Technical Articles ID:
KB79422
Last Modified: 6/24/2021
Environment
McAfee Drive Encryption (DE) 7.2.x
Summary
When Microsoft releases new operating systems or Service Packs, the original Product Guides might not reflect the current support policy for those platforms. Most of the following information is available in the Product Installation guides and Release Notes. But, some of the information is available only in Product Management statements published in the Knowledge Base. Content in this article supersedes all other published content in both the guides and release notes. If an operating system is not listed here, that operating system has not been tested and is not supported. If you need support for an operating system that is not listed here, submit a product enhancement request for that operating system.
McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site.
These hotfixes were previously internal and only Released to Support (RTS). They have now all been rolled-up into DE 7.1.3 Hotfix 1131996 and are no longer available.
5
The DE 7.2.0 installer appears as version 7.2.0.64 (GA) in the ePO Master Repository and in Add/Remove Programs on the client system. The installer is now built as a separate component and so its version number might differ from other components.
6
A post DE 7.2.0 (GA) issue was found. Where corrupted text was displayed when accessing the Single Sign On (SSO) section. This section is located under Policy Catalog, Drive Encryption 7.2, Product settings, Logon (tab), on systems that use double-byte languages.
The issue is resolved in the DE 7.2.0 (Repost). The DE 7.2.0EEAdmin Extension appears as version 7.2.0.456 (GA) and 7.2.0.457 (Repost) in the ePO Extensions.
7
This hotfix was only Released to Technical Support (RTS). An update or later hotfix superseded it and it is no longer available.
8
Released to Technical Support (RTS) only.
McAfee investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
The User Directory and DPSSP extensions are provided with the DE package for convenience. But, they are developed as separate components and so they have their own version number.
2
ePO Deep Command is End of Life (EOL). So, the DE Deep extension that supported out-of-band management, using ePO Deep Command, is no longer included in the DE release package.
Extensions shipped with DE (EOL)
DE Version
Extension Name and Build Number
DPSSP
EEADMIN
EEPC
DEGO
EEDEEP 2
User Directory1
DE 7.1.3 Hotfix 1241165
DE 7.1.3 Hotfix 1208296
1.3.0.6
7.1.3.628
7.1.3.628
7.1.3.628
7.1.3.628
1.0.0.151
DE 7.1.3 Hotfix 1148978
1.3.0.6
7.1.3.604
7.1.3.604
7.1.3.604
7.1.3.604
1.0.0.151
DE 7.1.3 Hotfix 1131996
1.3.0.6
7.1.3.590
7.1.3.590
7.1.3.590
7.1.3.590
1.0.0.151
DE 7.1.3
1.2.0.3
7.1.3.547
7.1.3.547
7.1.3.547
7.1.3.547
1.0.0.146
DE 7.1.2
1.1.0.37
7.1.2.497
7.1.2.497
7.1.2.497
7.1.2.497
1.0.0.146
DE 7.1.1
-
7.1.1.454
7.1.1.454
7.1.1.454
7.1.1.454
1.0.0.146
DE 7.1.0
-
7.1.0.389
7.1.0.389
7.1.0.389
7.1.0.389
1.0.0.136
1
The User Directory and DPSSP extensions are included in the DE package for convenience. But, they are developed as separate components and so they have their own version number.
2
ePO Deep Command is End of Life. So, the DE Deep extension that supported out-of-band management, using ePO Deep Command, is no longer included in the DE release package.
NOTE: ePO and MA versions that are End of Life (EOL) have been removed.
ePO - Supported DE Extensions NOTES:
DE Extensions for ePO are backward compatible and can manage earlier client versions.
ePO 5.10.0 applies to both ePO on-premises and McAfee ePO on Amazon Web Services (AWS) / (ePO on AWS).
ePO Release
DE
7.2.10
Hotfix 3
DE
7.2.5
To
7.2.10
DE
7.2.1 To
7.2.4
DE
7.2.0
DE 7.1.3
HF1148978
HF1131996
HF1208296
HF1241165
DE
7.1.x
ePO 5.10.0 Update 10
Yes1
No
No
No
No
No
ePO 5.10.0 (Update 1–9)
Yes
Yes
No
No
No
No
ePO 5.9.1, 5.9.0
No
Yes
Yes
No
No
No
ePO 5.3.3
EOL
ePO 5.3.2, 5.3.1, 5.3.0
EOL
ePO 5.1.x
EOL
1
DE 7.2.10 Hotfix 3 (build7.2.10.65) was released to support Tomcat 9 with ePO 5.10 Update 10 and later.
