Dell Encryption Personal Technical Advisories v11.1 August 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2021 Dell Inc. All rights reserved.
Contents Chapter 1: Technical Advisories..................................................................................................... 6 Contact Dell ProSupport....................................................................................................................................................6 New Features and Functionality v11.1.............................................................................................................................
Technical Advisories v10.1............................................................................................................................................... 24 New Features and Functionality v10.0.1...................................................................................................................... 24 Resolved Technical Advisories v10.0.1.........................................................................................................................
Technical Advisories v8.6................................................................................................................................................ 47 Resolved Technical Advisories v8.5.1........................................................................................................................... 48 Resolved Technical Advisories v8.5..............................................................................................................................
1 Technical Advisories To ensure the security of your confidential data, Encryption Personal encrypts the data on your Microsoft Windows computer. You (or authorized users) can always access the data when logged into the computer, but unauthorized users will not have access to this protected data. Data always remains encrypted on the drive, but because our encryption is designed to be transparent to you, there is no need to change the way you work with applications and data.
Pre-boot Authentication v11.1 ● No technical advisories exist. SED Manager v11.1 ● No technical advisories exist. Technical Advisories v11.1 Encryption v11.1 ● The following error may display if you inspect a policy that exceeds nine KB of data: Invalid Value for 100 [DDPSUS-2980] ● When opening the Advanced pane in the Local Management Console, if the Encryption Management Password is entered incorrectly, the resulting error message displays multiple times.
Resolved Security Advisories v11.0 ● The Encryption Personal signing certificate is updated. Resolved Technical Advisories v11.0 Encryption v11.0 ● External Media Encryption's installation description is updated to clarify functionality of the product. [DDPC-12367, DDPC-12368] ● Copyrights are updated. [DDPC-12378] ● With a global shift to inclusive language, several terms and expressions have been updated. [DDPC-12398] Pre-boot Authentication v11.0 ● No technical advisories exist. SED Manager v11.
Resolved Security Advisories v10.10 ● The Encryption Personal signing certificate is updated. Resolved Technical Advisories v10.10 Encryption v10.10 ● The decryption agent now properly decrypts Cloud-based files regardless of hydration status. [DDPC-11556, DDPSUS-2895] ● The Encryption External Media service now starts as expected on computers that do not have Dell Encryption installed. [DDPC-12101, DDPC-12196] ● An issue resulting in double-encrypted files with superseding file versions is resolved.
Resolved Technical Advisories v10.9 Encryption v10.9 ● If a duplicate user attempts to activate with Deferred Activation, the following message displays: Activation Failed & the user is already activated on this computer. [DDPC-7456] ● An issue resulting in a memory leak due to file name length is resolved. [DDPC-7569] ● Encryption Personal logs now display the correct product name.
Pre-boot Authentication v10.9 ● No technical advisories exist. SED Manager v10.9 ● No technical advisories exist. New Features and Functionality v10.8 ● ● ● ● ● The The The The The DiagnosticInfo utility is now installed when the Encryption Management agent is installed. DiagnosticInfo utility now queries additional registry entries. master installer's detection of UEFI and Legacy boot modes is improved. Dell Encryption WinPE recovery environment verbiage is updated for Self-Encrypting Drives .
● Dell has released additional fixes for an improper access control vulnerability in Encryption Personal (CVE-2020-5358). See the Dell Security Advisory (DSA-2020-113) at https://www.dell.com/support/security/ for affected products, versions, and additional information. [DDPC-11877] Resolved Technical Advisories v10.8 Encryption v10.8 ● ● ● ● ● Custom Support Dialog is now properly consumed against a Security Server with nondefault ports when set.
New Features and Functionality v10.7 ● ● ● ● ● Encryption Personal is now supported with Windows 10 v2004 (May 2020 Update/20H1). Encryption Personal now can locate and escrow encryption keys to mapped network drives. The Dell DiagnosticInfo utility logging is improved. Boot order logging is improved. A new RAID controller driver is added to the Dell Encryption Recovery WinPE environment. This enables recovery of disks in newer platforms configured in RAID ON mode.
