Supported platforms, environments, and operating systems for Drive Encryption 7.x
Technical Articles ID:
KB79422
Last Modified: 10/9/2018
Rated:
Environment
McAfee Drive Encryption (DE) 7.2.x, 7.1.x
Summary
When Microsoft releases new operating systems or Service Packs, the original Product Guides might not reflect the current support policy for those platforms. Most of the following information is available in the Product Installation guides and Release Notes, but some of the information is available only in Product Management statements published in the Knowledge Base. Content in this article supersedes all other published content in both the guides and release notes.
NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.
Recent updates to this article:
Date
Update
October 9, 2018
Multiple updates to coincide with the release of DE 7.2.7.
Added support for:
Windows 10 (version 1809) October 2018 Update.
Windows Server 2019.
August 31, 2018
Added Support for ePO 5.10 and MA 5.5.2.
August 23, 2018
Added DE 7.2.6 Hotfix 1247725 details (Released to Support).
August 20, 2018
Removed DE 7.2.6 Hotfix 1247725 details. Hotfix not yet available.
August 2, 2018
Added details for DE 7.1 Update 3 Hotfix 1241165 (Repost).
Changed all "patch" references to "update." NOTE: McAfee updates were previously referred to as patches.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents:
Click to expand the section you want to view.
NOTES:
These releases are with full ePolicy Orchestrator (ePO) integration and management.
These hotfixes were previously internal and only Released to Support (RTS). They have now all been rolled-up into DE 7.1.3 Hotfix 1131996 and are no longer available.
6
The DE 7.2.0 installer appears as version 7.2.0.64 (GA) in the ePO Master Repository and in Add/Remove Programs on the client system. The installer is now built as a separate component and so its version number might differ from other components.
7
A post DE 7.2.0 (GA) issue was found where corrupted text was displayed when accessing the Single Sign On (SSO) section. This section is located under Policy Catalog, Drive Encryption 7.2, Product settings, Logon (tab), on systems that use double-byte languages.
The issue is resolved in the DE 7.2.0 (Repost). The DE 7.2.0 EEAdmin Extension appears as version 7.2.0.456 (GA) and 7.2.0.457 (Repost) in the ePO Extensions.
8
This hotfix was only Released to Technical Support (RTS); an update or later hotfix superseded it and it is no longer available.
9
Released to Technical Support (RTS) only.
McAfee investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request (https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR). Include this article number in the Problem Description field.
See KB51560 for detailed information on release cycles.
Extensions shipped with DE
Extension
DE
7.2.7
DE
7.2.6
DE
7.2.5
DE
7.2.4
DE
7.2.3
Hotfix 1225186
DE
7.2.3
(Repost)
DE
7.2.3
DE
7.2.2
DE
7.2.1
DE 7.2.0 (Repost)
DE 7.2.0
(GA)
DPSSP
1.3.2.7
1.3.2.7
1.3.2.7
1.3.1.1
1.3.1.1
1.3.1.1
1.3.1.1
1.3.1.1
1.3.0.12
1.3.0.0
1.3.0.0
EEADMIN
7.2.7.7
7.2.6.6
7.2.5.24
7.2.4.2
7.2.3.33
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.457
7.2.0.456
EEPC
7.2.7.7
7.2.6.6
7.2.5.24
7.2.4.2
7.2.3.33
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
7.2.0.456
DEGO
7.2.7.7
7.2.6.6
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
7.2.0.456
EEDEEP 2
EOL
EOL
EOL
7.2.4.2
7.2.3.29
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
7.2.0.456
User Directory 1
7.0.7.7
2.0.2.7
2.0.2.7
2.0.1.1
2.0.1.1
2.0.1.1
2.0.1.1
2.0.1.1
2.0.0.23
2.0.0.22
2.0.0.22
1
The User Directory and DPSSP extensions are provided with the DE package for convenience, but are developed as separate components, so, they have their own version number.
2
ePO Deep Command is End of Life. So, the DE Deep extension that supported out-of-band management, using ePO Deep Command, is no longer included in the DE release package.