MA - Supported versions to manage DE clients
MA Release
DE 7.2.8 7.2.9
7.2.10
DE
7.2.7
DE
7.2.3
To 7.2.6
DE
7.2.0 2
7.2.1
7.2.2
DE
7.1.0
to
7.1.3 (EOL)
MA 5.7.2
Yes
No
No
No
No
MA 5.7.1
Yes
Yes
No
No
No
MA 5.7.0
Yes
Yes
No
No
No
MA 5.6.6
Yes
Yes
No
No
No
MA 5.6.0 - 5.6.5
Yes
Yes
No
No
No
MA 5.5.2, 5.5.1, 5.5.0
Yes
Yes
Yes
No
No
MA 5.0.x
EOL
MA 4.8
EOL
The following tables detail the McAfee products supported for use on Windows workstation and server operating systems. Only the most recent versions are included because most customers upgrade to the latest service packs shortly after they are released.
NOTE: If the operating system is not listed, it is not supported.
Operating System 1
Microsoft
Supported
Service
Pack
DE
7.2.8
7.2.9 7.2.10
DE 7.2.5 7.2.6
7.2.7
DE 7.2.4
DE
7.2.2 7.2.3
DE 7.2.1
DE
7.2.0
DE
7.1.3
HF1148978 HF1208296 HF1241165 (EOL)
DE 7.1.3
Or
DE 7.1.3
HF1131996
(EOL)
DE
7.1.1
7.1.2 (EOL)
DE
7.1.0 (EOL)
Windows Server 2019 Version 2004
Windows Server 2019 Version 1909
Windows Server 2019 Version 1903
Windows Server 2019 Version 1809
(64-bit), (Standard, Datacenter)
-
Yes
Yes
No
No
No
No
No
No
No
No
Windows Server 2016 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows Server 2012 R2 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Windows Server 2012 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows Server 2008 (32-bit and 64-bit)
(Standard, Enterprise, Datacenter)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2008 R2 Server Core (Optional 32-bit) 13
The default is 64-bit.
-
No
No
No
No
No
No
No
No
No
No
Windows Server 2008 R2 (64-bit only)
(Standard, Enterprise, Datacenter)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 10 Pro for Workstations 12
Yes
No
No
No
No
No
No
No
No
No
Windows 10 version 21H1 (May 2021 Update)
Windows 10 version 20H2 (October 2020 Update)
Windows 10 version 2004 (May 2020 Update)
Windows 10 version 1909 (November 2019 Update)
Windows 10 version 1903 (May 2019 Update)
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
No
No
No
No
No
No
No
No
No
Windows 10 version 1809 (October 2018 Update)
Windows 10 version 1809 Long Term Servicing Channel (LTSC)
(October 2018 Update) 8
(Enterprise) (32-bit and 64-bit)
-
Yes
Yes
No
No
No
No
No
No
No
No
Windows 10 version 1803 (April 2018 Update)
(Pro, Enterprise) (32-bit and 64-bit) 11
-
Yes
Yes
Yes
No
No
No
No
No
No
No
Windows 10 version 1709 (Fall Creators Update 10
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
No
No
No
No
No
No
Windows 10 version 1703 (Creators Update) 9
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
Windows 10 version 1607 Long-Term Servicing Branch (LTSB)
(Anniversary Update) 7, 8
(Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
Windows 10 version 1607 (Anniversary Update) 7, 8
(Pro, Enterprise) (32-bit and 64-bit)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows 10 version 1511 (November Update)
(Pro, Enterprise) (32-bit and 64-bit)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows 10 version 1507 (General Availability) 2, 3, 8
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows 8.1 (32-bit and 64-bit) 3
(Professional, Enterprise)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 8 (32-bit and 64-bit) 3
(Professional, Enterprise)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows RT.14
-
No
No
No
No
No
No
No
No
No
No
Windows To Go (all versions) 4
-
No
No
No
No
No
No
No
No
No
No
Windows 7 (32-bit and 64-bit) Yes 5
(Professional, Enterprise, Ultimate)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 7 (32-bit and 64-bit) Yes 5
(Professional, Enterprise, Ultimate)
Without
SP
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Vista (64-bit and 32-bit) 6
(Business, Ultimate, Enterprise)
-
No
No
No
No
No
No
No
No
No
No
n/a = not applicable
1
Dual boot for Windows is not currently supported. To submit a product idea, see the Related Information section below.