○ ○ ○ ○ ○ ○ ○ ○ ○ Latitude 9410 2-in-1 OptiPlex 5480 All-in-One OptiPlex 7480 All-in-One OptiPlex 7780 All-in-One Precision 3440 Precision 3551 Precision 7550 Precision 7750 XPS 15 9500 Resolved Technical Advisories v10.7 Encryption v10.7 ● Dell Encryption files are now properly cleaned up during uninstallation. [DDPC-866, DDPC-2548, DDPC-11094, DDPC-11497] ● A rare issue resulting in the DiagnosticInfo utility failing to generate a temporary directory for data collection before packaging is resolved.
● An issue resulting in the Dell Credential provider resetting the password field as a user attempts to log in after logging off or unlocking the computer is resolved. [DDPC-11826, DDPSUS-2739] Technical Advisories v10.7 Encryption v10.7 ● Dell Encryption cannot be upgraded to v10.7.0 from versions earlier than v8.16.0. Endpoints running versions prior to v8.16.0 must upgrade to v8.16.0 then upgrade to v10.7.0 .
Pre-boot Authentication v10.6 ● Smart cards leveraging compressed certificates now function as expected. [DDPC-11769] SED Manager v10.6 ● An issue resulting in domain-added users failing to authenticate when a third-party credential provider is in use after an administrator invoked password change is resolved. [DDPC-11654, DDPSUS-2506, DDPSUS-2695] ● An issue resulting in computers starting up automatically after hibernating or shutting down is resolved. [DDPC-11751] Technical Advisories v10.
Resolved Technical Advisories v10.5 Encryption v10.5 ● An issue resulting in corrupted files created by Notepad++ and Onenote is resolved. [DDPC-11440, DDPSUS-2385, DDPSUS-2642] ● An issue resulting in files not encrypting after a change in encryption algorithm is resolved. [DDPC-11460] ● A rare occurrence resulting in the Change Password option to not display at Windows login is resolved.
● SED Manager now supports the following platforms: ○ Latitude 5403 ○ Precision 5540 ○ Precision 7540 ○ Precision 7740 ○ XPS 7390 ○ XPS 7390 2-in-1 ○ XPS 7590 Resolved Technical Advisories v10.4 Encryption v10.4 ● LSARecovery files generated by Encryption Personal are now compatible with a 32-bit or 64-bit WinPE. [DDPC-1116] ● The master uninstaller now removes all files and folders as expected.
● Challenge/Response Recovery now functions as expected in UEFI boot mode. [DDPC-10815] ● An issue resulting in duplicate DHCP requests in the Pre-Boot Authentication environment is resolved. This fix reduces boot time. [DDPC-11366] SED Manager v10.4 ● An issue resulting in smartcard login being unavailable for devices protected by SED Manager after resuming from sleep is resolved. [DDPC-8284] Technical Advisories v10.4 Encryption v10.
New Features and Functionality v10.3 ● Pre-boot Authentication now supports block SID features. ● Dell Encryption now supports Micron 1300 self-encrypting drives. ● Dell Encryption now supports the following platforms: ○ Latitude 5300 ○ Latitude 5500 ○ Latitude 7200 2-in-1 ○ Latitude 7400 ○ Latitude 7400 2-in-1 Resolved Technical Advisories v10.3 Encryption v10.3 ● An issue resulting in failed user activation when a smart card is in use with Policy Based Encryption is resolved.
SED Management v10.3 ● Dell Encryption now allows registry-based overrides to prevent disabling third-party credential providers after the Pre-boot Authentication environment is enabled. To prevent Dell Encryption from disabling third-party credential providers, create the following registry key: HKLM\SOFTWARE\Dell\Dell Data Protection\ "AllowOtherCredProviders" = DWORD:1 0=Disabled (default) 1=Enabled [DDPC-10542, DDPSUS-2410, DDPSUS-2412, DDPSUS-2506] Technical Advisories v10.3 Encryption v10.
Technical Advisories v10.2.1 Encryption ● No technical advisories exist. Pre-boot Authentication v10.2.1 ● No technical advisories exist. SED Management v10.2.1 ● No technical advisories exist. New Features and Functionality v10.2 ● Following Windows 10 feature upgrade, a restart is required to finalize Dell Encryption. The following message displays in the notification area after Windows 10 feature upgrades: Resolved Technical Advisories v10.2 Encryption v10.