Extensions shipped with DE (EOL)
Extension
DE
7.1.3
Hotfix
1208296, 1241165
DE
7.1.3
Hotfix
1148978
DE
7.1.3
Hotfix
1131996
DE
7.1.3
DE
7.1.2
DE
7.1.1
DE
7.1.0
DPSSP
1.3.0.6
1.3.0.6
1.3.0.6
1.2.0.3
1.1.0.37
-
-
EEADMIN
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
EEPC
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
DEGO
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
EEDEEP
7.1.3.628
7.1.3.604
7.1.3.590
7.1.3.547
7.1.2.497
7.1.1.454
7.1.0.389
User Directory 1
1.0.0.151
1.0.0.151
1.0.0.151
1.0.0.146
1.0.0.146
1.0.0.146
1.0.0.136
1
The User Directory and DPSSP extensions are included in the DE package for convenience, but are developed as separate components, so, they have their own version number.
Software Packages shipped with DE
Package name
DE
7.2.7
DE
7.2.6
DE
7.2.5
DE
7.2.4
DE 7.2.3
(Repost)
DE
7.2.3
DE
7.2.2
DE
7.2.1
DE
7.2.0
MfeEEPC
7.2.7.7
7.2.6.6
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.16
7.2.0.64
MfeEEAgent
7.2.7.7
7.2.6.6
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.16
7.2.0.64
EegoPackage
7.2.7.7
7.2.6.6
7.2.5.24
7.2.4.2
7.2.3.29
7.2.3.28
7.2.2.14
7.2.1.24
7.2.0.456
Compatibility XML version shipped with DE
DE Version
Compatibility XML Version 1
DE 7.2.7
v84
DE 7.2.6
v84
DE 7.2.5
v79
DE 7.2.4, DE 7.2.3
v70
DE 7.2.2
v69
DE 7.2.1
v59
DE 7.2.0
v58
DE 7.1.3 HF1208296
v67
DE 7.1.3 HF1148978
v40
DE 7.1.3 HF1131996
v21
DE 7.1.3
v12
DE 7.1.2
n/a
DE 7.1.1
v6
DE 7.1.0
n/a
1
IMPORTANT: The latest version of the hardware compatibility XML is attached to KB81900.
NOTE: ePO and MA versions that are End of Life (EOL) have been removed.
ePO - Supported DE Extensions NOTE: DE Extensions for ePO are backward compatible and can manage earlier client versions.
ePO Release
DE
7.2.5
7.2.6
7.2.7
DE
7.2.1
7.2.2 7.2.3
7.2.4
DE
7.2.0
DE 7.1.3
HF1148978
HF1131996
HF1208296
HF1241165
DE
7.1.x
ePO 5.10.0
Yes
No
No
No
No
ePO 5.9.1, 5.9.0
Yes
Yes
No
No
No
ePO 5.3.3
Yes
Yes
No
Yes
No
ePO 5.3.2, 5.3.1, 5.3.0
Yes
Yes
Yes
Yes
Yes
ePO 5.1.x
No
Yes
Yes
Yes
Yes
MA - Supported versions to manage DE clients
MA Release
DE
7.2.3
7.2.4 7.2.5
7.2.6
7.2.7
DE
7.2.0 2
7.2.1
7.2.2
DE
7.1.3
DE
7.1.2
DE
7.1.1
DE
7.1.0
MA 5.5.2, 5.5.1, 5.5.0
Yes
No
No
No
No
No
MA 5.0.6 1
Yes
Yes
Yes
No
Yes
No
MA 5.0.5, 5.0.4 1
Yes
Yes
Yes
Yes
Yes
No
MA 5.0.3, 5.0.2, 5.0.1 1
Yes
Yes
Yes
Yes
Yes
No
MA 5.0.01
Yes
Yes
Yes
Yes
Yes
Yes
MA 4.8
No2
No2
No2
No2
No2
No2
1
MA 5.0 and laterare supported only with legacy features because these versions cannot exploit the new features introduced in MA 5.0. To review the MA 5.0 and ePO 5.1.1 feature dependencies, see KB71298.
2
MA 4.8.x has reached End of Life and is no longer supported.
Supported operating systems for DE
The following tables detail the McAfee products supported for use on Windows workstation and server operating systems. Only the most recent versions are included because most customers upgrade to the latest service packs shortly after they are released.
NOTE: If the operating system is not listed, it is not supported.
