 HF2: ID About Details 399385 Pointsec PC

installation failure on Sony Vaio.

On certain hardware, it has been found that, after installation of Pointsec PC, the system can crash during Vista’s start sequence.

The unrecoverable error occurs:

1. On the first reboot after Pointsec PC installation, or

2. After several (less than 10) reboots after Pointsec PC installation, or

3. On the 6th reboot after Pointsec PC finishes encrypting the HDD 100%.

Environment:

Hardware model: SONY VGZ-SZ94NS & SONY VGZ-SZ93NS

Number of disk: 1

Number of partition: 1

OS: Windows Vista

Timing of error: while Windows is loading.

How to Implement This Hotfix Pointsec PC 6.2 HF2 must be installed on Pointsec PC 6.2 HFA1. You must have local administrator permission to install Pointsec PC 6.2 HF2. To implement HF2: Install Pointsec PC HFA1. To make sure the Pointsec PC HFA1 installation is complete,

check the return code from the Pointsec PC.msi package – if the installation was successful, the return code will be zero and you should proceed to the next step before rebooting the machine after the installation of Pointsec PC HFA1.

Deploy and install this hotfix (HF2), see below.

This hotfix can be implemented in the following two ways:

Silent Implementation and Verification of Pointsec PC 6.2.0 HF 2 1. Run the P4PC_620_HF2.exe with the command flag [/s]. 2. Restart the machine. 3. Verify the implementation by checking that the DWORD value ‘Hotfix’ in registry key

*HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC’ is two (2).



Manual Implementation and Verification of Pointsec PC 6.2.0 HF 2 1. Click the [Apply] button in the window displayed after clicking P4PC_620_HF2.exe. 2. A message box is displayed. 3. Restart the machine. 4. Verify the implementation by checking that the DWORD value ‘Hotfix’ in registry key

*HKEY_LOCAL_MACHINE\SOFTWARE\Pointsec Mobile Tech\Pointsec for PC’ is two (2).

Changes and Corrections in 6.2 HF1 The following items have been corrected in Pointsec PC 6.2 HF1: ID About Details 10430 Heavy IO could

cause a machine to crash with a blue screen.

This problem has now been addressed by pre-allocating memory.

Changes and Corrections in 6.2 The following items have been corrected in Pointsec PC 6.2: ID About Details 9364 Only a maximum

total of 10 volumes can be protected by Pointsec for PC.

Currently only a maximum of ten volumes can protected with Pointsec for PC.

8429 P95Tray.exe crashes during uninstall on multi-disk machine on which the volume on the first hard disk has only boot protection (no encryption).

The P95Tray.exe crashes during uninstallation when Pointsec for PC 6.1.3 HF1 has been installed on a multi-disk machine and the volume on the first hard disk has only boot protection (no encryption). When uninstalling, the P95Tray.exe crashes after the first reboot. The tray icon displays decryption as 0% before the P95Tray.exe crashes. Uninstallation will not continue from this point. Workaround: it is possible to recover the encrypted volumes using recovery media, and the remaining Pointsec for PC components can be removed using Windows Add/Remove programs.

8428 Resuming from hibernation malfunctions on a machine with both an SATA AHCI-enabled hard disk and a SCSI hard disk.

Resuming from hibernation malfunctions on a machine with both an SATA AHCI-enabled hard disk and a SCSI hard disk. Such a machine was hibernated with text documents and image files left open on the Windows desktop. (Hibernation was enabled in Pointsec for PC, and the PC was rebooted once before hibernation was attempted.) But when the machine was resumed, Windows booted; and the files left open on the desktop were closed. Note: when AHCI is not enabled, hibernating and resuming work correctly.

8373 Removing a group by using an update profile (.upp) causes the p95tray application on the local machine to crash.

The user account name of the deployed user on the local system is not known, so the only thing the administrator wants to do is to remove the group.

The following scenario reproduces the error:

1. Create local group X.



2. Create the user account in the local group X.

3. Create an update profile that removes group X.

4. Run the profile in the local "Work" folder.

The profile is deployed, and the group together with its user(s) is deleted; but the P95tray application on the local system crashes with an error message.

7946 Aladdin eTokens will not work together with 2048-bit certificates.

Aladdin eTokens will not work together with 2048-bit certificates in Pointsec for PC 6.1.3.

7895 Missing Pointsec for PC message stating that hibernation is not allowed.

If hibernation is enabled in Windows only, not in Pointsec for PC, you should get a Pointsec for PC message when trying to hibernate the PC. The message "Hibernation not allowed" is no longer displayed. Only the Windows message is displayed.

7860 Logs that are not deleted after uninstalling Pointsec for PC 5.x are not overwritten.

Logs that are not deleted after uninstalling Pointsec for PC 5.x are not overwritten after installing Pointsec for PC 6.x., rather they are appended to the 6.x logs. Note that the 5.x logs cannot be read in 6.x PCMC.


1) Install Pointsec for PC 5.x.

2) Logs for version 5.x are written to your recovery share.

3) Uninstall Pointsec for PC version 5 (the logs are left on the share).

4) Computer name is not changed.

5) Install Pointsec for PC v6.

6) The logs for 6.x are written, but the 5.x logs are appended.

Workaround: Remove the central log and restart P95tray.

7777 "Ctrl+ALT+Del" required to reaccess machine after installing and waiting ca. 10 minutes to reboot.

The following scenario produces this problem:

1) Install Pointsec for PC by running the Pointsec for PC.msi.

2) Click "No" to the question "Do you want to reboot now?".

3) Wait about 5-10 min.

The error message "Error code: 0x5000d6e" appears, and when dismissed, an empty screen is displayed.

You must press "Ctrl+ALT+Del" to be able to access the PC again.

Note that once you have pressed "Ctrl+ALT+Del" and again can access the machine, there are no problems with the installation.

7713 Invalid challenge lengths allowed in the PCMC for

When adding or changing a dynamic token user account in the PCMC, the challenge length can be up to 16 characters long. The PCMC allowed Invalid challenge lengths for



dynamic token users.

dynamic token users.

Note: The valid challenge length has been changed to be from 1-8 characters.

7555 Authentication of smart card user account via Remote Help is inhibited during uninstallation.

During the uninstallation of P4PC via add/remove programs, it is not possible to authenticate a smart card user account via Remote Help. The 'Next'-button is never activated after the “Second response” has been entered, so it is not possible to continue the authentication session.

7536 Remote Help: PCMC one-time logon does not work when using an ActivIdentity V2C smart card.

Remote Help: when using an SC: ActivIdentidy V2C smart card, one-time logon to the PCMC does not work because the OK button is grayed out.

7454 Unable to enter the desired password when installing Pointsec for PC on a US English Windows operating system with the requisite Regional settings for Chinese (Taiwan).

When installing Pointsec for PC on a US English Windows operating system with the requisite Regional settings for Chinese (Taiwan), the following problem occurs: when entering the system administrator’s user account name and password, the display of the second keystroke in the password is delayed, and the character entered is not the character of the key you pressed.

Thus, when you enter these credentials in the PPBE, your validation fails.

Workaround:

1. Access [Regional and Language Options] setting -- [Advanced] tag. 2. Change [Language for non-Unicode programs] to "English (United states)" 3. Reboot the machine.

7289 The PCMC does not grey out groups that are marked for removal.

If you select a user account for removal in an update profile, it is grayed out after saving and reopening the profile. But, if you select a group for removal, it is not grayed out after saving and reopening the profile although all user accounts in the group are grayed out. The complete group is however grayed out when you choose ‘mark for removal’ before saving the profile, but not after it has been saved and reopened.

7192

Pointsec for PC field in Novell login dialog does not display Japanese.

The Pointsec for PC authentication field in the Novell login dialog does not display Japanese even though Japanese was chosen from the Pointsec for PC tray icon, and menus and dialogs in Windows were set to display Japanese.

6919 No info in logs about what kind of Remote Help is performed

After giving/receiving Remote Help, it is not possible to see in the client log viewer or in the local logs what kind of Remote Help that has been given.

6916 Central log contains strange entries

The Central log contains entries called "Configuration setting changed". When examined, they contain the text "Unknown was set to [number]". Often several "Configuration setting changed" entries are logged in a row.

6912 Sony Vaio hangs after logon in PPBE with certain USB smartcard readers.

Sony Vaio SZ1 may hang after logon in PPBE with USB smartcard reader SCR331 and RSA 5200.



6895 Black screen with hanging cursor after logon with SC in PPBE on certain machines

After logon with a smart card account in PPBE on certain machines, and a successful authentication, the screen may turn black with a hanging cursor. The same scenario occurs after an upgrade or a new installation. Workaround: Disable the USB Legacy Support in BIOS. You will then avoid the black screen. Same issue occurs on a ”Fujitsu Siemens 7020”

6884 Invalid character using PSLOGEXP.EXE

If the log parser tool "pslogexp.exe" is used to export log events as XML("/xml"), the output may be invalid if any event contains an XML Entity Reference (e.g. "&", "<" or ">").

6872 The password length of a user account can be reduced to a length shorter than the length specified for the group to which the user account belongs.

It is possible to reduce the password length of a user account to a length shorter than the length specified for the group to which the user account belongs. Scenario to reproduce the problem: 1. Create a new group and create a fixed password account. 2. Change the minimum length for the user account to be shorter than for the length specified for the group (if the minimum password length for the group is set to six, set the user account’s password minimum length to four). 3. Reboot and change the password in preboot.

6739 A profile installation fails for clients when using Windows 2000 and Internet Explorer 5.x.

A profile installation fails for Clients using Windows 2000 and Internet explorer 5.x. An installation error is logged with following text: "The profile could not be loaded".

In a “pure” Windows 2000 SP4 (with Internet Explorer 5.x) the required functionality for the installation is missing.

Workaround: install Internet Explorer 6.0 /6.0SP1 and the msxml3.msi (Sp5) package on the clients. The msxml3.msi package is available via www.microsoft.com.

6580 P4PC prevents hibernation on memory card adapters.

The Sony VAIO has a removable Memory Card Adapter (VGP-MCA20) for xD/SD/MMC compatible cards. This adapter is interpreted as an HDD by the OS and P4PC. This will prevent the system from hibernating, since P4PC 6.1.3 does not support hibernation with multiple HDDs in the system. Note: The Sony VAIO also has some internal non-removable memory card readers that are interpreted as HDDs whether or not the actual memory card is inserted. If these are enabled, they could prevent hibernation as well. Workaround: To be able to hibernate the PC, either physically remove the card adapter from the PC or disable the device from within the OS. Also disable any other internal memory card readers that are interpreted as HDDs.

5604 Certificate view is not updated when running Pointsec for PC (P4PC) in VMware and the network is

Here is the scenario: 1. Install P4PC in VMware. 2. Create a temporary smart-card user. 3. Disconnect the network cable from the computer (do not disable the network connection in VMware; rather unplug


http://www.microsoft.com/


unavailable. the physical cable). 4. Insert an Aladdin eToken 5. Reboot, and log on as the temporary user. 6. After logging on to Windows, the certificate selection window appears; but the eToken is not displayed in the list for selection. This behavior occurs very rarely. See “Error! Reference source not found.” on page Error! Bookmark not defined., above.

5482 Creating a new profile with the same name as an existing profile overwrites the existing profile.

Note that if you create a new profile that has the same name and type as an existing profile, the existing profile will be overwritten by the newly created profile.

5473 Profiles without names.

It is possible to create profiles that do not have profile names, even though creating such nameless profiles is not recommended. These profiles are listed under “Profiles” but the name field is empty, for example, the nameless “Install Silent” profile above the “install 1” profile shown here:

Nameless profiles can be selected, edited, etc. like any other profile.

5451 Problems unlocking the recovery file when authenticating with a smart card.

If you use a smart card when using the recovery utility to unlock a recovery file, the utility will try to use the smart card used for the first user account authentication for the second user account authentication. As long as a smart card is in the reader, the utility will try to use that card for authentication. Workaround: Do the first authentication with a fixed password or dynamic password user account, and then do the second user account authentication with the smart card. Or remove the smart card before the second authentication window is displayed.

5066 When using 3DES, intermittent errors occur when encrypting four or more volumes on certain machines.

The following errors occurred: Encrypting four or more volumes using 3DES often results in the problems described below. They have been reproduced unpredictably on the PCs below, and the outcome cannot be predicted. HP D530c: Event A) Decryption doesn't start at all. Rebooting doesn't help.



Event B) Hanging at the "Pointsec... Loading operating system..." screen after the first reboot following uninstallation using Add/remove programs. Dell Precision 670: Event A) Decryption stops after four volumes. After a reboot, the machine hangs. After a second reboot, the PC could be accessed; but the decryption still does not start. Event B) After the first reboot following uninstallation using Add/remove programs, the machine hangs before the Windows logon dialog is displayed. This also occurs after a complete decryption.

4750 Abnormal keyboard behavior on Dell 380.

Abnormal keyboard behavior on Dell 380 in PPBE. If you press any of the arrow keys on the keyboard, there is a lag of three key presses. Workaround: Press Ctrl-Alt-Del repeatedly until the machine reboots, or use the mouse to click in another field like the password field and then return to the first field, and then do not use the arrow keys when typing.

4983 Assertion error in recovery on an Acer Ferrari.

An assertion error may occur during recovery on the Acer Ferrari laptop. Work around: Once the recovery program’s authentication dialog is displayed, wait approximately 5 seconds before starting to enter username.

2859 Removing Pointsec for PC.

Removing using MSI In order for Pointsec for PC to be successfully removed from a user’s workstation, the logged on user account must be a member of the Administrators local group. If this is not the case, a number of erroneous dialog boxes will be displayed and the removal will fail. However, when a local administrator account is used to log on, the removal will continue and be successfully completed.

New in 6.1.3 The following new functionality and enhancements are included in Pointsec for PC 6.1.3:

• Support for slave hard drives • New location for the local log file and for the recovery file

From Pointsec for PC 6.1.3 onwards, the local log and recovery file are stored locally in the following directory: C:\Documents and Settings\All Users\Application Data\Pointsec. (The local log and recovery file are no longer stored in the Pointsec program directory.)

Changes and Corrections in 6.1.3 Hotfix 4 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 4: ID About Details



9322 A delay can occur after the "Initializing Pointsec for PC" progress bar has completed.

After the "Initializing Pointsec for PC" bar has finished loading, a delay could occur during which only a black screen is displayed. This issue has been resolved by introducing “sign-of-life” progress bars during the installation.

9283 The Pointsec for PC system file, Prot_ins.sys not protected from deletion.

The Pointsec for PC system file, Prot_ins.sys, was not protected from deletion. A protection has now been introduced for new installations. Note: Upgrading the system to 6.1.3 HF4 will require the protection to be manually inserted by adding Prot_ins.sys to “Lockfiles” in the Pointsec for PC registry.

9135 PSMAIN 0x50000c7e during installation if installation was aborted.

If the system was shut down during the second part of the installation a PSMAIN 0x50000c7e error could occur. In this release Pointsec for PC will attempt to restart installation where it was interrupted.

Changes and Corrections in 6.1.3 Hotfix 3 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 3: ID About Details 9282 Inconsistent CRC

error generation causes Windows to terminate with a system error.

Inconsistent internal Pointsec for PC error handling can cause problems for the NTFS file system driver and lead to Windows terminating with a system error. This problem has been resolved.

9172 Windows terminates intermittently with a 0x00000024 system error.

A Pointsec for PC filter driver call fails and causes the 0x00000024 system error. This issue has been resolved.

Changes and Corrections in 6.1.3 Hotfix 2 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 2: ID About Details



8492 Issues regarding alternative boot media on Lenovo models T43 and T60.

The following two issues regarding alternative boot media on Lenovo models T43 and T60 have been corrected. 1) The boot process was extremely slow when booting from CD/DVD media via the Pointsec for PC alternative boot menu. 2) Access to encrypted volumes when booting via the alternative boot menu was not possible. These issues have been resolved in this release.

8170 Parity Check error.

Issues with Parity Check error messages on Lenovo models T43 and T60 during boot up have now been corrected.

Changes and Corrections in 6.1.3 Hotfix 1 The following items have been corrected in Pointsec for PC 6.1.3 Hotfix 1: ID About Details 8354 Upgrade of smart

card driver does not work.

Upgrade of smart card driver does not work. The INF file is upgraded, but the driver files themselves are not. This issue has been resolved in this release.

8350 Profiles mistakenly imported again after upgrade to 6.1.3.

The profiles located in update folders are imported even if they where imported before the upgrade. Workaround: Copy profile.dat and profile2.dat from \Program Files\Pointsec\Pointsec for pc\ to Documents and setttings\All Users\Application Data\Pointsec\. This issue has been resolved in this release.

8347 UsersLocation registry value shows a faulty location.

The registry value UsersLocation that should point to C:\documents and settings\All Users\Application Data\Pointsec mistakenly points to W:\Doc... or Z:\Doc... This is related to external hard drives; the drive had this drive letter. This issue has been resolved in this release.

8331 USB hard drive (HDD) - Boot record and system area are installed on the USB HDD.

During installation of Pointsec for PC, you can select to install the program on your USB hard drive (HDD). After rebooting, the system code is installed on the hard drive and a Pointsec for PC boot record is also put on the HDD. This issue has been resolved in this release.



8308 Encryption starts without a recovery file being created.

If uninstallation was incomplete, and if the value "Uninstall" is set to "1" in the Pointsec registry, encryption starts without a recovery file being created. This issue has been resolved in this release.

8215 When booting with bootable media,"Database corrupt" messages are issued and Windows terminates with a system error.

"Database corrupt" messages are issued when booting with bootable media, and Windows terminates with a system error. This issue has been resolved in this release.

8181 Reinstall fails with PSMain error code.

Inserting a bootable CD in the CD-ROM drive during reinstallation causes the reinstall to fail. This issue has been resolved in this release.

Changes and Corrections in 6.1.3 The following items have been corrected in Pointsec for PC 6.1.3: ID About Details 7889 Computers without

PCI BIOS functionality terminate with a severe error.

After installing Pointsec for PC and immediately after the first reboot, computers without PCI BIOS functionality terminate with a severe error. Case ID: 10767.

7551 Obertur smart card malfunctions.

Authentication using the ActivIdentity Oberthur CosmopolIC 32K V4 smart card. Case ID: 8935.

7481 Rebooting during encryption causes the machine to hang.

If you reboot during encryption, the computer hangs at the "Pointsec loading operating system" message. It can also occur when Pointsec for PC starts to encrypt the second partition and you reboot. Case ID: 10409.

7446 A webRH update profile disables Windows Integrated Logon.

Adding an webRH update profile to a Windows Integrated Logon (WIL) enabled machine will disable WIL. The following scenario produces the error: 1) Enable WIL. 2) Reboot and ensure that WIL works. 3) Import a webRH update profile. 4) When you reboot, you will have to enter credentials at PPBE. Case ID: 10054.

7430 Additional Keyboard layouts required in PPBE.

The following additional keyboard layouts are required in the Pointsec Preboot Enviroment (PPBE). Swiss (French) and Swiss (German).



Case ID: 10388. 7299 Incorrect version

information displayed for Pointsec for PC when using Add/Remove programs.

The version information displayed for Pointsec for PC when using Add/Remove programs is incorrect. Case ID: 10065.

7297 Uninstall settings for user accounts are not recognized.

The following scenario produces the error: 1) Create an installation profile (in this case, a silent profile). 2) Create a group with Uninstall setting "Specified Value = -" and "Effective Value = NO". 3) Create three users in that group. Two with the Uninstall setting "Specified Value = YES" and "Effective Value = YES". The third should have the default setting. When you try to exit from the profile, you will receive the following warning: "Fewer than two user accounts have uninstall permission. Case ID: 9908."

7218 Error when unlocking a user account in PCMC when using a Japanese version of Windows.

When you right-click on a user account and select “lock/unlock account” in P4PC 6.1.1 Japanese console, an “Index was outside the bounds of the array” error message is displayed. Case ID: 9537.

7210 Cannot define a user account that is prohibited from logging on to PBE but is allowed to logon to PCMC.

It is not possible to prohibit PBE logon when still allowing PCMC authentication. The following scenario produces the problem: 1) Install Pointsec for PC 6.1.1. 2) Create user account X with the following permissions: - 'Logon Authorized' to 'No', - 'Management Console Logon' to 'Yes' 3) Reboot. 4) Authenticate in PBE with a Pointsec for PC user account that has the permissions to logon to Pointsec for PC. 5) Try to authenticate to PCMC with user X. 6) You will receive: "Invalid login". Case ID: 8488

7206 A specified second publish path is not used.

The following scenario produces the error: 1) Create an isp profile with either Pointsec for PC 6.1.0 or 6.1.1. 2 ) Create two entries in the Publish path setting: The first one is remote and not accessible: (\\192.168.10.1\publish$)



The second one is accessible (C:\). 3) Now create a update profile that creates a Pointsec for PC user account. 4) Place the profile in the secondary path (C:\). 5) Reboot. Verification: check log entries, check PCMC: the profile is never published in the second directory. Case ID: 9607.

7201 Pointsec for PC version number is specified incorrectly in the support information.

The following scenario produces the error: 1. Go to "Add or Remove programs" and locate the Pointsec for PC entry. 2. Click: "Click here for support information." The version number displayed is "6.0.1", but is should have been "6.1.0". Case ID: 10654.

7195 Enabling and disabling Wake on LAN (WOL) using UPP profiles.

The following scenario produces the error: 1. Publish an UPP that enables (WOL) and set "n" WOL starts (and specify all the other settings necessary). 2. Use WOL for "x" boots. 3. Publish an UPP to disable WOL. 4. Publish an UPP exactly like the one in the first step. The result of this is that WOL is enabled, but WOL starts are still set to "n"-"x", not reset to "n". Case ID: 8502.

7188 Cannot choose AES when creating an install profile.

The following scenario produces the error: 1) Select Danish in regional settings in Windows. 2) Do a master installation with AES as the algorithm. Use an open license when it comes to language (Operating System). 3) Select: create a installation profile. 4) Open "Choose encryption". 5) You cannot choose AES as algorithm in the drop down menu. Note: If you leave the setting as they are the installation profile will install with AES as algorithm. Case ID: 9550.

7145 Boot problem when a second partition is set as active – Error code: 0x50012b8.

It's not possible to install on a system where the second partition is set as active. The following scenario produces the error:

1) Setup a partition layout with 2 XP partitions where the second partition is the active partition. 2) Choose to install Pointsec for PC from the first OS partition and to install on all partitions (Boot and encrypt). 3) Reboot.



4) The Pointsec for PC system code is installed on all partitions. 5) Authenticate to Pointsec for PC. 6) Choose to boot into the first OS partition (the partition from which the installation started). 7) When P95Tray.exe starts, the following dialog "Error code: 0x50012b8" is displayed. 8) Click OK, and you will get a Windows dialog saying that the P95Tray.exe will be shut down. 9) Reboot and you will get the same scenario again. Case ID: 8440.

7103 PCMC - Unhandled exception occurs.

The following scenario produces the error:

1. Go to Local -> Edit settings: 2. Right click a setting under a user account, for example, Privileged Permissions and select "Name and Authentication". An "Unhandled exception..." occurs. Case ID: 9338.

7086 Invalid data error after enabling Hibernation with the Japanese language selected.

An "Invalid Data" error occurs when you change the hibernation setting in the management console (PCMC) and you use the Japanese menu. The following scenario produces the error:

1. Right click the Pointsec for PC icon in the task tray, then select the Japanese language. 2. Open the Management Console. 3. Go to Local -> Edit Settings -> System Settings -> Other. 4. Double click "Allow Hibernation", select the checkbox (or clear it if it is selected already), then click OK. 5. Click OK to close Local. Then an "Invalid Data" error occurs. Case IDs: 9306, 6622.

7080 Novell - User ID displayed after reboot.

After installing Pointsec for PC the UserID field shows the last username used after reboot. Case IDs: 9249, 6793.

7097 Novell - Offline mode problems.

Problem with the Novell client and the offline mode feature: once it is turned on, you cannot turn it off.

The following scenario produces the error:

1) Install Novell Client 4.91 SP2.

2) Install Pointsec for PC 6.1.1.

3) Reboot and make sure that normal Novell login process works.

4) Shutdown the machine and unplug the network cable.



5) Boot and NwClient is set to "Workstation only" (OK).

6) Reboot and connect the network cable again before Windows boots.

7) You will still have: "Workstation only" mode enabled.

Case ID: 9247.

