Symantec Drive Encryption 10.3.2/Symantec Endpoint Encryption 11 and systems with NVMe drives.
Last Updated July 28, 2016
Symantec Drive Encryption 10.3.2 as well as Symantec Endpoint Encryption 11 (SEE 11) supports most typical hardware available in systems and in general, no issues are seen.
Recently, some systems which have NVMe drives have been found to be incompatible with Symantec Drive Encryption 10.3.2 and Symantec Endpoint Encryption 11 and encrypting these systems can result in Blue Screen behavior, as well as potentially unbootable systems.
The following models are known to be affected by this issue:
Dell XPS 13 950 & 9350 Dell XPS 15 9550 Dell Inspiron E7470 HP Z440 HP ZBook HP Folio G1 EliteBook Surface Book Surface Pro 4 (See article TECH233421 for more information on this system). MSI GS60 6QE Ghost Pro
UPDATE May 6 2016: Symantec has developed a fix for this issue and is available in Symantec Endpoint Encryption 11.1.1, which is available via fileconnect.
UPDATE APRIL 26 2016: Symantec has developed a fix for this issue and is available in 3.3.2/10.3.2 MP13, which is available via fileconnect.
Although this issue is resolved in Symantec Drive Encryption 10.3.2 MP13 and SEE 11.1.1, there are a few considerations to review:
If a system has already been installed with a previous version of Symantec Encryption Desktop and encountered issues, it may be necessary to wipe all affected partitions from the system (as Symantec Drive Encryption may leave remnants of the encryption pointers) before attempting to install Symantec Drive Encryption MP13 or SEE 11.1.1. Once all the partitions have been removed and properly rebuilt from scratch, and the system has been reimaged, installing Symantec Drive Encryption 10.3.2 MP13 or SEE 11.1.1 will then work.
UEFI's "Secure Boot" option should be configured as "Microsoft with 3rd Party CA" if available. This will allow other third-party programs that are properly signed to properly boot with Secure Boot. Without setting this option, the system may still not boot with Symantec Drive Encryption 10.3.2 MP13 or SEE 11.1.1.
Some NVMe systems do not have the option "Microsoft with 3rd Party CA" with Secure Boot, and "Enabled\Disabled" are the only options available. If Secure Boot is available, the option to Enable can be used.
Once the above considerations have been met, the system should boot properly after it is encrypted with Symantec Drive Encryption 10.3.2 MP13 or SEE 11.1.1. If the problems persist, please work with Symantec Support to resolve the issue.
Etracks: 3875901 - Symantec Endpoint Encryption 11.0.1 on a HP Z440 3885162 - Symantec Endpoint Encryption 11.0.1 and 11.1 on Dell XPS 13 950 3900056 - Symantec Endpoint Encryption 11.1 on MSI GS60 6QE Ghost Pro
3883315 - Symantec Drive Encryption 10.3.2MP11 on Dell XPS 13 950, Dell XPS 13 9350, & Dell Precision Tower 3620 3884273 - Symantec Drive Encryption 10.3.2MP11 on HP zBook 3874204 - Symantec Drive Encryption 10.3.2MP11 on Surface Pro 4 and Surface Book
Symantec Drive Encryption 10.3.2 MP12 was released to includes fixes to the NVMe systems, however this build was pulled due to an issue found. For more information on this issue, see article ALERT2011 (now fixed in 10.3.2 MP13).
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe