Supported platforms, environments, and operating systems for Drive Encryption 7.x
Technical Articles ID:
KB79422
Last Modified: 5/2/2018
Rated:
Environment
McAfee Drive Encryption (DE) 7.2.x, 7.1.x
Summary
When Microsoft releases new operating systems or Service Packs, the original Product Guides might not reflect the current support policy for those platforms. Most of the following information is available in the Product Installation guides and Release Notes, but some of the information is available only in Product Management statements published in the Knowledge Base. Content in this article supersedes all other published content in both the guides and release notes.
{GENPA.EN_US}
Recent updates to this article:
Date
Update
May 2, 2018
Updated McAfee Agent table to set MA 4.8.x to End of Life.
May 1, 2018
Updates for support of Windows 10 April 2018 Update (Version 1803).
April 24, 2018
Multiple updates to reflect the DE 7.2.5 release.
March 5, 2018
Known Issues ID number for DE 7.1 (RTW) in the "Product release information" table was changed from KB79422 to KB84502.
February 13, 2018
Added DE 7.2.4.
{GENSUB.EN_US}
Contents:
NOTE: These releases are with full ePO integration and management.
These hotfixes were previously internal and only Released to Support (RTS). They have now all been rolled-up into DE 7.1.3 Hotfix 1131996 and are no longer available.
6
The DE 7.2.0 installer appears as version 7.2.0.64 (RTW) in the ePO Master Repository and in Add/Remove Programs on the client system. The installer is now built as a separate component and so its version number might differ from other components.
7
A post DE 7.2.0 (RTW) issue was found where corrupted text was displayed when accessing the Single Sign On (SSO) section. This section is located under Policy Catalog, Drive Encryption 7.2, Product settings, Logon (tab), on systems that use double-byte languages.
The issue is resolved in the DE 7.2.0 (Repost). The DE 7.2.0 EEAdmin Extension appears as version 7.2.0.456 (RTW) and 7.2.0.457 (Repost) in the ePO Extensions.
8
This hotfix was only Released to Technical Support (RTS); a patch or later hotfix superseded it and it is no longer available.
9
These hotfixes were previously internal and only Released to Support (RTS). They have now all been rolled into the DE 7.1.0 Patch 3 Hotfix 1208296 Rollup hotfix and are no longer available.
Extensions shipped with DE
Extension
DE
7.2.5
DE
7.2.4
DE
7.2.3
Hotfix 1225186
DE
7.2.3
(Repost)
DE
7.2.3
DE
7.2.2
DE
7.2.1
DE 7.2.0 (Repost)
DE 7.2.0
(RTW)
DPSSP
1.3.2.7
1.3.1.1
1.3.1.1
1.3.1.1
1.3.1.1
1.3.1.1
1.3.0.12
1.3.0.0
1.3.0.0
EEADMIN
7.2.5.24
7.2.4.2
7.2.3.33
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.457
7.2.0.456
EEPC
7.2.5.24
7.2.4.2
7.2.3.33
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
7.2.0.456
DEGO
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
7.2.0.456
EEDEEP 2
EOL
7.2.4.2
7.2.3.29
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
7.2.0.456
User Directory 1
2.0.2.7
2.0.1.1
2.0.1.1
2.0.1.1
2.0.1.1
2.0.1.1
2.0.0.23
2.0.0.22
2.0.0.22
1
The User Directory and DPSSP extensions are provided with the DE package for convenience, but are developed as separate components, so, they have their own version number.
2
McAfee ePO Deep Command is End of Life. So, the Drive Encryption (DE) Deep extension that supported out-of-band management, using McAfee ePO Deep Command, is no longer included in the Drive Encryption release package.
Extensions shipped with DE (EOL)
Extension
DE
7.1.3
Hotfix
1208296
DE
7.1.3
Hotfix
1148978
DE
7.1.3
Hotfix
1131996
DE
7.1.3
DE
7.1.2
DE
7.1.1
DE
7.1.0
DPSSP
1.3.0.6
1.3.0.6
1.3.0.6
1.2.0.3
1.1.0.37
-
-
EEADMIN
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
EEPC
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
DEGO
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
EEDEEP
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
User Directory1
1.0.0.151
1.0.0.151
1.0.0.151
1.0.0.146
1.0.0.146
1.0.0.146
1.0.0.136
1
The User Directory and DPSSP extensions are included in the DE package for convenience, but are developed as separate components, so, they have their own version number.
Software Packages shipped with DE
Package name
DE 7.2.5
DE 7.2.4
DE 7.2.3
(Repost)
DE 7.2.3
DE 7.2.2
DE 7.2.1
DE 7.2
MfeEEPC
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.16
7.2.0.64
MfeEEAgent
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.16
7.2.0.64
EegoPackage
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
Compatibility XML version shipped with DE
DE Version
Compatibility XML Version 1
DE 7.2.5
v79
DE 7.2.4, DE 7.2.3
v70
DE 7.2.2
v69
DE 7.2.1
v59
DE 7.2.0
v58
DE 7.1.3 HF1208296
v67
DE 7.1.3 HF1148978
v40
DE 7.1.3 HF1131996
v21
DE 7.1.3
v12
DE 7.1.2
n/a
DE 7.1.1
v6
DE 7.1.0
n/a
1
IMPORTANT: The latest version of the hardware compatibility XML is attached to KB81900.
NOTE: ePO and MA versions that are End of Life (EOL) have been removed.
ePO - Supported DE Extensions NOTE: DE Extensions for ePO are backward compatible and can manage earlier client versions.
ePO Release
DE 7.2.5
DE 7.2.1
7.2.2 7.2.3
7.2.4
DE 7.2.0
DE 7.1.3
HF1148978
HF1131996
HF1208296
DE
7.1.x
ePO 5.9.1, 5.9.0
Yes
Yes
No
No
No
ePO 5.3.3
Yes
Yes
No
Yes
No
ePO 5.3.2, 5.3.1, 5.3.0
Yes
Yes
Yes
Yes
Yes
ePO 5.1.x
No
Yes
Yes
Yes
Yes
MA - Supported versions to manage DE clients
MA Release
DE
7.2.3
7.2.4 7.2.5
DE
7.2.02
7.2.1
7.2.2
DE
7.1.3
DE
7.1.1
7.1.2
DE
7.1.0
MA 5.5.0
Yes
No
No
No
No
MA 5.0.6 1
Yes
Yes
Yes
No
No
MA (5.0.5, 5.0.4) 1
Yes
Yes
Yes
Yes
No
MA (5.0.3, 5.0.2, 5.0.1) 1
Yes
Yes
Yes
Yes
No
MA 5.0.01
Yes
Yes
Yes
Yes
Yes
MA 4.8
No 2
No 2
No 2
No 2
No 2
1
MA 5.0 and laterare supported only with legacy features because these versions cannot exploit the new features introduced in MA 5.0. To review the MA 5.0 and ePO 5.1.1 feature dependencies, see KB71298.
2
MA 4.8.x has reached End of Life and is no longer supported.
Supported operating systems for DE
The following tables detail the McAfee products supported for use on Windows workstation and server operating systems. Only the most recent versions are included because most customers upgrade to the latest service packs shortly after they are released.
NOTE: If the operating system is not listed, it is not supported.
Operating System 1
Microsoft
Supported
Service
Pack
DE 7.2.4
7.2.5
DE
7.2.2 7.2.3
DE 7.2.1
DE
7.2.0
DE
7.1.3
HF1148978 HF1208296
DE 7.1.3
or
DE 7.1.3
HF1131996
DE
7.1.1
7.1.2
DE
7.1.0
Windows Server 2016 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows Server 2012 R2 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Windows Server 2012 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows Server 2008 (32-bit and 64-bit)
(Standard, Enterprise, Datacenter)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2008 R2 Server Core (Optional 32-bit) NOTE:This version is the first OS with
optional 32-bit support; the default is 64-bit.