7065 Windows does not load if partition 3 is set to Active (Boot partition)

The problem occurs in the following configuration: 1. C drive (0:0) - Windows XP installed ACTIVE PARTITION. 2. D drive (0:1) – User data drive. 3. E drive (0:2) - Recovery partition with Windows PE installed or Windows XP. Scenario 1. 1) Set the C volume to Active (Boot partition). 2) Boot the machine and authenticate in PPBA. 3) The machine starts and Windows loads. The following scenario produces the error: Scenario 2: 1) Set E volume to Active. 2) Boot the machine and authenticate in PPBA. 3) Get “Pointsec … Loading operating system” and the system hangs. Case ID: 9217.

7062 Windows freezes at the Windows splash screen

Windows freezes at windows loading screen. According to the start log, it freezes at driver Mup.sys. Safe Mode start works without problems. The problem occurs only when using Checkpoint VPN client to connect to network. Case ID: 7117.

7044 On a Chinese Windows installation, unable to input the license code.

On a Chinese Windows installation, you are unable to insert the first part of the license code (the W60 part). Only two characters fit in the text field. Case ID: 7585.

7038 Dynamic password - Next button grayed out.

When adding x9.9 token, the user interface will not activate the Next button if all information is not entered in exactly the proper order. The following scenario produces the error: 1) Add a x9.9 token user 2) Enter the key information before the token id, select the token format etc, the next option will REMAIN grayed out Case ID: 9167.

7033 The "Set Minimum Password Age" function

The function "Set Minimum Password Age" malfunctions. If you enable this function for a user account or group



malfunctions. (e.g. set it to 10 days), when this user account logs in one or more times, the user account can change the password each time. (The user account has "Change Password" permission set to "Yes", of course). Also if the setting "Set Maximum Age" is set for a user account that also has set "Set Minimum Password Age" to a "max" setting is lower then the "min" setting the user account can change the password when prompted (without having the "Change Password" permission set to "Yes"). Case ID: 10623.

7013 Automatic hibernation at low battery level fails.

If you set your machine to hibernate automatically via the Power Options in Control Panel, when it hibernates the next boot will be a normal boot. Any data that was not saved will be lost. The following scenario produces the error: 1. Go to the Control Panel. 2. Open: Power Options. 3. Select the Alarm tab. 4. Select "Activate critical battery alarm when power level reaches". 5. Set the machine to hibernate at a certain battery level. 6. Ensure that "Hibernation" is selected as Alarm Action. Case IDs: 8946, 9033.

6999 CAC smart card authentication to PCMC fails.

Not possible to logon to PCMC with CAC smart card authentication. Case ID: 8913.

6998 The Pointsec for PC screen saver forced on installation.

The Pointsec screen saver is forced onto any system on which Pointsec for PC is installed. Case ID: 8594.

6886 User account is locked even though settings related to account lockout are set to “Disabled”.

User account is locked even though the settings related to account lockout have been set to “Disabled” in local settings for the respective user and group setting. The following scenario produces the error: 1. Logon to the Management Console. 2. Under Local settings, disable Set Max Failed Logons, Set Logon Limit, Attempts Before Temporary Lockout and Temporary Lockout Time. 3. Confirm the Effective Values are “Disabled” as per step 2. 4. Logon to the Management Console using a valid user account but use the wrong password. Make 10 attempts and then restart the PC. 5. The user account (or sometimes the user accounts



in the group) are locked, with message: Invalid Logon - Your account is locked, too many failed Logon attempts. The only way to unlock the account at this stage is to right-click the value and select Reset Value for the settings “Attempts Before Temporary Lockout” and “Temporary Lockout Time”. Workaround: Ensure that the values for Attempts Before Temporary Lockout and Temporary Lockout Time are reset to the default values rather than selecting “Disabled” for them. Case ID: 8539.

6972 Pointsec for PC installation fails if the Symantec application restorebmr.exe is run prior to the installation.

Pointsec for PC will terminate abnormally if the Symantec application restorebmr.exe is run prior to the installation of Pointsec for PC. Case ID: 8640.

6850 Cannot uninstall if the .REC-file is unavailable.

The following scenario produces the problem: 1. Install PS 6.1.0 HF1, and add, for example, the following path: \\path\path\rec to store recovery file. 2. Select at least one volume to encrypt. 3. Let machine encrypt 100%. 4. Change path to something that cannot be accessed, for example, \\path\path\rec_old. 5. Remove Pointsec for PC using Add/Remove Programs. 6. Reboot. 7. Wait for decryption to start. It does not start. 8. Change path to correct \\path\path\rec, and reboot. 9. Now decryption will start. Case ID: 8491.

6819 Only add one path at a time.

Only add one path can be added at a time. The following scenario produces the problem: 1) Open the PCMC. 2) Go to Local and select: Edit settings. 3) Set one new recovery and a profile path. 4) Click OK. 5) Select: Edit Settings. 6 Only one of the paths added at step 3 has been created. Only one path can be added at a time, and the last one specified will be the one that is added when you click OK (Save the settings). Case IDs: 7624, 6569.



6815 Fatal error under heavy load when PME and Symantec Antivirus 10 are installed on the same system together with Pointsec for PC.

The fatal error caused under a heavy load when PME, Symantec Antivirus 10, and Pointsec for PC are all installed on the same system has been resolved in this release.

6813 Logs duplicated in Windows Event Viewer.

If you choose to change the computer name while you have Pointsec 6.1 HF1 installed, you will get duplicates of the logs that you had before you changed the computer name. The following scenario produces the problem: 1) Install Pointsec for PC 6.1 HF1. 2) Check the Windows Event Viewer log and the local Pointsec log, and you will see that there are just as many log entries (the local log will probably have one more log, log for the logon to the PCMC). 3) Reboot. 4 Change computer name. 5) Reboot. 6) Check the Windows Event Viewer and the local log and you will see that the Windows Event Viewer logs entries are twice as many. Case ID: 7622.

6793 Local Security Policy Setting not honored.

Pointsec for PC causes local security settings to be ignored when used with Novell. Environment used in reproducing the problem: XP Sp2, Novell Client Version: 4.91 SP1, and Pointsec for PC Version: 6.1 HF1. The following scenario produces the problem: 1. Set up a Novell client. 2. Set the Local Security Policy Setting: [Do not display last username] to Enabled. 3. Novell will honor this setting and the last user name will not be displayed in Novell logon. 4. Install Pointsec for PC with the default setting (UpdateSSO=0). The modifications that Pointsec for PC makes to the Novell logon screen (Pointsec OCX) will cause the last user name to be displayed. Basically Pointsec for PC causes the local security setting to be ignored. Case ID: 8127

6738 No reboot after multiple failed logons.

It is possible to make unlimited logon attempts in PPBE if you use a user account that is not present in the Pointsec user database. Case ID: 8356.

6732 Configuration Set The following scenario produces the problem:



lost in PCMC GUI. 1) Logon as a "full permission user" (sysadmin). 2) Create a Configuration Set. 3) Exit from the PCMC. 4) Log on as a user with “limited permissions”, that is, not “full permissions” (with the following permissions granted: Management Console Logon and Provide Remote Password Change). 5) Exit from the PCMC. 6) Log on as "full permission user" (sysadmin). Configuration Set is now lost. Case ID: 7871.

6731 Accounts with permission to access both the Management Console and Local can change the password for any account.

Accounts with permission to access both the Management Console and Local can change the password for any account in certain places in the Management Console. Customers are therefore advised not to configure user accounts that have access to both the Management Console and to Local. Case ID 8080.

6729 Recovery Media Content Differs.

If a floppy is pre-formatted in Windows XP, the content differs from a medium that is formatted by the recovery program. At least the file Datahand.dbh is missing on the Windows XP pre-formatted medium. Case ID: 6270.

6666 Pointsec for PC fails to uninstalled via add/remove.

Using a silent install profile, Pointsec for PC installs and encrypts. If you try to use the Windows “add/remove programs” to uninstall, the window loses focus; and you cannot enter the password of the authorized user account. The following scenario produces the problem: 1) Install Pointsec for PC using a silent install profile. 2) Let it encrypt fully. 3) Go to “Add / Remove programs” via the Control Panel. 4) Instead of entering the user account name, click in the password field. Case IDs: 7908, 8091, 9314, 9227.

6665 Authentication hangs during uninstallation from Windows add/remove programs.

The following scenario produces the problem: 1. Install using a profile. 2. Let the system encrypt. 3. Do Add/Remove. 4. When the authentication window is displayed; either click on the password field or tab down, and the window will emit a sound and then hang. Case ID: 8018.

