This article provides information about the system requirements for Symantec Encryption Desktop 10.3.2 on Microsoft Windows 8/8.1 UEFI systems and details a list of known issues related to Windows 8/8.1 UEFI systems in the Symantec Encryption Desktop 10.3.2 release.
System Requirements and Support Information
The Symantec Encryption Desktop 10.3.2 release supports the installation of Symantec Encryption Desktop on the following systems:
- Microsoft Windows 8.1 Enterprise (32- and 64-bit editions)
- Microsoft Windows 8.1 Pro (32- and 64-bit editions)
- Microsoft Windows 8 Enterprise (32-bit and 64-bit)
- Microsoft Windows 8 Pro (32-bit and 64-bit)
For systems running Microsoft Windows 8/8.1 in UEFI mode, the following additional requirements must be met:
- System must be certified for Microsoft Windows 8/8.1 64-bit or Microsoft Windows 7 64-bit
- UEFI firmware must allow other programs or UEFI applications to execute while booting
- Boot drive must be partitioned in GPT with only one EFI system partition on the same physical disk
- Boot drive must not be configured with RAID or Logical Volume Managers (LVM)
- Tablets and any systems without a wired or OEM-supplied attachable keyboard are not supported
For more information on the firmware and boot drive, contact your system administrator or hardware manufacturer.
Local Self Recovery now available on Microsoft Windows 8/8.1 UEFI systems
On Microsoft Windows 8/8.1 UEFI systems, you can now use Local Self Recovery to create security questions after encrypting your internal disk. You can answer the security questions and bypass PGP BootGuard in case you forgot your passphrase. This option may not be available if disabled by policy in a managed environment.
Expanded support GPT-formatted disks for disk encryption
Encryption is now supported on GPT-formatted removable and internal disks on systems with Microsoft Windows 8/8.1 and UEFI pre-boot authentication on systems with Windows 8/8.1 booting in UEFI mode. Encryption is also supported on GPT-formatted disks on systems with Microsoft Windows XP and later for removable disks.
This section describes the known issues related to Window 8 with Symantec Encryption Desktop.
Symantec Drive Encryption
- Using Single Sign-On with Microsoft Windows 8/8.1. Symantec Drive Encryption does not support Single Sign-On for systems running Microsoft Windows 8/8.1 in BIOS mode when Fast Startup is enabled. 
- Incompatibility with Microsoft Surface Pro systems when Secure Boot is enabled on Microsoft Windows 8/8.1 UEFI systems. Symantec Drive Encryption is incompatible with Microsoft Surface Pro laptops when Secure Boot is enabled (a boot failure occurs when restarting your system after encrypting it). To temporarily work around this issue, disable Secure Boot in your system UEFI settings. For more information, refer to the instructions that came with your system. Note that this is an issue with the Microsoft Surface Pro laptop and could be resolved by Microsoft in the future. 
Update: On Microsoft Surface Pro 1 and Surface Pro 2 systems, use the Microsoft Surface Pro UEFI CA OEM PK Tool to resolve this issue. See article TECH225579 for more information. Surface 3 systems are not affected by this issue.
- Supported Input Method Editors (IME) for UEFI systems. Japanese IME is not supported when creating or entering passphrases or self-recovery questions on UEFI systems. Use alphanumeric characters when creating your passphrases or your self-recovery questions instead. 
- Using non-Latin characters for Local Self Recovery (LSR) on Microsoft Windows UEFI-based systems. The PGP BootGuard screen does not correctly display non-Latin characters, such as Japanese, on Windows systems running in UEFI mode. Use a Latin character set when you define LSR questions and answers. 
- Authenticating with a Microsoft Surface Pro System. In order to authenticate with the keyboard on a Microsoft Surface Pro system, whether you have a Touch Cover or a Type cover, you need to "activate" the keyboard first. To do this, from a powered off state, press the Power button and the volume down button at the same time. Once the Encryption Desktop authentication screen appears, authenticate as usual. 
- Incompatibility with Toshiba Qosmio laptops when Secure Boot is enabled on Microsoft Windows 8/8.1 UEFI systems. Symantec Drive Encryption is incompatible with Toshiba Qosmio laptops when Secure Boot is enabled (a boot failure occurs when restarting your system after encrypting it). To temporarily work around this issue, disable Secure Boot in your system UEFI settings. For more information, refer to the instructions that came with your system. Note that this is an issue with the Toshiba Qosmio laptop and could be resolved by Toshiba in the future. 
- Refreshing or resetting Microsoft Windows 8/8.1 systems. When the boot drive of your Windows 8/8.1 system is encrypted with Symantec Drive Encryption, the refresh and reset features of Windows 8/8.1 do not work properly. To refresh or reset your system, copy your PGP Keys to a USB drive (if applicable), decrypt the boot drive first, refresh or reset your system, install Symantec Drive Encryption, and encrypt the boot drive again. If you have performed refresh or reset operation on your encrypted system and your system does not boot Windows, then decrypt the drive using the Symantec Drive Encryption recovery CD, and then reset or refresh your system using the Windows boot disk. 
- Authenticating Using an External Keyboard on a Microsoft Windows 8/8.1 UEFI System. Be sure you have plugged in your keyboard before you have powered on your system. If you are using a USB keyboard, certain BIOS settings (such as Fast/Quick Boot mode) might delay USB initialization and prevent USB and detachable keyboards from working during pre-boot authentication. Refer to your system user guide to determine how to activate the USB connections. In addition, some systems require that XHCI Pre-boot Mode be enabled in the USB Configuration for the external keyboard to work at pre-boot authentication. [3201234, 3218579]
- Using Multimedia Keyboards on Microsoft Windows 8/8.1 UEFI Systems. Some multimedia keyboards with a built-in USB hub or smart card reader may not be compatible at preboot on UEFI bootable systems that have Phoenix firmware. Note that normal USB keyboards work as expected. 
- Using the ESC key on Microsoft Windows 8/8.1 UEFI Systems. The ESC key may not work on certain Toshiba laptop models (such as the Satellite U925t) when booting in UEFI mode. In order to reboot those machines without authentication, use the power button. 
- Authenticating at PGP BootGuard using Japanese USB or PS/2 keyboard. On a Windows 8 system, when you boot into an encrypted partition or boot drive, the Yen key next to the BACKSPACE key and the Backslash key next to the SHIFT key on the Japanese keyboard cannot be used to enter your passphrase. Ensure that you do not use these keys while creating a passphrase during encryption. 
Symantec File Share Encryption
- Microsoft Windows Server 2003 CIFS and Samba shares: There is an incompatibility with Symantec File Share Encryption and Microsoft Windows Server 2003 CIFS and Samba shares when using the following applications and file types: WordPad with XML/SQL/LOG/TEXT/RTF; Windows Photo Viewer with JPG/PNG/BMP; Microsoft Access with ACCDB/MDB; Microsoft Project with MPP. You may be able to use the native Microsoft Office application, Notepad, or the Microsoft Windows 8 default image file viewing application to view some of these file types. 
- Symantec File Share Encryption and remotely shared encrypted files: On Windows 8/8.1 64-bit systems, when you open a text file encrypted with Symantec File Share Encryption and residing on a remote shared folder using Microsoft WordPad, decryption fails. You can, however, open the encrypted standard text file using Notepad or RTF using Microsoft Word. 
Symantec Drive Encryption
- Using Single Sign-on with Microsoft Windows 8. There is a known incompatibility with single sign-on and Microsoft Windows 8 when Fast Startup is enabled. Because Fast Startup is enabled by default, you will not be able to use single sign-on after shut down (although SSO will work if you restart your system). To always use SSO, uncheck Turn on fast startup in the Power Options System Settings (to see this option, select Choose what closing the lid does). For more information on power options in Windows 8, see http://windows.microsoft.com/en-us/windows-8/power-plans-faq. 
- Authenticating with a Microsoft Surface Pro System. In order to authenticate with the keyboard on a Microsoft Surface Pro system, whether you have a Touch cover or a Type cover, you need to "activate" the keyboard first. To do this, from a powered off state, press the Power button and the volume down button at the same time. Once the Symantec Encryption Desktop authentication screen appears, authenticate as usual. 
- Email account not detected when using Microsoft Outlook on Microsoft Windows 8 64-bit Systems. Symantec Desktop Email is not supported on Microsoft Windows 8 systems when Secure Boot is enabled. For more information, go to the Symantec Knowledgebase and search for TECH208819, "Email account not detected when using Microsoft Outlook on Microsoft Windows 8 64-bit Systems." 
- Using PGP Zip on Microsoft Windows 8 systems. To decrypt a PGP Zip file on Windows 8 systems, you must use the Symantec Encryption Desktop interface (you cannot right-click the file in Windows Explorer). Decrypt the zipped file using the File menu or the PGP Zip control box. During signature verification, if the progress indicator appears to stop responding during the verification of the file, click Cancel to close the progress indicator.