Symantec Endpoint Encryption 11.3.1 Maintenance Pack 1 Release Notes

This topic includes the following sections:
What's new in this release
The Symantec Endpoint Encryption 11.3.1 Maintenance Pack 1 release includes new features, usability improvements, and fixes for various customer-reported issues. Details are as follows:
  • Extended support for the Login Attempts feature to the Drive Encryption Self-Recovery users on UEFI systems
    Administrators can also configure a maximum number of repeated login attempts and the duration of the lockout period for Drive Encryption Self-Recovery users on UEFI systems. To configure, administrators can use the
    Limit Login
    attempts
    option from the Password Authentication page of the Management Agent. Starting from this release, the
    Password Attempts
    section and the
    Limit password attempts
    options are renamed as
    Login Attempts
    and
    Limit Login attempts
    respectively. For more information, see Management Agent - Password Authentication and Using Drive Encryption Self-Recovery.
  • Restricted users from uninstalling the Symantec Endpoint Encryption client
    Starting from this release, administrators may configure the
    Allow Client Uninstallation for SYSTEM User only
    Advanced Settings option to allow only the SYSTEM user to uninstall the Symantec Endpoint Encryption client. For more information, see Management Agent - Advanced Settings.
  • Enhanced compatibility with Microsoft Windows cumulative updates (UEFI)
    Updated Symantec Endpoint Encryption to work correctly with the recent Microsoft Windows cumulative updates for Windows UEFI systems.
  • Updated the default settings of the BitLocker Encryption Method options
    Starting from this release, the default settings of the BitLocker
    Encryption Method options are updated as follows:
    • AES encryption strength is set to 256-bit
    • Encryption mode is set to XTS-AES
  •   Reorganized Symantec Endpoint Encryption Reports
    The Symantec Endpoint Encryption Reports are now grouped by the following Symantec Endpoint Encryption components:
    •   Management Agent Reports
    •   Drive Encryption Reports
    •   Removable Media Encryption Reports
    •   Management Server Reports
    •   Custom Reports
  • Renamed the Advanced Settings options
    For better usability, the Advanced Settings options are renamed as follows:
Previously known as
Renamed as
de.clientAdmin.adGroupName
Client Admin Privilege (AD User Group)
de.autoLogon.allowSystemUserManagement
Allow Autologon Management for SYSTEM User
de.autoLogon.pcrList
Platform Config Registers (PCR) Values
de.preboot.autoShutdownTimeout
Preboot Auto Shutdown Timeout
de.sso.allowWithHibernation
Allow SSO with Hibernation
ma.uninstall.adGroupName
Allow Client Uninstallation (AD User Group)
For more information, see Management Agent - Advanced Settings.
Fixed issues
The following issues have been fixed in this release of Symantec Endpoint Encryption 11.3.1 Maintenance Pack 1 (MP1):
  • [EPG-22101] When Symantec Endpoint Encryption users log in to their Windows account using their re-keyed smart card, users are now re-registered automatically.
  • [EPG-22718] On a Windows 10 computer encrypted with Symantec Endpoint Encryption, when the keyboard layout is set to Canadian French, the setting is now applied successfully.
  • [EPG-20316] The Symantec Endpoint Encryption Management Agent service no longer crashes when a GPO policy of a client computer gets corrupted.
  • [EPG-21941] If users experience file corruption issues while burning files using the Symantec Removable Media Encryption Burner Application, then administrators can use the
    Enable Alternate File Writing Method for CD/DVD Burner
    Advanced Settings option to resolve the issue. For more information on the Advanced Settings, see Management Agent - Advanced Settings.
  • [EPG-22024] The name of the release, which is displayed on the user interface of the following Symantec Endpoint Encryption components, now includes the release type, such as Hotfix (HF) and Maintenance Pack (MP), along with their version; for example, Symantec Endpoint Encryption Version 11.3.1 (Build 518 MP1):
    • Symantec Endpoint Encryption Management Agent Console
    • Symantec Endpoint Encryption Client Administrator Console
    • Drive Encryption Administrator Command Line (when the --version command is used)
Known issues
There are no known issues in this release of Symantec Endpoint Encryption 11.3.1 Maintenance Pack 1 (MP1). For information on the known issues of Symantec Endpoint Encryption 11.3.1, which are also applicable to this release, see the Known issues section in the Symantec Endpoint Encryption 11.3.1 Release Notes.
System requirements, installation, and upgrade
System requirements
For an updated list of system requirements for various Symantec Endpoint Encryption components, see System Requirements for Symantec Endpoint Encryption 11.3.1.
Installation
For information on the installation of Symantec Endpoint Encryption, see the Symantec Endpoint Encryption Installation Guide 11.3.1.
Upgrade
For information on upgrading Symantec Endpoint Encryption, see the Symantec Endpoint Encryption Upgrade Guide 11.3.1.