6664 Hibernation - Dynamic token

When logging on with a dynamic token user while hibernated with fixed password user, the dynamic



user accounts become corrupt.

token user account is corrupted. The following scenario produces the problem: 1. Power on the machine. 2. Login PBA/OS using a fixed password user account (username+password combination). 3. Do hibernation. 4. Power on the machine again. 5. In preboot authentication, try to log on using the dynamic token account and you'll be rejected because you need to log in using the fixed password account (used during step 2). 6. Again in preboot authentication, log on using the fixed password account (used during step 2), and log in the OS. 7. Reboot the machine. 8. In preboot authentication, if you try to log in using the dynamic token account from step 5, you'll have "Invalid logon". The dynamic token user account is no longer able to log on. Case ID: 5433, 6750.

6654 Datahand.dbh is not created on Recovery media.

When creating recovery media, (both floppy and USB) the file "datahand.dbh" is not written to the media. Case IDs: 7831, (GER), 7894 (GER), 6801 (JP), 6270 (US), 6881 (JP), 9382 (US), EDS – 11046.

6633 PCMC - Invalid data error when using a Japanese OS.

When using a Japanese OS, error messages are produced when editing in Local -> System settings. The following scenario produces the problem: 1 Open Management Console -> Local -> Edit Settings -> System Settings -> Install 2 Enter Set validation Password -> click OK 3 Click OK to close Local 4 "Invalid Data" error is displayed The same message is displayed when the editing upgrade and profile path. Case ID: 6622, 7404.

6629 Unhandled exception when creating a temporary user.

The following scenario produces the problem: 1. Create user group - Users 2. Create a temporary smart card user - Temp 3. Go to Account Settings 4. Go to Logon 5. Change "Attempts before temporary lockout" 6. Click OK An unhandled exception causes an error message. Case ID: 7754.

6580 Pointsec for PC prevents hibernation on

The Sony VAIO has a removable Memory Card Adapter (VGP-MCA20) for xD/SD/MMC compatible cards. This adapter is interpreted as an HDD by the



memory card adapters.

OS and P4PC. This will prevent the system from hibernating, since P4PC 6.1.3 does not support hibernation with multiple HDDs in the system. Note: The Sony VAIO also has some internal non-removable memory card readers that are interpreted as HDDs whether or not the actual memory card is inserted. If these are enabled, they could prevent hibernation as well. Workaround: To be able to hibernate the PC, either physically remove the card adapter from the PC or disable the device from within the OS. Also disable any other internal memory card readers that are interpreted as HDDs.

6573 precheck.txt file is not read when installing from a network path.

The following scenario produces the problem: 1. Place the install package on a network drive. 2. Change something in precheck.txt (for example, UpdateSSO=4). 3. Change permission on all install files in the Pointsec folder. Give "Full Access" to the user account you intend to use as the installer account. Remove all other user accounts in the permission list, including "Everyone". 4. Login with the user account that has Full Access to the files and click your way to the msi. Double click it to start the installation. 5. Check the registry after the installation. The precheck changes have not been made. Case IDs: 6223, 6912, 7208, 9292.

6517 Change of user account name not applied in an interactive profile.

The problem occurs in the following scenario: 1. Create an interactive installation profile that is

based on local settings. 2. Right click one of the users, and select “Name

and Authentication”. 3. Under “Type of User” select “Install”, and

Under “Install Interaction” select “Change Logon Name” and “Change Authentication Details”.

4. During installation, change both logon name and password.

The new logon name is not applied, only the password change is applied.

Workaround:

Use a temporary user for installation instead and then make the changes.

6486 The OK button is active prior to the completion of Remote Help.

When entering the Remote Help dialog in preboot authentication, the OK button is active and can be pressed even though the procedure is not yet finished. If pressed, an “invalid login” error message is displayed. Ok button should be inactive until final input is completed.



Case ID: 5895. 6485 “Change Single

Sign-On setting” malfunctions.

Even though the "Change Single Sign-On" setting is set to No, the user can disable single sign-on in PBA, and the SSO chain will thereby be broken. Case ID: 7226.

6464 Unable to read encrypted data on hard drive via Pointsec alternative boot menu (Ctrl + F10 or Ctrl + F9).

In order to read encrypted data on the first volume of a hard disk drive, the following conditions must be met:

- The first volume may not be hidden - There may be only one volume - There may be only one hard drive.

If the above conditions are not met, you will not be able to read the data via the alternative boot menu.

6421 Possibility of problems when installing via profiles on machines that have hidden volumes.

Note that if you attempt to install with a profile that specifies only Volume 0 in “Select Volume Protection”, and the machine on which this profile is meant to install Pointsec for PC has a hidden volume, the installation will fail because Pointsec for PC always counts the hidden volume as Volume 0. So in this case, no code will be installed because the only volume specified is a hidden volume.

6406 Log entry of type 1010 lacks meaningful text.

If you start the PCMC, select Local, select Edit Settings, and click OK without having made any changes in Edit Settings, two entries are written to the log file, each with type 1010. If you look at these entries under Log Entry Details, you will see that instead of meaningful text in the entry, one says “Unknown was set to 0” and the other says “Unknown was set to 60”. Case ID: 8653.

6378 Limitation when unregistering drivers with pscontrol.exe.

It is not possible to unregister all drivers that have previously been registered using pscontrol.exe.

6362 After the first authentication following installation, stressing the disk causes the system to freeze.

The following scenario causes the system to freeze: 1. Install 6.0.1 HF2 with encryption. 2. After the first authentication following installation, stress the disk with defragmentation and file searches. 3. The system freezes after a while, the problem is intermittent. - Has been reproduced on HP dc5100. Case ID: 6126.

6319 Moving the mouse during PPBE produces: Error code "***** Internal CSDSES error ***

If you move the mouse during "Pointsec for PC ... loading operating system ...", the following error message is displayed "***** Internal CSDSES error *** ". Pressing the Power button reset was required to get the system to boot properly. The problem was found on the Dell D410 and D610 machines.



" Case ID: 6765.

6311 Windows logon dialog fails after uninstalling Pointsec for PC.

If you do the following: 1. Install Pointsec for PC selecting boot

protection only. 2. Perform recovery on the system volume. 3. In Windows, run Add/remove Programs and

uninstall Pointsec for PC. 4. Reboot the PC.

The PC stops when it should display the Windows logon dialog, and the following message is displayed: “User interface failure: The logon user interface DLL pssogina.dll failed to load…”.

Workaround: Boot into safe mode and manually set the registry setting: “GinaDLL” to msgina.dll. The path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.

6290 Preboot logon does not appear after recovering a non-encrypted volume.

If you do the following: 1. Install Pointsec for PC and only boot protect

the system volume and fully protect (boot protection and encryption) a second volume.

2. Recover the system volume. 3. Boot the PC.

A fatal error (error code 5001344) occurs during the boot or shortly after Windows authentication. Note that the scenario above ignores the best practice, which is to perform recovery of all volumes; and, as a second choice, perform recovery starting with the last volume protected first.

6262 Known issues using RSA together with Schlumberger.

The RSA 5200 Smart Card is not detected in PPBE at all when the reader USB reflex v2 is used, with or without a hub. The same occurs if the reader USB reflex v1 is being used.

6259 Two smart card user accounts can be assigned the same certificate.

Two smart-card user accounts cannot be assigned the same certificate in the Pointsec for PC Management Console. But two smart-card user accounts can be associated with the same certificate when using a temporary user account or when selecting “Change Credentials” in the tray. However, an administrator should never assign the same certificate to two users.

6101 Help feature malfunctions in “Create Recovery Disk”.

When using a question mark ("?") to get help during Create Recovery Disk, the following error message is displayed: "Can not find the C:\Program Files\Pointsec for PC\UserRec.HLP file. Do you want to try to find this file yourself" Case ID: 6323.

6093 Uninformative message displayed after

If you enter the wrong encryption key for a Pointsec for PC IMP file, you receive the following uninformative error message: “Attempted to read or



entering the wrong encryption key for a Pointsec for PC IMP file.

write protected memory. Case ID: 6220.

5943 Reaching the logon limit for a user account makes it impossible to disable the logon limit for that account.

If you set logon limit to 5 and then perform 5 successful logons you will not be able to unlock this user any more. 1) Set Logon Limit to 5 2) Reboot and do 5 logons (Account is locked/exceeded) 3) Enter PCMC and disable Logon limit 4) Reboot 5) You will not be able to logon with this account anyway. Case ID: 5979.