Pre-boot Authentication v10.2 ● An issue that resulted in a parity error after activating pre-boot authentication with Dell Encryption installed on a Latitude 7404, Latitude 7204, or a Latitude 5404 Rugged computer in Legacy boot mode is resolved. [DDPC-9493, DDPC-10748, DDPSUS-2225] ● The K13A Rugged dock (only compatible with Rugged computers) no longer requires the an open lid to display on external monitors. [DDPC-10093] ● Recovery question user experience is improved.
● Local users can now activate with Dell Encryption installed with Opt-in mode on a computer running Windows April 2018 update and not joined to a domain. [DDPC-9377, DDPSUS-2365, DDPSUS-2387, ] ● The PBA Recovery Question authentication works as expected. [DDPC-9671] ● When child installers fail to install successfully, Dell Encryption will also fail to install and will log these errors. [DDPC-10110, DDPSUS-2379] ● LastSyncTime in the report results for Device Detail is now working as expected.
● The installation of Dell Encryption on a domain controller no longer changes the local machine policies set in the "Default Domain Policy" Group Policy Object. Dell Authentication can handle logging in with no password set when a 0 password length policy is enabled. For more information, see https://www.dell.com/support/article/us/en/19/sln313561/dell-encryption-enterprise-and-dellendpoint-security-suite-enterprise-security-bulletin-082018?lang=en . [DDPSUS-2364] Technical Advisories v10.0.
Preboot Authentication ● The mouse now works during the PBA login screen on a Precision M4800 and Latitude 5290 computer with Windows 10 installed in UEFI mode and PBA enabled. [DDPC-6978, DDPC-7032, DDPC-8841] ● The mobile keyboard and touchpad work as expected during the PBA login screen on a Latitude 5290 2-in-1 machine with Windows 10 installed in UEFI mode and PBA enabled.
SED Management v10.0 ● No technical advisories exist. New Features and Functionality v8.18 ● Encryption Client and SED Management is now supported with Windows 10 April 2018 Update (Redstone 4 release). ● The Windows 10 update process and compatibility with Windows Defender are improved when System Data Encryption is enabled . The encryption client can now identify and encrypt user files without the need to hardcode exclusion of system-generated files when System Data Encryption is enabled.
SED Management ● An error message no longer displays during an upgrade of Digital Persona's Auth when the Dell Data Security Console is also open during the upgrade. [DDPC-7836] ● Oberthur chip only smart card ID-One COSMO V7.0 works as expected on a UEFI copmuter. [DDPC-7985] ● Smart card readers are now detected on legacy machines. [DDPC-8030] Technical Advisories v8.18 Encryption ● Dell Encryption logs do not specify if insufficient disk storage caused installation failure.
SED Management v8.18 ● When a NVME is used as a data drive with a standard 2.5" Self Encrypting Drive, a "Device Locked" message will display on the PBA screen. [DDPC-9256] New Features and Functionality v8.17.2 ● SED Manager includes a security update addressing the Spectre and Meltdown vulnerabilities CVE-2017-5754. Customers and field teams should take v8.17.2 and all sustaining releases as a best practice. Resolved Technical Advisories v8.17.
Preboot Authentication ● No technical advisories. SED Management v8.17.2 ● No technical advisories. New Features and Functionality v8.17.1 ● There are no new features for Personal Edition v8.17.1. Resolved Technical Advisories v8.17.1 Encryption ● Italian translations have been corrected for the Home/Advanced tab names.
New Features and Functionality v8.17 ● The Encryption client is now supported with Windows 10 Fall Creators Update (Redstone 3 release). Upgrades to Fall Creators Update are now supported. ● The Preboot Authentication is now supported with Windows 10 Fall Creators Update (Redstone 3 release). Upgrades to Fall Creators Update are now supported.
Preboot Authentication v8.16.1 ● Upgrade from Windows 7 to Windows 10 Fall Creators Update (Redstone 3 release) is supported according to Microsoft's supported upgrade paths. For more information, seehttps://docs.microsoft.com/en-us/windows/deployment/upgrade/ windows-10-upgrade-paths SED Management v8.16.1 ● Upgrade from Windows 7 to Windows 10 Fall Creators Update (Redstone 3 release) is supported according to Microsoft's supported upgrade paths. For more information, seehttps://docs.microsoft.