Operating System 1
Microsoft
Supported
Service
Pack
DE 7.2.5 7.2.6
7.2.7
DE 7.2.4
DE
7.2.2 7.2.3
DE 7.2.1
DE
7.2.0
DE
7.1.3
HF1148978 HF1208296 HF1241165
DE 7.1.3
or
DE 7.1.3
HF1131996
DE
7.1.1
7.1.2
DE
7.1.0
Windows Server 2019 (64-bit):
(Standard, Datacenter)
-
Yes
No
No
No
No
No
No
No
No
Windows Server 2016 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows Server 2012 R2 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Windows Server 2012 (64-bit):
(Standard, Datacenter)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows Server 2008 (32-bit and 64-bit)
(Standard, Enterprise, Datacenter)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Server 2008 R2 Server Core (Optional 32-bit) NOTE:This version is the first operating system with
optional 32-bit support; the default is 64-bit.
-
No
No
No
No
No
No
No
No
No
Windows Server 2008 R2 (64-bit only)
(Standard, Enterprise, Datacenter)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 10 (version 1809) October 2018 Update
(Pro, Enterprise)
Yes
No
No
No
No
No
No
No
No
Windows 10 (version 1803) April 2018 Update
(Pro, Enterprise) (32-bit and 64-bit) 11
-
Yes
Yes
No
No
No
No
No
No
No
Windows 10 (version 1709) Fall Creators Update 10
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
No
No
No
No
No
No
Windows 10 (version 1703) Creators Update 9
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
No
No
No
No
No
Windows 10 LTSB (version 1607) 2, 7
(Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
No
No
No
No
No
Windows 10 (version 1607) Anniversary Update 2, 7
(Pro, Enterprise) (32-bit and 64-bit)
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
Windows 10 (version 1511) November Update
(Pro, Enterprise) (32-bit and 64-bit)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows 10 (version 1507) 2, 3, 8
(Pro, Enterprise) (32-bit and 64-bit)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Windows 8.1 (32-bit and 64-bit) 3
(Professional, Enterprise)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 8 (32-bit and 64-bit) 3
(Professional, Enterprise)
-
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows RT
(Version of Windows 8 that runs on mobile
devices such as tablet computers)
-
No
No
No
No
No
No
No
No
No
Windows To Go (all versions) 4
-
No
No
No
No
No
No
No
No
No
Windows 7 (32-bit and 64-bit) Yes 5
(Professional, Enterprise, Ultimate)
1
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows 7 (32-bit and 64-bit) Yes 5
(Professional, Enterprise, Ultimate)
Without
SP
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Windows Vista (64-bit and 32-bit) 6
(Business, Ultimate, Enterprise)
-
No
No
No
No
No
No
No
No
No
n/a = not applicable
1
Dual boot for Windows is not currently supported. To submit a product idea, see the Related Information section below.
Home versions of any Windows operating system (OS) are not tested or supported. DE is an enterprise product that is tested only on enterprise OS versions.
2
To review the product manager statement that covers support for Windows 10, and any caveats that apply, see KB85784.
For how to upgrade the operating system to Windows 10 with Drive Encryption 7.1 Update 3 installed, see KB84962.
3
The Trusted Platform Module (TPM) AutoBoot using the TPM 1.2 chipset is only supported on Windows 8.x and Windows 10 clients with DE 7.1 Update 1 and later. These clients must also be configured to use the Unified Extensible Firmware Interface (UEFI).
4
Windows To Go is a feature in Windows 8 Enterprise that allows Windows 8 to boot and run from an external USB hard drive or USB drive. This feature has not been tested. If you require this functionality, see the Related Information section of this article for instructions to submit a product idea, to have this functionality researched for implementation in a future product or update release.
5
Windows 7 is not supported in XP Mode.
6
As of July 2011, Windows Vista SP1 is no longer supported by Microsoft, so, the sustaining and development of Encryption products on this platform hasalso ended. NOTE: Windows Vista Extended Support reaches its EOL date on April 11, 2017. Support for this operating system will no longer be provided after that date.
7
DE 7.1.3 Hotfix 1148978 is the minimum supported version of Drive Encryption for Windows 10 Anniversary Update. For information about support for Device Guard and Drive Encryption, see KB86009.
8
Windows 10 Enterprise Long-Term Servicing Branch (LTSB) is only supported with DE 7.2.1 and later. Before this release,DE offers support only for official Windows 10 builds, which include Current Branch (CB) and Current Branch for Business (CBB). NOTE: LTSB is Microsoft terminology for a Sustaining build that does not receive feature updates and would be limited to security updates in general.
9
DE 7.2.1 is the minimum supported version of DE for Windows 10 Creators Update.