5802 Hibernation - Not able to logon in at PBE

The result of the following scenario was that no user could logon to Pointsec for PC on this machine (unless they used Remote Help or Recovery). 1. Enable hibernation via PCMC and on the machine through control panel. 2. Set the machine to hibernate. 3. Restart the machine. Fail logon as the user 3 to 5 times so account will lock. 4. Totally power off the machine and try to log on as any other user account, for example, as system admin etc. Pointsec for PC will not allow you to logon using any other account. Case ID: 5654.

5772 Importing tokens - Not possible to have more then 11 tokens in IMP file.

If you import an IMP file containing 25 tokens, only 11 are visible when trying to import them in PCMC. Case ID: 5585.

5451 Problems unlocking the recovery file when authenticating with a smart card.

If you use a smart card when using the recovery utility to unlock a recovery file, the utility will try to use the smart card used for the first user account authentication for the second user account authentication. As long as a smart card is in the reader, the utility will try to use that card for authentication. Workaround: Do the first authentication with a fixed password or dynamic password user account, and then do the second user account authentication with the smart card. Or remove the smart card before the second authentication window is displayed.

5254 EncryptionState remains “1”

The value of EncryptionState remains “1” in spite of the fact that encryption has completed successfully.



despite successful encryption.

After encryption completes successfully, the value should be set to “2”. The values that EncryptionState can have are: 0 = Unencrypted 1 = Encrypting 2 = Encryption completed That the value is never set to “2” is an error. Work around: examine the central log file or the local event viewer to check the status of the encryption. Case IDs: 4609 and 10000.

5251 Risk of exceeding “Set max failed logons” value specified in PCMC when using password synchronization.

When password synchronization is enabled, Pointsec for PC can generate spurious failed logon attempts when the user logs on to Windows. If the maximum number of failed logons set in the PCMC under Local

Group Settings/Account Settings Logon “Set max failed logons” is too low, the user account logging on might be locked because this number has been exceeded by the generation of these spurious failed logon attempts. Workaround: Ensure that the value specified for “Set max failed logons” is large enough to compensate for the spurious logons that are generated. Case ID: 10340.

5246 eTokens are not supported on the Hewlett Packard/Compaq Evo N800c.

Use of eTokens on the Hewlett Packard/Compaq Evo N800c is not supported.

5124 Problem viewing the central log

Currently the log files for the client PCs are stored together with the recovery files. When you create a new set you specify a "Publish" path and a "Storage" path. A recovery path under Local/System Settings/Install/Set Recovery Path has also been specified. The log files are stored in this Recovery path, and erroneously do not appear in the set’s logs. To be able to view logs for the clients in a set, follow the work around below. Workaround: Set the “Storage Path” for the set to the same path as the Recovery Path set in: Local/System Settings/Install/Set Recovery Path.

4786 PIN dialog sometimes hidden by Extend Authority dialog.

Occasionally when authenticating with a smart card, the PIN dialog is hidden behind the Pointsec for PC Extend Authority dialog. Work around: Use the mouse to move the “Extend Authority” dialog to that you can access the PIN dialog. Then enter the PIN.

4638 Possible Problems When

On certain PCs, you can experience problems if you use USB devices at the same time as you use USB a



Authenticating with USB Smart Cards When USB Devices Are Used for Recovery

smart card reader. Problems have occurred on the following machines: NEC VersaPro, Dell D600, IBM A51, and Dell D370. There may be other machines on which problems occur. Work around: use a non-USB device for recovery if you authenticate using USB smart cards. Case ID: 6579.


• Enhanced support for smart cards.

Aladdin eToken users! Before upgrading to Pointsec for PC 6.1.2, read the following document: Pointsec_for_PC_EW_6.1.2_Aladdin_eToken_B.pdf, which is on the product CD ROM.

Changes and Corrections in 6.1.2 ID About Details 7028

6972 Pointsec for PC installation fails if the Symantec application restorebmr.exe is run prior to the installation

Pointsec for PC will terminate abnormally if the Symantec application restorebmr.exe is run prior to the installation of Pointsec for PC. This issue has been resolved in this release.

6815 Fatal error under heavy load when PME and Symantec Antivirus 10 are installed on the same system together with Pointsec for PC.

The fatal error caused under a heavy load when PME, Symantec Antivirus 10, and Pointsec for PC are all installed on the same system has been resolved in this release..

Changes and Corrections in 6.1.1 ID About Details 6792 The local logfile

grows too quickly.

The local logfile grows too fast and becomes very large. In cases where the logfile is delivered to a network share, there is a noticeable loss of performance. This issue has been resolved in this release.

6791 Identical log entries are created in the central log.

In random cases identical log events were created in the central log file. This issue has been resolved in this release.



ID About Details 6780 Not possible to

view or export logs in PCMC.

When attempting to open or export logs in PCMC you get the following error message: "Failed to load resources from resource file. Please check your setup." This issue has been resolved in this release.

6767 Unable to remove a newly created Temporary user account and attempts to remove this account result in the removal of the user account created from the temporary user account.

The problem occurs in the following scenario: - Install PS4PC 6.1 HF1 with one temporary user in a Users group - Logon as the temporary user and rename the account - Apply an update profile based on the original installation profile that includes the Users group and the temporary user. - The Users group now has two accounts. The user that was created from the original temporary account and the newly added temporary account. - With management console attempt to remove the newly added temporary account. Nothing happens; it can’t be removed. - With an update profile attempt to remove the newly added temporary account. The user that was created from the original temporary account is removed and not the temporary account. This issue has been resolved in this release.

6655 CentralLog.exe Error on Upgrade.

The message “CentralLog.exe has encountered a problem and needs to close” is displayed on several systems after upgrade from 6.0.1 to 6.1. This issue has been resolved in this release.

6626 Database corrupt – Database can become corrupt when Smart Card is used.

The database can become corrupt when petoken.bin is used. Scenario:

1. Add petoken.bin to precheck.txt. 2. Install with installation profile. 3. Encrypt volumes. 4. Reboot and press CTRL-ALT-DEL during

PBA. 5. Shut machine down using power button. 6. Start machine up using power button. 7. Authenticate and boot machine up.

If you repeat this procedure, you will eventually receive the message “Database corrupt. PsMain: 51cc”. This issue has been resolved in this release.

6622 PCMC – Error message in “Edit settings” in Japanese language.

Error message “Index was outside the bounds of the array.” appears when the following setting is accessed in P4PC MC: Group > System > UserID > System > Account > Permission This issue has been resolved in this release.



ID About Details 6575 Index outside

bounds of array in MC.

To reproduce (Found only in German & Slovakian languages):

1. Open MC. 2. Go Local. 3. Create new group. 4. Open new group. 5. Open “Permission” folder of that group.

This issue has been resolved in this release. 6574 Keyboard

unresponsive during Windows startup.

If your keyboard does not respond after Pointsec preboot authentication and before Windows startup, disable Pointsec PBA mouse support. This issue has been resolved in this release.

6571 Profile paths not saved correctly.

The following scenario will reproduce this problem:

1. Create a silent install profile. 2. Specify one path for all three settings

(Recovery, Update and Upgrade). 3. Complete the profile and save it – you are

now back at the PCMC main display. Note: Issue has also been reproduced when only saving the profile “half-completed”.

4. Open the profile again to either verify settings or continue creating the profile.

The search paths, as specified in Step 2 above, were not saved correctly. In tests performed to date, one of three paths is correctly saved. Notes:

• If the procedure is repeated a second time (correct paths and the profile saved), two of three paths will be saved correctly.

• If the procedure is repeated a third time (correct paths and the profile saved), all three paths will be saved correctly and the profile paths will be as they should.

This issue has been resolved in this release. 6545 Characters < > &

not allowed in user account or group names

The characters for greater than (<), less than (>), and the ampersand (&) may not be used in user account names. In Pointsec for PC 6.1.1 you are able to use < > & in usernames and in group names, so this issue has been resolved in this release..

6531 Unable to view logs after disabling Autologon.

If Autologon is used and then disabled, you will be unable to view the logs after reboot. The scenario is as follows:

1. Start PC with Autologon.



ID About Details 2. Disable Autologon. 3. Accept the user account being removed

when queried. 4. Reboot and log on manually. 5. Try to view the local log or logfile using

PCMC or pslogexp. Note: This problem does NOT occur with normal user accounts or when a Wake-on-LAN-enabled user account is disabled because of a manual logon to PCMC. This issue has been resolved in this release.