Technical Advisories Dell Encryption v8.16 ● Added 11/2018 - When attempting to uninstall Dell Encryption Personal with the Dell Data Security Uninstaller, ensure that the LSARecovery executable being used for the uninstall is stored locally. If the LSARecovery being used for the uninstall is stored on a network share, an error may be seen, which causes the uninstall to fail. [DDPC-7535] PBA Advanced Authentication v8.
● The Encrypt for Sharing dialog no longer continues to display after the user locks the Dell Latitude 5289. [DDPC-5719] Resolved Customer Issues ● An issue is resolved that resulted in unresponsiveness of the computer following hibernation. [DDPC-1475] ● An issue is resolved that caused the computer to become unresponsive, followed by a Windows bugcheck. [DDPC-2349, DDPC-3284] ● Two issues are resolved that led to errors in applications that were running during an encryption sweep.
● Users can now access ProSupport contact information from the About screen in DDP Console and through the About option from the system tray icon. Resolved Technical Advisories v8.13 Encryption ● An issue is resolved that occasionally resulted in access denial errors for SDE-encrypted files stored in the \users folder. [DDPC-3170] ● An activation issue with Kaspersky Small Office Security installed is resolved after upgrade to the latest version of Kaspersky.
● An executable file cannot be run a second time from EMS Explorer if the user runs the file but then cancels the operation at the prompt after entering the EMS password. To work around this issue, close then reopen EMS Explorer and run the file. [DDPC-5781] ● On some computers, Microsoft KB4015219 may fail to install. [DDPC-5789] Preboot Authentication v8.13 ● Amended 8/2017 - Preboot Authentication fails with some docking stations and adapters.
● The Secure Windows Hibernation File and Prevent Unsecured Hibernation policies are now enforced after upgrade. [DDPC-4786] ● The WSScan Unencrypted file in Violation option now initiates a sweep of unencrypted files as expected, without the files having to be selected or accessed. [DDPC-4790] ● An issue is resolved that resulted in Windows Update failures with Office and Windows 10 feature updates.
Technical Advisories v8.11 Encryption ● Cumulative encryption exclusions are now automatically applied when the Encryption client is upgraded. This will require an encryption sweep for each user upgraded to v8.11 or later. However, subsequent updates will require a sweep only if the update includes new exclusions. [DDPC-1334, DDPC-5138] ● Activation fails after attempting to roll back an External Media Edition upgrade.
Technical Advisories v8.10.1 Encryption ● When migrating from one edition of Windows to a different edition during a Windows 10 upgrade, the Encryption client is not migrated. The same issue occurs if either the option to keep only personal files or to keep nothing is selected during a Windows 10 upgrade. To resolve this issue, reinstall the Encryption client after upgrade. [DDPC-4191] ● Direct upgrade from v8.5.1 and earlier on 32-bit operating systems is not supported.
● Occasionally after the computer hibernates or restarts, enrolled fingerprints must be re-enrolled. [DDPC-2812] Technical Advisories v8.10 Encryption ● Standard practice is that the master installer version is the same version number as the Encryption client installer. However, in this release, the master installer is v8.10 and the Encryption installer is v8.9.3. Versions will be aligned in the future, to avoid confusion.
● After upgrade from Security Tools v1.3.1, the computer shuts down normally. [DDPC-1606] ● Processes related with pop-up notifications during the encryption sweep have been streamlined, reducing CPU usage. [DDPC-2115] ● Decryption with the Encryption Removal Agent at uninstallation now succeeds. Previously, in a few cases, decryption began but did not finish sweeping the entire volume. [DDPSUS-751] ● An issue that caused multiple reboots during installation or upgrade on some computers is resolved.
Preboot Authentication ● Upgrade from v8.1 and later with PBA activated succeeds. [DDPLP-397] Technical Advisories v8.9 All Products ● On computers running both the Windows 10 Fall Update and Kaspersky Anti-Virus, installation is blocked. [CSF-1223] Encryption ● The Setup Wizard does not automatically launch on computers running Kaspersky Antivirus.
Resolved Technical Advisories v8.7.1 Encryption ● With both VMware Mirage and Webroot running on Windows 7, the computer now starts normally. [DDPC-958] ● Access is now available to non-encrypted files that became inaccessible when encryption policy was changed or the file's directory was moved. [DDPC-977] ● An issue that led to occasional computer unresponsiveness when running Trend Micro and Office 365 is now resolved.