For information about support for Device Guard and DE, see KB86009.
For how to upgrade to Windows 10 Creators Update with DE 7.2.1 installed, see KB89000.
10
DE 7.2.2 is the minimum supported version of DE, for Windows 10 Fall Creators Update.
11
This release supports Windows 10 Spring Creators Update 2018 (version 1803).
Supported operating systems for DE on Mac hardware with an Intel® CPU
DE is not supported on any Mac hardware. For support on Mac hardware, install the latest version of Management of Native Encryption. Back to top
ePO Deep Command (EDC) IMPORTANT: ePO Deep Command reached End of Life on April 10, 2018.
EDC Release
DE 7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
DE 7.1.3
HF1131996 HF1148978
HF1208296
DE
7.1.3
DE
7.1.2
DE 7.1
7.1.1
EDC 2.4.1
No
No
No
No
No
EDC 2.4
Yes
Yes
No
No
No
EDC 2.3
Yes
Yes
Yes
No
No
EDC 2.2
Yes
Yes
Yes
Yes
No
EDC 2.1
No
Yes
Yes
Yes
Yes
EDC 2.0
No
No
Yes
Yes
Yes
EDC 1.5
No
No
No
No
Yes
EDC 1.0
No
No
No
No
No
Supported browsers for the DPSSP
IMPORTANT: Technical Supportrecommends that you do not use DPSSP on public computers, and that the browser is closed following recovery.
Browser
Google Chrome
Internet Explorer
Mozilla Firefox
Safari 1
1
Use caution when using Safari because of the non-standard behavior of its page caching.
Support for UEFI
IMPORTANT: If you plan to install DE 7.x on a system using native UEFI, Technical Support recommends that you use only native UEFI mode if the system is explicitly Windows 8, 8.1, or Windows 10 certified. If the system is not certified for Windows 8, 8.1, or Windows 10, Technical Support recommends changing the BIOS settings to put the system into legacy BIOS boot mode. DE 7.x fully supports Windows 8, 8.1 and Windows 10 in BIOS mode.
Technical Support also recommends upgrading your UEFI systems to the latest UEFI firmware level, and testing on a specific native UEFI-capable system before wide-scale deployment.
Some key points about UEFI:
The original EFI developed by Intel has been replaced in favor of UEFI.
UEFI introduces a new boot process. UEFI is a more complex operating system style of BIOS, which includes applications and device drivers. End users do not notice any differences.
Only Windows 7 (64-bit), Windows 8, 8.1, and Windows 10 currently support the UEFI native boot process.
Macs have had a UEFI boot process for quite a bit longer.
Many modern laptops have UEFI, but operate in a backward-compatible mode to emulate a legacy BIOS.
Windows 8, 8.1, and Windows 10 can be installed on UEFI systems operating in legacy BIOS compatibility mode or native UEFI mode.
UEFI implementations differ by hardware vendors. Depending on the UEFI implementation, we have seen issues ranging from missing protocols to support for Opal drives. We have also seen issues in USB support provided in the preboot environment used by EEPC when operating in native UEFI mode.
Opal drives IMPORTANT:
With DE, Opal drives are supported only in the Advanced Host Controller Interface (AHCI) mode.
DE does not support the Opal version 2.0 drives which operate in A user mode, managed via the OS.
Endpoint Encryption Opal Hardware Compatibility Tool
The Endpoint Encryption Hardware Compatibility Tool gathers data about the Opal drive and performs some tests on the drive's functionality. Use the tool to test A Opal drive to verify that it is compatible, before you use the Opal features. To obtain and use the tool, see KB76182.
Intel AMT
AMT Release
DE 7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
DE 7.1.3
HF1131996
HF1148978
HF1208296
DE
7.1.3
DE
7.1.1
7.1.2
DE
7.1.0
AMT 11.x
No
No
No
No
No
AMT 10.x
Yes
Yes
No
No
No
AMT 9.5
Yes
Yes
No
No
No
AMT 9.0
Yes
Yes
Yes
Yes
No
AMT 8.x
Yes
Yes
Yes
Yes
Yes
AMT 7.x
Yes
Yes
Yes
Yes
Yes
AMT 6.x
Yes
Yes
Yes
Yes
Yes
AMT 5.x and earlier releases
No
No
No
No
No
Supported tokens and readers used for authentication with DE
Supported languages available in the preboot client
DE 7.x
Brazilian Portuguese
Chinese (traditional)
Chinese (simplified)
Danish
Dutch
English
Estonian
Finnish
French
German
Greek
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Russian
Spanish
Swedish
Thai
Documentation is available in the following languages
DE 7.x 1
Chinese (traditional)
Chinese (simplified)
English
French
German
Japanese
Korean
Russian
Spanish
1
For DE 7.1.0 - 7.1.2, the above list applies only to the Product Guide. The Release Notes provided with update releases are generally in US English only, but Release Notes for DE 7.1.3 are also localized. DE 7.1.3 also introduced a new document, Client Transfer between ePO Servers, which is also localized.