6469 The crerec process starts every two seconds after an update profile is imported into the work directory.

This issue has been resolved in this release.

6446 Sony VAIO SZ1 hangs after preboot authentication.

The Sony VAIO SZ1 hangs after preboot authentication. The PC boots to the Windows safe mode menu, where it hangs. When the menu times out, nothing happens, and you are not able to choose any of the safe mode boot options. Workaround: Disable mouse support through the double-shift menu, and you will be able to boot into Windows. Alternatively, unplug any external USB mouse. This issue has been resolved in this release.

6440 Problems experienced after preboot authentication when USB hardware device support is enabled on an NEC VersaPro VJ17F/RF-U.

Immediately after preboot authentication, an NEC VersaPro VJ17F/RF-U can shut down with a fatal error when USB hardware device support is enabled. Removing and/or disabling the mouse does not solve this problem. Workaround: Restart the machine, and, prior to preboot, use the double-shift menu to disable USB hardware support. This issue has been resolved in this release.

5989 PPBE – not able to use USB keyboard/mouse.

On some machines with USB Smart Card enabled, it is not possible to use USB keyboard or mouse in Pointsec PBE. This issue has been resolved in this release.

5730 No Help on Help toolbar.

The Help option has been removed from the menu bar in PCMC. This issue has been resolved in this release.

5226 eToken driver inhibits the functioning of all other installed smart card

Installing the eToken driver inhibits the functioning of all other smart card drivers and smart card reader drivers. Work around: Uninstall the eToken drivers to be



ID About Details drivers and smart card reader drivers.

able to use any of the other installed drivers. This issue has been resolved

5232 Keyboard locks on a Hewlett Packard/Compaq Evo N800c PC when using a USB mouse.

If you use a USB mouse on a Hewlett Packard/Compaq Evo N800c PC, moving the mouse in the preboot logon dialog will lock the keyboard. Workaround: Disable mouse support in the EXC menu. This issue has been resolved in this release.

4471 and 4472

Aladdin eTokens. When registering an eToken, and selecting a certificate, select “eToken user” under “Issued to”. Do not select anything under “Issued to” whose location is “Personal store”.

Changes and Corrections in 6.1.0 ID About Details 5678 Authenticate to

PCMC Authenticate to PCMC with a nonexistent user account may crash the PC with a blue screen. This issue has been resolved.

5601 Behavior of the “Allow Embedded Space Characters” setting in preboot.

In preboot, the “Allow Embedded Space Characters” setting takes on the opposite value from that set in PCMC. So if “Allow Embedded Space Characters” is enabled in the PCMC, embedded space characters are not allowed in passwords in preboot; if “Allow Embedded Space Characters” is disabled in the PCMC, embedded space characters are allowed in passwords in preboot. The “Allow Embedded Space Characters” setting is found under Group/Account Settings Authentication Settings Fixed Password. This issue has been resolved.

5596 Log entries in Windows (PCMC) are time stamped with GMT time.

Events logged in Windows, PCMC events, are time stamped with Greenwich Mean Time (GMT) regardless of which time zone you are in. However, events from preboot are stamped with the BIOS date and time, which is usually the local time. This issue has been resolved.

5520 In certain cases, a mixed case password is required for authentication.

If you select “User Accounts” in the folder tree under Local, the existing user accounts are displayed in the right-hand pane of the Local window. If you right click a user account in that pane and select “Name and Authentication” to change the password of that user account, you must enter a password that contains both upper- and lower-case letters for the password to be accepted. If you enter a password that contains



ID About Details only upper or only lower case letters, the “Invalid Password” text will always be displayed, and you will not be able to select “Next”. This issue has been resolved.

5468 Must specify which volumes to protect when using an installation profile based on local settings.

When you create an installation profile that is based on local settings, you must specify which volumes you want to be protected. If you do not specify which volumes are to be protected, the installation will fail. This issue has been resolved.

5457 Limitations in Pointsec for PC’s interoperability with earlier versions of PME.

PME 2.3.x must be installed before Pointsec for PC is installed. If you attempt to install PME after Pointsec for PC has been installed, the installation of PME will fail. This issue has been resolved.

5448 Need to disable “Allow Special Characters” setting for Group in order to disable “Allow Special Characters” for existing user accounts.

To disable the “Allow Special Characters” setting for an existing user account, this setting must be disabled for the Group the existing user account belongs to. Disabling the “Allow Special Characters” setting for individual existing user accounts at the User Account level currently does not work; it must be disabled at the Group level. This issue has been resolved.

5396 Limitation when using Add/Remove Programs to remove Pointsec for PC and authenticating with a dynamic token.

When uninstalling Pointsec for PC using Windows Add/Remove Programs, authentication of the second user account required for installing fails if the user account verifies using a dynamic token. Work around: Use PCMC to redefine the second user account as a fixed password account and then proceed to uninstall using Add/Remove Programs Another solution is to uninstall using an uninstall profile that contains two dynamic token user accounts. This issue has been resolved.

5386 Autologon can be inadvertently disabled.

On a machine with autologon enabled, each successful logon to the PCMC disables autologon on that machine. Workaround: While in PCMC, go to Local, select “Edit Settings” (make sure autologon is in fact enabled) and click OK. Autologon will then be re-enabled. But if someone logs on after setting Autologon to enabled, autologon will again be disabled; and then the setting must be enabled again. This issue has been resolved.

5254 EncryptionState remains “1”

The value of EncryptionState remains “1” in spite of the fact that encryption has completed



ID About Details despite successful encryption.

successfully. After encryption completes successfully, the value should be set to “2”. The values that EncryptionState can have are: 0 = Unencrypted 1 = Encrypting 2 = Encryption completed That the value is never set to “2” is an error. Work around: examine the central log file or the local event viewer to check the status of the encryption. This issue has been resolved.

4978 Fatal error occurs during recovery when screen saver is activated.

A fatal error occurs after recovery when screen saver is activated in Windows. Removal through Add/Remove programs should be performed after deactivating the screen saver or before the screensaver activates. This issue has been resolved.

4859 Copy/paste does not work when creating a new account

Pasting via mouse and keyboard is not currently supported in password fields. This issue has been resolved.

4835 Not possible to use remote help when uninstalling via adding/remove programs.

Release 6.0.1 of Pointsec for PC does not support the use of remote help when uninstalling via adding/remove programs. This issue has been resolved.

4687 Windows icon assigned to silent installation profiles in Windows Explorer.

Pointsec for PC does not set an icon for profiles when they are viewed in a file explorer. Note, however, that if you view your profiles in Windows Explorer, Windows assigns silent installation profiles the icon and file type for Internet Communication Settings. Interactive installation profiles, update profiles, and uninstall profiles are not assigned this icon and file type. This issue has been resolved.

4683 No warning when folders are not created.

When you are creating a profile and you specify the Storage path and the Publish paths that do not exist on the client, no warning is given that these folders are not created. This issue has been resolved.

4420 Limitation to disabling log transfer.

The logs in Pointsec are transferred to the windows Event viewer, but the possibility to disable the log transfer (by choosing 0 in the precheck.txt) before installing PS malfunctions. This issue has been resolved.

4316 Difficulties recovering selected volumes

It can be difficult to identify volumes when you run the Recovery program because the volumes are called, for example,



ID About Details when running the Recovery program

"VOL_E034D92369D9F2FE". Work around: recover all volumes rather than selected volumes. This issue has been resolved.

4294 Unable to change banner in Installshield dialogs

Minor malfunctioning in OEMVar feature. 1) Create the "OEMVar" folder in the root of the PS installation folder. Replace "Banner.bmp", "Lic_oem.rtf" and "Ssbg.bmp". 2) Add the files "Banner.jpg", "Desktop.jpg" and "Scrsvr.jpg" to the root of the PS installation folder. 3) Install PS. The first dialogs of the installation are shown correctly; in this case the banner and the license agreement are replaced by the customized ones. But the original Pointsec banner is redisplayed in the last MSI-installation dialog window. This issue has been resolved.