Drive Availability Standard Seagate ST320LT014 (Julius 320GB) ✓ Opal 1 Seagate ST500LM001 (Kahuna 500GB) ✓ Opal 2/eDrive Seagate ST1000LM015 (Kahuna 1000GB) ✓ Opal 2/eDrive Seagate ST500LM023 (Yarra X) ✓ Opal 2/eDrive Seagate ST500LT025 (Yarra R) ✓ Opal 2/eDrive Seagate ST500LT033 (Asagana) ✓ Opal 2/eDrive Seagate ST1000DM004 (Desktop 3.5-inch 1000GB) X Opal 2/eDrive Seagate ST1000DM004 (Desktop 3.5-inch 2000GB) X Opal 2/eDrive Seagate ST1000DM004 (Desktop 3.
● When the EMS Access Code Failure Action policy is set to Apply Cooldown, the cooldown is not applied. To work around this issue, after the allowed number of password attempts, the user must manually authenticate to the device. For more information, see "EMS Authentication Failure" in AdminHelp, accessible from the Remote Management Console. [DDPMTR-1859] ● If EMS Service (without the full version of the Shield) is installed, uninstall it prior to installing Enterprise Edition.
Preboot Authentication ● On Windows 10, the issue that occasionally resulted in a blue screen when resuming from sleep on a computer with a SED installed and PBA activated has been resolved. [CSF-363] ● The issue that resulted in unnecessary reboots after the "DellMgmtAgent" service starts is resolved. [CSF-523, CSF-541] New Features and Functionality v8.6 ● Personal Edition now provides beta support of Windows 10 Technical Preview.
Technical Advisories v8.6 Encryption ● Added 09/2015 - In order to add new features, functionality, and the newest operating systems, Personal Edition will support Windows XP through Shield version 8.5. ● Added 08/2015 - If Microsoft TPM Base Services is improperly installed, the following functionality is affected: HCA provisioning, fingerprint enrollment in the DDP Console/Security Console, and BitLocker Manager operation.
[CSF-349] ● When running Windows 10 on Dell Latitude E7250 or E7450, when the computer resumes from sleep, hibernation, warm boot, or cold boot, the user may be unable to authenticate with an enrolled contactless smart card. To work around this issue, change the policy to require only password authentication. The user should log on and re-enroll the contactless smart card. After re-enrollment, the user will be able to log on with the contactless smart card.
● ● ● ● ● DellMgmtAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion." [CSF-116] Encryption statistics now properly display in the Security Tools Console. [CSF-121] The issue of “Security Tools - Setup” being incorrectly translated in Chinese to “Security Tools - Installation” has been resolved.
Resolved Technical Advisories v8.4.1 Encryption ● The DDP installation process now proceeds normally on laptops connected to a power source, even if the battery charge falls below 10 percent. [27974/DDPC-56] ● Previously, when using Dell Digital Delivery, installation could fail based on the order of installation of Security Tools or the DDP master installer. Logic has been added to correct this issue. [28070, MMW-293] ● A few previously unlocalized master installer screens are now localized.
● After successfully authenticating to the Preboot Authentication environment, the computer will not complete Single Sign-on. Instead, the computer halts at the Windows Logon screen for another user. Microsoft Windows 8.1 defaults to the Logon screen for the previously authenticated user. To complete logon, return to the User Tiles screen by selecting the back arrow in the top right of the screen and then selecting the correct user tile for the user authenticated in the PBA.
● Upgrade failures related to a USH fingerprint sensor configuration file error have been resolved. [28845] ● Attended enrollment is no longer needed when the Authentication Policy is set to Fingerprints + Contactless Smart Cards. [28873] Technical Advisories v8.3.2 Encryption ● Local options to manage the secondary drive are unavailable in the Dell Data Protection | Encryption console until after a policy change on that drive is applied and the computer is re-booted.
Resolved Technical Advisories v8.3.1 Encryption ● Enhancements have been made to improve Shield stability and performance. Additionally, improvements have been made around memory allocation and CPU usage during file encrypt and decrypt operations. [28376, 28377, 28547, 28672, 28721, 28733, 28737, 28815, 28836, 28849, 28943] ● SDE key load and unlock failures after installing Microsoft Windows Management Framework 3.0 (KB2506143) have been resolved.