Home versions of any Windows operating system are not tested or supported. DE is an enterprise product that is tested only on enterprise operating system versions.
The Trusted Platform Module (TPM) AutoBoot using the TPM 1.2 chipset is only supported on Windows 8.x and Windows 10 clients with DE 7.1 Update 1 and later. These clients must also be configured to use the Unified Extensible Firmware Interface (UEFI).
4
Windows To Go is a feature in Windows 8 Enterprise that allows Windows 8 to boot and run from an external USB hard drive or USB drive. This feature has not been tested. If you require this functionality, see the Related Information section of this article. It directs you to instructions to submit a product idea and have this functionality researched for implementation in a future product or update release.
5
Windows 7 is not supported in XP Mode.
6
As of July 2011, Windows Vista SP1 is no longer supported by Microsoft. So, the sustaining and development of Encryption products on this platform hasalso ended. NOTE: Windows Vista Extended Support reaches its EOL date on April 11, 2017. Support for this operating system will no longer be provided after that date.
Windows Server 2008 R2 Server Core is the first operating system with optional 32-bit support.
14
Windows RT is a version of Windows 8 that runs on mobile devices such as tablet computers.
Supported operating systems for DE on Mac hardware with an Intel® CPU
DE is not supported on any Mac hardware. For support on Mac hardware, install the latest version of Management of Native Encryption. Back to top
ePO Deep Command (EDC)
IMPORTANT: ePO Deep Command reached End of Life on April 10, 2018.
EDC Release
DE 7.2.0
7.2.1
To
7.2.4
DE 7.1.3
HF1131996 HF1148978
HF1208296 (EOL)
DE
7.1.3 (EOL)
DE
7.1.2 (EOL)
DE 7.1
7.1.1 (EOL)
EDC 2.4.1
No
No
No
No
No
EDC 2.4
Yes
Yes
No
No
No
EDC 2.3
Yes
Yes
Yes
No
No
EDC 2.2
Yes
Yes
Yes
Yes
No
EDC 2.1
No
Yes
Yes
Yes
Yes
EDC 2.0
No
No
Yes
Yes
Yes
EDC 1.5
No
No
No
No
Yes
EDC 1.0
No
No
No
No
No
Supported browsers for the DPSSP
IMPORTANT: Technical Supportrecommends that you do not use DPSSP on public computers, and that the browser is closed following recovery.
Browser
Google Chrome
Internet Explorer
Mozilla Firefox
Safari 1
1
Use caution when using Safari because of the non-standard behavior of its page caching.
Support for UEFI
IMPORTANT: If you plan to install DE 7.x on a system using native UEFI, Technical Support recommends that you use only native UEFI mode if the system is explicitly Windows 8, 8.1, or Windows 10 certified. When the system is not certified for Windows 8, 8.1, or Windows 10, Support recommends that you change the BIOS settings to put the system into legacy BIOS boot mode. DE 7.x fully supports Windows 8, 8.1, and Windows 10 in BIOS mode.
Technical Support also recommends upgrading your UEFI systems to the latest UEFI firmware level, and testing on a specific native UEFI-capable system before wide-scale deployment.
Some key points about UEFI:
The original EFI developed by Intel has been replaced in favor of UEFI.
UEFI introduces a new boot process. UEFI is a more complex operating system style of BIOS, which includes applications and device drivers. Users do not notice any differences.
Only Windows 7 (64-bit), Windows 8, 8.1, and Windows 10 currently support the UEFI native boot process.
Macs have had a UEFI boot process for quite a bit longer.
Many modern laptops have UEFI, but operate in a backward compatible mode to emulate a legacy BIOS.
Windows 8, 8.1, and Windows 10 can be installed on UEFI systems operating in legacy BIOS compatibility mode or native UEFI mode.
UEFI implementations differ by hardware vendors. Depending on the UEFI implementation, we have seen issues ranging from missing protocols to support for Opal drives. We have also seen issues in USB support provided in the preboot environment used by DE when operating in native UEFI mode.
Opal drives IMPORTANT:
With DE, Opal drives are supported only in the Advanced Host Controller Interface (AHCI) mode.
DE does not support the Opal version 2.0 drives which operate in A user mode, managed through the operating system.
Endpoint Encryption Opal Hardware Compatibility Tool
The Endpoint Encryption Hardware Compatibility Tool gathers data about the Opal drive, and performs some tests on the drives. Use the tool to test an Opal drive to verify that it is compatible, before you use the Opal features. For details, see KB76182 - How to use the Opal Hardware Compatibility Tool.