• Enhanced PPBE hardware interface, which now supports OHCI for MFAE Readers. • Support for multiple hard disks. • A new type of user account has been added, the Service user account. Service user

accounts must use Remote Help to gain access to the system the first time. After access is granted via Remote Help, the service user can reboot the system and log on without requiring Remote Help. When another user logs on, the service user account is locked, and the service user will need Remote Help to log on again.

• A new log export utility pslogexp.exe is now available. • Context-sensitive print functionality for PCMC tree node. This allows a user to right

click a node and print the information in that node and the sub-nodes under that node. Clicking Print will print all nodes and sub-nodes and their information.

• Under Local, the Pointsec for PC Management Console (PCMC) provides dynamic status and configuration information, which includes: the encryption status by drive and volume, the user status of local users (Locked Out / OK, Last Successful Authentication, Last Failed Authentication, User Type, and Limited Logon Time status: OFF / ON & Time), Wake On LAN (WOL) status, last configuration update, last Update Profile processed, last recovery file created, last successful delivery of a recovery file, last update of the log file, and the last successful delivery of the log file.

• Pointsec for PC Preboot Environment now provides the ability for loadable modules using USB bus interface to access their readers. This ability ensures the interoperability with UHCI and OHCI controllers on the range of commercially available PC Class hardware.

• Users can now change credentials (password, dynamic token, and smart card) in the Pointsec tray applet.



• Extensive log export functionality that enables log content to be exported in the following formats that support import into other management and data systems: Comma Separated Values (CSV), Tab Separated Values (TSV or TXT), or XML. This includes logs from Local Settings, or from a configuration set. Export can be done on the basis of selectable criteria.

• The Pointsec for PC installation program installs Pointsec Token Drivers and Reader Drivers in the target Pointsec for PC machine.

• User accounts can be locked in Local settings and profiles via the PCMC. • User-account information is displayed by selecting the user account icon in the tree. • Support for Novell Netware single sign on. • Support for Novell Netware password synchronization. • A new user account setting: minimum password age. If set, minimum password age

specifies the minimum number of days the password must exist before being changed.

• Multi-step authentication for the unlocking of recovery files. This enables the different administrators to be in different locations and still unlock a recovery file.

• After each boot operation Pointsec for PC provides a dump of important information about the Pointsec for PC installation and status to the Pointsec for PC log. This information is useful to support organizations that want detailed system status data without direct access to the device but with updated log files available. The information dump includes the following items: software version, host ID (computer ID), volume status (encrypt/decrypt state), groups, and users with respect to their groups, including user status (for example, LOCKED, EXPIRED, TempUser).

• Improved log entries, for example, encrypt/decrypt processes are logged including drive, volume, and encryption/decryption status.

• Pointsec for PC log entries include information about changes to the configuration and changes to local settings and to profiles. The information indicates what was changed and who changed it.

• Pointsec for PC log now includes information regarding the execution, and success or failure, of the update profile execution operations that have been performed.

• Pointsec for PC log includes information about Remote Help operations indicating what was done and who executed it. Each entry combination has its own Log Entry ID to differentiate between the type of Remote Help provided (One-Time Logon or Remote Password Change) and its success or failure.

• Pointsec for PC log includes information regarding the execution and success or failure of upgrade operations performed.

• Pointsec for PC log includes information regarding the execution and success or failure of update operations that have been performed.

• Pointsec branding is retained (with an “Encrypted by Pointsec” icon) in OEMVAR and customer configuration.

• Pointsec for PC Remote Help now supports alphanumeric challenge and response.

Changes and Corrections in 6.0.1 ID About Details 5167 Permissions

required when creating recovery floppy disk

To create the recovery floppy disk, users must have both "Create recovery media" and "uninstall" permissions.

5115 “Full Control”

The following is the scenario: an uninstall profile is deployed to a client PC to uninstall Pointsec for PC 6.0



ID About Details required when uninstalling as a Windows Restricted User account.

EW. The user is logged on in Windows (on the client) as a Windows Restricted User. The uninstall profile is pulled as it should be, and the user receives the "standard" message that the PC has been decrypted and a reboot is required to continue the uninstallation. The PC is rebooted and, immediately after logging on to Windows again, the following error message is issued: “Assertion “len” failed:…” A few seconds after clicking "OK" a fatal error occurs. Work around: Before uninstallation, give the Windows Restricted User account "Full control" to the following Windows registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Note that running the Pointsec Service Start as a local administrator will not solve the problem.

5089 Wake on LAN not disabled following manual logon.

Wake on LAN is enabled as long as the maximum number of logons or the expiration date has not been reached.

New in 6.0.1 • Improved localization: translations into more than 20 languages are available in this

release, and keyboard layout switching allows a larger range of characters to be input during pre-boot authentication.

• The Pointsec multi-factor authentication engine enables pre-boot authentication via smart cards and USB tokens.

• General availability of hibernation for all supported operating systems and hard disk types.

• A new user account architecture. Accounts are organized into groups that can be managed freely by administrators. Pointsec for PC ensures that an individual user account setting does not violate the security policies mandated by the group that it belongs to.

• A new PC Management Console (PCMC) for configuration and administration tasks. This console provides a structured view of the configuration in an interface that is consistent with the Microsoft Management Console look and feel. The new solution is expected to significantly reduce the learning time for administrators who are accustomed to the Microsoft management model.

• A 32-bit pre-boot environment. The move to a 32-bit environment facilitates mouse support, high-fidelity graphics, support for multiple display and input languages, and the multi-factor authentication engine described above.

• Support for Unicode characters in user account names and passwords.

Changes and Corrections in 6.0.0 ID About Details 5177 Users

without proper permission can remove user

User accounts without the P4PC 6.0 EW privileged permission "Remove User Accounts" are allowed to remove user accounts. This occurs if you set this permission on group or user level in PCMC.



ID About Details accounts.

5167 Permissions required when creating recovery floppy disk

To create the recovery floppy disk, users must have both "Create recovery media" and "uninstall" permissions.

5115 “Full Control” required when uninstalling as a Windows Restricted User account.

The following is the problem scenario: an uninstall profile is deployed to a client PC to uninstall Pointsec for PC 6.0 EW. The user is logged on in Windows (on the client) as a Windows Restricted User. The uninstall profile is pulled as it should be, and the user receives the "standard" message that the PC has been decrypted and a reboot is required to continue the uninstallation. The PC is rebooted and, immediately after logging on to Windows again, the following error message is issued: “Assertion “len” failed:…” A few seconds after clicking "OK" a fatal error occurs. Work around: Before uninstallation, give the Windows Restricted User account "Full control" to the following Windows registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Note that running the Pointsec Service Start as a local administrator will not solve the problem.

5094 Pointsec driver errors formatted incorrectly in Event viewer

Driver errors are listed in the Event viewer. The errors come in pairs in the log. These log events are normal, but they are formatted incorrectly.

5089 Wake on LAN not disabled following manual logon.

Wake on LAN is enabled as long as the maximum number of logons or the expiration date has not been reached.

4978 Fatal error occurs during recovery when screen saver is activated.

A fatal error occurs after recovery when screen saver is activated in Windows. Removal through Add/Remove programs should be performed after deactivating the screen saver or before the screensaver activates.

4316 and 4298

Difficulties recovering selected volumes when running the Recovery

It can be difficult to identify volumes when you run the Recovery program because the volumes are called, for example, "VOL_E034D92369D9F2FE". Similarly, if you lose mouse functionality when running the recovery program individual volumes cannot be selected. Work around: recover all volumes rather than selected volumes.




ID About Details program

New in 6.0.0 • A new PC Management Console (PCMC) for configuration and administration tasks.

This console not only looks fresher than our existing console, it is organized around the Microsoft Management Console look and feel so any administrator who is used to operating in a Microsoft admin environment will be able to quickly get up the learning curve on Pointsec.

• An advanced pre-boot graphics environment. Significant improvements have been made here in the form of mouse support, improved graphics that you will see in startup and login screens, and multi-language support that streamlines our ability to localize the product for different countries around the world. The product will support many more languages out-of-the-box.

• Support for Unicode characters in user account names and passwords. Characters on Pointsec for PC-supported keyboard layouts broaden the range of characters that can be used in user account names and passwords. See the Administrator’s Guide for details on the keyboards (locale codes) that are supported.

Pointsec for PC EW...PC. • The way Pointsec PC groups and user account groups inherit the values...

Documents

Transcript of Pointsec for PC EW...PC. • The way Pointsec PC groups and user account groups inherit the values...