● Previously, after full HCA encryption and then hibernating, the computer would fail to retain the system state after returning from hibernation. This issue has been resolved. [28738] -----------End of Revision ● During an encryption sweep, the user can now pause encryption from the tray icon rather than having to launch the local console. [26785] ● An encryption sweep triggered by a policy update or encryption sweep request no longer times out when encrypting files larger than 4 GB.
● During a command line uninstall, the installer will not download the encryption keys for the computer unless Silent mode is specified using the parameter CMGSILENTMODE=1. To work around this issue, specify CMGSILENTMODE=1 in the command. [27979] ● All registry keys and installation files are not removed after uninstallation. [28219] ● After uninstallation, logon with cached credentials occasionally fails when the computer is not connected to the network.
problem can be resolved by applying a combination of policies that restrict access to USB external media by setting Windows Portable Device and External Storage Device class policy to Read Only. This policy combination allows the Broadcom USH hardware to function properly but prevents data from being transferred from the computer to external media such as USB flash drives and smart phones.
Uninstall Security Tools Authentication [28791] Cloud Edition ● ● ● ● Pop-up windows that alert the user to reboot or to run an update should persist but do not. [DDPCE-39, DDPCE-40] When creating a folder in the Dropbox client, the user is unable to assign a name to the new folder. [DDPCE-74] Occasionally, slow performance is observed when listing files through a managed browser section.
Technical Advisories v8.2 Advanced Authentication ● If the "Interactive logon: Smart card removal behavior" Group Policy Object is configured to lock or force log off when a smart card is removed, the computer will be locked or the user will be logged off during Dell Data Protection | Encryption installation, because smart card reader drivers are updated during Dell Data Protection | Encryption installation.
● If an SDE encrypted file is moved (not copied) to a Common or User encrypted folder, the Shield now properly applies the Common or User encryption policy, rather than remaining SDE encrypted. [27752] Advanced Authentication ● The Tab key can now be used to navigate through the recovery questions in the Security Console. [26974] ● When using Password Manager, the default values in the Live.com/Hotmail.com credential fields are now correct.
Cloud Edition ● The issue of Cloud Edition creating extra folders in the cloud when a folder is created locally is resolved. [26048] ● When using Box, the issue of Cloud Edition adding multiple help files up to the cloud is resolved. [26048] ● The issue of several commas being added to the networkprovider registry key upon uninstallation and reinstallation of Cloud Edition is resolved. [26053] ● When uploading or downloading a file through the browser, the "1. How to Access Secure Files...
● The "Open" command from the EMS Explorer right-click menu has been removed. [24040] ● File corruption issues related to an Intel update to the CPU IPP libraries no longer occur. [24086] ● Changes were made to the SDE key unlock mechanism to accommodate processors that reflect battery life in CPU ID. [24195] ● Improvements have been made to timing issues related to start up that resulted in blue screens. These issues occurred rarely, but were serious in nature.
● When the Hardware Crypto Accelerator has used all of its lifecycles, the Shield erroneously asks the user for their Hardware Crypto Accelerator Password and Preboot Password. The message should notify the user that the computer does not have any remaining lifecycles and to contact their Administrator to get a replacement Hardware Crypto Accelerator. We expect this scenario to rarely occur.
2 Workarounds Before you begin, be aware of the following workarounds that have been identified during testing. ● Encrypted data must be backed up while its owner is logged in. If encrypted files are backed up to an unencrypted location, the result is an unencrypted backup. To work around this issue, back up encrypted data while its owner is logged in.
3 Software and Hardware Compatibility Personal Edition is tested with third-party software and hardware as needed. Dell reports problems found during testing to other vendors, where appropriate. Upgrade to the latest Windows 10 Feature Update ● To upgrade a computer running the Encryption client to the latest version of Windows 10 Feature Update, follow the instructions in the following article: http://www.dell.com/support/article/us/en/19/SLN298382.
McAfee Host Intrusion Detection ● When using the Shield and McAfee HID, McAfee HID may prevent the Encryption client from changing the registries and Services. To work around this issue, add the Encryption client to the McAfee HID trusted applications list. Webroot ● Webroot is not compatible with the Encryption client, with Webroot in its default installation. Webroot places several Encryption client files in quarantine, resulting in the client being unable to access the files for encryption/decryption.