IMPORTANT: To avoid possible upgrade problems, perform the following tasks when upgrading from Drive Encryption 7.1.x or 7.2.x to a later release:
At the ePO console, ensure that there are no LDAP Sync tasks running. If any are running, wait for them to complete.
Disable all LDAP Sync tasks before initiating the upgrade.
Check in the latest Drive Encryption extensions.
Check in the latest Drive Encryption Agent and PC software packages.
Re-enable all LDAP Sync tasks.
Deploy the latest Drive Encryption software packages to the client system.
Restart the client system after the deployment task has completed.
EEPC 7.0.x
DE 7.2.x
DE 7.1.x
IMPORTANT: If you have a system installed with EEPC 7.0.x, you can upgrade to DE 7.1.x or DE 7.2.x. But, you must first upgrade the EEPC extension to either EEPC 7.0 Update 2 (7.0.2) or Update 3 (7.0.3), upgrade the EEAdmin extension to 7.0.4, and follow the procedure described in PD26653.
EEPC 5.2.x
-
Releases later than DE 7.2.1 Hotfix 1199587, no longer include the functionality to upgrade EEPC 5.2.x (V5 users). For details, see KB89717.
Upgrading Windows operating systems
There is a process to refresh the Windows operating system without having to decrypt the hard drive and uninstall DE.
See the required articles for detailed instructions:
Windows 10 operating systems
There are three upgrade articles covering the various Windows 10 releases. See the table below for assistance in using the correct article, according to the Windows 10 variant that you are upgrading to and the version of DE that is installed:
[OS Refresh method] The OS Refresh method is a script method. It is a more manual method developed to handle the first upgrade to Win 10 (version 1511). Simpler methods were developed later together with Microsoft. See below for details.
NOTE: Scripts are required for this upgrade method and are attached to the article.
[Reflect Drivers method] An improved method to upgrade the operating system to Windows 10 Anniversary Update (Build 1607) with Drive Encryption 7.1 Update 3 or later.
NOTES:
Scripts are required for this upgrade method and are attached to the article.
Microsoft provided a new command-line switch, /ReflectDrivers, which is available only in Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image, during the setup and installation phase, via configuration file (*.inf).
[SetupConfig method] A superior method that was developed with Microsoft.
NOTES:
OSUpgrade packages are included with the DE download package with DE 7.2.1 and later
Microsoft provided a new command-line switch, /ConfigFileswitch which is available only in Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image, during the setup and installation phase, via configuration file (*.inf).
NOTE:
To view the Windows 10 compatibility with McAfee products, see KB85784.
Other Windows operating systems
To upgrade a Windows operating system with DE installed (not including Windows 10 or later), see KB79908.
To view the Windows Server 2016 compatibility with McAfee products, see KB87945.
Click Sign In to access the Ideas forum using your McAfee Community identity. If you do not yet have a McAfee Community profile, click New User? Register here on the Sign In dialogue box.
For more information about product ideas, see KB60021.
NOTE: The Ideas forum replaces the previous Product Enhancement Request system.
Release Notes and Product Guide documentation correction articles:
KB88169 - Documentation Correction: DE 7.2 Product Guide
KB79913 - Documentation Correction: DE 7.1 Release Notes
KB79912 - Documentation Correction: DE 7.1 Product Guide
Tool to capture hardware compatibility details:
DE 7.1 Update 1 introduced a feature that allows the administrator to capture hardware compatibility settings for specific platforms. The hardware compatibility settings supplied to McAfee via a product idea, are used to build a file that can be imported to ePolicy Orchestrator (ePO). It can then be used to activate platforms that exhibit particular issues at preboot.
For how to use the Hardware Compatibility Settings tool for DE 7.1 Update 1 and later, see KB81900.