-
No
No
No
No
No
No
No
No
Windows Server 2008 R2 (64-bit only)
(Standard, Enterprise, Datacenter)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 10 April 2018 Update (32-bit and 64-bit) 11
(Pro, Enterprise)
-
Yes
No
No
No
No
No
No
No
Windows 10 Fall Creators Update (32-bit/64-bit) 10
(Pro, Enterprise)
-
Yes
Yes
No
No
No
No
No
No
Windows 10 Creators Update (32-bit/64-bit) 9
(Pro, Enterprise)
-
Yes
Yes
Yes
No
No
No
No
No
Windows 10 LTSB version 1607 (32-bit/64-bit) 2, 7
(Enterprise)
-
Yes
Yes
Yes
No
No
No
No
No
Windows 10 Anniversary Update (32-bit/64-bit) 2, 7
(Pro, Enterprise)
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows 10 (32-bit/64-bit) 2, 3, 8
(Pro, Enterprise)
November Update / Threshold 2 (TH2)
-
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows 8.1 (32-bit/64-bit) 3
(Professional, Enterprise)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 8 (32-bit/64-bit) 3
(Professional, Enterprise)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows RT
(Version of Windows 8 that runs on mobile
devices such as tablet computers)
-
No
No
No
No
No
No
No
No
Windows To Go (all versions) 4
-
No
No
No
No
No
No
No
No
Windows 7 (32-bit/64-bit) Yes 5
(Professional, Enterprise, Ultimate)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 7 (32-bit/64-bit) Yes 5
(Professional, Enterprise, Ultimate)
Without
SP
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Vista (64-bit / 32-bit) 6
(Business, Ultimate, Enterprise)
-
No
No
No
No
No
No
No
No
n/a = not applicable
1
Dual boot for Windows is not currently supported. To submit a product idea, see the Related Information section below.
Home versions of any Windows operating system (OS) are not tested or supported. DE is an enterprise product that is tested only on enterprise OS versions.
2
To review the product manager statement that covers support for Windows 10, and any caveats that apply, see KB85784.
For how to upgrade the operating system to Windows 10 with Drive Encryption 7.1 Patch 3 installed, see KB84962.
3
The Trusted Platform Module (TPM) AutoBoot using the TPM 1.2 chipset is only supported on Windows 8.x and Windows 10 clients with DE 7.1 Patch 1 and later. These clients must also be configured to use the Unified Extensible Firmware Interface (UEFI).
4
Windows To Go is a feature in Windows 8 Enterprise that allows Windows 8 to boot and run from an external USB hard drive or USB drive. This feature has not been tested. If you require this functionality, see the Related Information section of this article for instructions to submit a product idea, to have this functionality researched for implementation in a future product or patch release.
5
Windows 7 is not supported in XP Mode.
6
As of July 2011, Windows Vista SP1 is no longer supported by Microsoft, so, the sustaining and development of Encryption products on this platform hasalso ended. NOTE: Windows Vista Extended Support reaches its EOL date on April 11, 2017. Support for this operating system will no longer be provided after that date.
7
DE 7.1.3 Hotfix 1148978 is the minimum supported version of Drive Encryption for Windows 10 Anniversary Update. For information about support for Device Guard and Drive Encryption, see KB86009.
8
Windows 10 Enterprise Long-Term Servicing Branch (LTSB) is only supported with DE 7.2.1 and later. Before this release,DE offers support only for official Windows 10 builds, which include Current Branch (CB) and Current Branch for Business (CBB). NOTE: LTSB is Microsoft terminology for a Sustaining build that does not receive feature updates and would be limited to security patches in general.
9
DE 7.2.1 is the minimum supported version of Drive Encryption for Windows 10 Creators Update.
For information about support for Device Guard and Drive Encryption, see KB86009.
For how to upgrade to Windows 10 Creators Update with DE 7.2.1 installed, see KB89000.
10
DE 7.2.2 is the minimum supported version of DE, for Windows 10 Fall Creators Update.
11
This release supports Windows 10 Spring Creators Update 2018 (Version 1803).
Supported operating systems for DE on Mac hardware with an Intel® CPU
DE is not supported on any Mac hardware. For support on Mac hardware, install the latest version of Management of Native Encryption.
ePO Deep Command (EDC) IMPORTANT: McAfee ePO Deep Command reached End of Life on April 10, 2018.