Intel AMT
AMT Release
DE 7.2.0
7.2.1
To
7.2.4
DE 7.1.3
HF1131996
HF1148978
HF1208296 (EOL)
DE 7.1.1
7.1.2 7.1.3 (EOL)
DE
7.1.0 (EOL)
AMT 11.x
No
No
No
No
AMT 10.x
Yes
Yes
No
No
AMT 9.5
Yes
Yes
No
No
AMT 9.0
Yes
Yes
Yes
No
AMT 8.x
Yes
Yes
Yes
Yes
AMT 7.x
Yes
Yes
Yes
Yes
AMT 6.x
Yes
Yes
Yes
Yes
AMT 5.x and earlier releases
No
No
No
No
Supported tokens and readers used for authentication with DE
Supported languages available in the preboot client
DE 7.x
Brazilian Portuguese
Chinese (traditional)
Chinese (simplified)
Danish
Dutch
English
Estonian
Finnish
French
German
Greek
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Russian
Spanish
Swedish
Thai
Documentation is available in the following languages
DE 7.x 1
Chinese (traditional)
Chinese (simplified)
English
French
German
Japanese
Korean
Russian
Spanish
1
For DE 7.1.0 - 7.1.2, the above list applies only to the Product Guide. The Release Notes provided with update releases are generally in U.S. English only, but Release Notes for DE 7.1.3 are also localized. DE 7.1.3 also introduced a new document, Client Transfer between ePO Servers, which is also localized.
IMPORTANT: To avoid possible upgrade problems, perform the following tasks when upgrading from Drive Encryption 7.1.x or 7.2.x to a later release:
At the ePO console, make sure that there are no LDAP Sync tasks running. If any are running, wait for them to complete.
Disable all LDAP Sync tasks before initiating the upgrade.
Check in the latest Drive Encryption extensions.
Check in the latest Drive Encryption Agent and PC software packages.
Re-enable all LDAP Sync tasks.
Deploy the latest Drive Encryption software packages to the client system.
Restart the client system after the deployment task has completed.
EEPC 7.0.x
DE 7.2.x
DE 7.1.x
IMPORTANT: If you have a system installed with EEPC 7.0.x, you can upgrade to DE 7.1.x or DE 7.2.x. But, you must first upgrade the EEPC extension to either EEPC 7.0 Update 2 (7.0.2) or Update 3 (7.0.3). Then upgrade the EEAdmin extension to 7.0.4, and follow the procedure described in the Drive Encryption 7.2.0 Product Guide.
Upgrading Windows operating systems
There is a process to refresh the Windows operating system without having to decrypt the hard drive and uninstall DE.
See the articles below for detailed instructions.
Windows 10 operating systems
There are three upgrade articles covering Windows 10 releases. See the table below for help with using the correct article. The correct article is based on the Windows 10 variant that you are upgrading to, and the version of DE that is installed:
[OS Refresh method] The OS Refresh method is a script method. It is a more manual method developed to handle the first upgrade to Win 10 (version 1511). Simpler methods were developed later together with Microsoft. See below for details.
NOTE: Scripts are needed for this upgrade method and are attached to the article.
[Reflect Drivers method] An improved method to upgrade the operating system to Windows 10 Anniversary Update (Build 1607) with Drive Encryption 7.1 Update 3 or later.
NOTES:
Scripts are needed for this upgrade method and are attached to the article.
Microsoft provided a new command-line switch, /ReflectDrivers, which is available only in Windows 10 Anniversary Update (Build 1607) and later. During the setup and installation phase, this switch allows drivers to be added to the operating system image via configuration file (*.inf).
[SetupConfig method] A superior method that was developed with Microsoft.
NOTES:
The OSUpgrade packages are included with the DE download package with DE 7.2.1 and later.
Microsoft provided a new command-line switch, /ConfigFileswitch which is available only in Windows 10 Anniversary Update (Build 1607) and later. During the setup and installation phase, this switch allows drivers to be added to the operating system image via configuration file (*.inf).
The Ideas forum is accessible only to McAfee business and enterprise customers. Click Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click Register to register for a new account on either website.
NOTE: The Ideas forum replaces the previous Product Enhancement Request system.
Tool to capture hardware compatibility details:
DE 7.1 Update 1 introduced a feature that allows the administrator to capture hardware compatibility settings for specific platforms. The hardware compatibility settings supplied to McAfee through a product idea are used to build a file that can be imported to ePolicy Orchestrator (ePO). It can then be used to activate platforms that exhibit particular issues at preboot.