EDC Release
DE 7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
DE 7.1.3
HF1131996
HF1148978
HF1208296
DE
7.1.3
DE
7.1.2
DE 7.1
7.1.1
EDC 2.4.1
No
No
No
No
No
EDC 2.4
Yes
Yes
No
No
No
EDC 2.3
Yes
Yes
Yes
No
No
EDC 2.2
Yes
Yes
Yes
Yes
No
EDC 2.1
No
Yes
Yes
Yes
Yes
EDC 2.0
No
No
Yes
Yes
Yes
EDC 1.5
No
No
No
No
Yes
EDC 1.0
No
No
No
No
No
Supported browsers for the DPSSP
IMPORTANT: Technical Supportrecommends that you do not use DPSSP on public computers, and that the browser is closed following recovery.
Browser
Google Chrome
Internet Explorer
Mozilla Firefox
Safari 1
1
Use caution when using Safari because of the non-standard behavior of its page caching.
Support for UEFI
IMPORTANT: If you plan to install DE 7.x on a system using native UEFI, Technical Support recommends that you use only native UEFI mode if the system is explicitly Windows 8, 8.1, or Windows 10 certified. If the system is not certified for Windows 8, 8.1, or Windows 10, Technical Support recommends changing the BIOS settings to put the system into legacy BIOS boot mode. Note that DE 7.x fully supports Windows 8, 8.1 and Windows 10 in BIOS mode.
Technical Support also recommends upgrading your UEFI systems to the latest UEFI firmware level, and testing on a specific native UEFI-capable system before wide-scale deployment.
Some key points about UEFI:
The original EFI developed by Intel has been replaced in favor of UEFI.
UEFI introduces a new boot process. UEFI is a more complex operating system style of BIOS, which includes applications and device drivers. End users will not notice any differences.
Only Windows 7 (64-bit), Windows 8, 8.1, and Windows 10 currently support the UEFI native boot process.
Macs have had a UEFI boot process for quite a bit longer.
Many modern laptops have UEFI, but operate in a backward-compatible mode to emulate a legacy BIOS.
Windows 8, 8.1, and Windows 10 can be installed on UEFI systems operating in legacy BIOS compatibility mode or native UEFI mode.
UEFI implementations differ by hardware vendors. Depending on the UEFI implementation, we have seen issues ranging from missing protocols to support for Opal drives. We have also seen issues in USB support provided in the preboot environment used by EEPC when operating in native UEFI mode.
Opal drives IMPORTANT:
With DE, Opal drives are supported only in the Advanced Host Controller Interface (AHCI) mode.
DE does not support the Opal version 2.0 drives which operate in A user mode, managed via the OS.
Endpoint Encryption Opal Hardware Compatibility Tool
The Endpoint Encryption Hardware Compatibility Tool gathers data about the Opal drive and performs some tests on the drive's functionality. Use the tool to test A Opal drive to verify that it is compatible, before you use the Opal features. To obtain and use the tool, see KB76182.
Intel AMT
AMT Release
DE 7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
DE 7.1.3
HF1131996
HF1148978
HF1208296
DE
7.1.3
DE
7.1.1
7.1.2
DE
7.1.0
AMT 11.x
No
No
No
No
No
AMT 10.x
Yes
Yes
No
No
No
AMT 9.5
Yes
Yes
No
No
No
AMT 9.0
Yes
Yes
Yes
Yes
No
AMT 8.x
Yes
Yes
Yes
Yes
Yes
AMT 7.x
Yes
Yes
Yes
Yes
Yes
AMT 6.x
Yes
Yes
Yes
Yes
Yes
AMT 5.x and earlier releases
No
No
No
No
No
Supported tokens and readers used for authentication with DE
Supported Wacom USB devices
To view a list of Wacom USB devices supported with DE, see KB79914.
Supported languages for DE in ePO
Chinese (traditional)
Chinese (simplified)
English
French
German
Japanese
Korean
Russian
Spanish
Supported languages available in the preboot client
DE 7.x
Brazilian Portuguese
Chinese (traditional)
Chinese (simplified)
Danish
Dutch
English
Estonian
Finnish
French
German
Greek
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Russian
Spanish
Swedish
Thai
Documentation is available in the following languages
DE 7.x 1
Chinese (traditional)
Chinese (simplified)
English
French
German
Japanese
Korean
Russian
Spanish
1
For DE 7.1.0 - 7.1.2, the above list applies only to the Product Guide. The Release Notes provided with patch releases are generally in US English only, but Release Notes for DE 7.1.3 are also localized. DE 7.1.3 also introduced a new document, Client Transfer between ePO Servers, which is also localized.
Supported EEPC to DE upgrade paths
Source Version
Target Upgrade
Supported Upgrade Paths
DE 7.1.x
DE 7.2.x
DE 7.1.x
IMPORTANT: To avoid possible upgrade problems, perform the following tasks when upgrading from Drive Encryption 7.1.x or 7.2.x to a later release:
At the ePO console, ensure that there are no LDAP Sync tasks running. If any are running, wait for them to complete.
Disable all LDAP Sync tasks before initiating the upgrade.
Check in the latest Drive Encryption extensions.
Check in the latest Drive Encryption Agent and PC software packages.
Re-enable all LDAP Sync tasks.
Deploy the latest Drive Encryption software packages to the client system.
Restart the client system after the deployment task has completed.
EEPC 7.0.x
DE 7.2.x
DE 7.1.x
IMPORTANT: If you have a system installed with EEPC 7.0.x, you can upgrade to DE 7.1.x or DE 7.2.x. But, you must first upgrade the EEPC extension to either EEPC 7.0 Patch 2 (7.0.2) or Patch 3 (7.0.3), upgrade the EEAdmin extension to 7.0.4, and follow the procedure described in PD26653.
EEPC 5..2.x
-
Releases later than DE 7.2.1 Hotfix 1199587, no longer include the functionality to upgrade EEPC 5.2.x (V5 users). For details, see KB89717.
Upgrading Windows operating systems
There is a process to refresh the Windows operating system without having to decrypt the hard drive and uninstall DE.
See the required articles for detailed instructions:
Windows 10 operating systems
There are three upgrade articles covering the various Windows 10 releases. See the table below for assistance in using the correct article, according to the Windows 10 variant that you are upgrading to and the version of DE that is installed:
Upgrade Method
Microsoft Windows 10 Release
DE
7.1 Patch 3
(7.1.3)
DE
7.1.3
HF1148978
HF1208296
DE
7.2.0
DE
7.2.1
and later
Win 10 (version 1507)
OS Refresh 1
OS Refresh 1
OS Refresh 1
OS Refresh 1
Win 10 (version 1511)
November Update
(aka Threshold 2), first update)
[OS Refresh method] The OS Refresh method is a script method. It is a more manual method developed to handle the first upgrade to Win 10 (version 1511). Simpler methods were developed later together with Microsoft. See below for details.
NOTE: Scripts are required for this upgrade method and are attached to the article.
[Reflect Drivers method] An improved method to upgrade the operating system to Windows 10 Anniversary Update (Build 1607) with Drive Encryption 7.1 Patch 3 or later.
NOTES:
Scripts are required for this upgrade method and are attached to the article.
Microsoft provided a new command-line switch, /ReflectDrivers, which is available only in Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image, during the setup and installation phase, via configuration file (*.inf).
[SetupConfig method] A superior method that was developed with Microsoft.
NOTES:
OSUpgrade packages are included with the DE download package with DE 7.2.1 and later
Microsoft provided a new command-line switch, /ConfigFileswitch which is available only in Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image, during the setup and installation phase, via configuration file (*.inf).
NOTE:
To view the Windows 10 compatibility with McAfee products, see KB85784.
Other Windows operating systems
To upgrade a Windows operating system with DE installed (not including Windows 10 or later), see KB79908.
To view the Windows Server 2016 compatibility with McAfee products, see KB87945.
Related Information
Submitting a product idea: {GENPER.EN_US}
For Release Notes and Product Guide documentation correction articles, see:
KB88169 - Documentation Correction: DE 7.2 Product Guide
KB79913 - Documentation Correction: DE 7.1 Release Notes
KB79912 - Documentation Correction: DE 7.1 Product Guide
Tool to capture hardware compatibility details:
DE 7.1 Patch 1 introduced a feature that allows the administrator to capture hardware compatibility settings for specific platforms. The hardware compatibility settings supplied to McAfee via a product idea, are used to build a file that can be imported to ePolicy Orchestrator (ePO). It can then be used to activate platforms that exhibit particular issues at preboot.
For how to use the Hardware Compatibility Settings tool for DE 7.1 Patch 1 and later, see KB81900.
Disclaimer
The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.
