Bug Report: Attempting to encrypt Surface Pro 4 systems with Symantec Drive Encryption 10.3.2 MP10 or above results in a blue screen and errors
Last Updated July 28, 2016
Bug Report: Attempting to encrypt Surface Pro 4 systems with Symantec Drive Encryption 10.3.2 MP10 or above results in a blue screen and errors. Systems may be unbootable at this point. The issue occurs when no other encryption solutions have been enabled on these systems.
In addition to the system experiencing blue screen behavior, upon attempting encryption, errors "11990" or "11980" appear.
The primary reason for these unbootable systems stems from using NVMe drives. For more hardware affected by NVMe drives, please see article INFO3183.
UPDATE APRIL 26 2016: Symantec has developed a fix for this issue and is available in 3.3.2/10.3.2 MP13, which is available via fileconnect.
Although this issue is resolved in Symantec Drive Encryption 10.3.2 MP13, there are a few considerations to review:
If a system has already been installed with a previous version of Symantec Encryption Desktop and encountered issues, it may be necessary to wipe all affected partitions from the system (as Symantec Drive Encryption may leave remnants of the encryption pointers) before attempting to install Symantec Drive Encryption MP13. Once all the partitions have been removed and properly rebuilt from scratch, and the system has been reimaged, installing Symantec Drive Encryption 10.3.2 MP13 will then work.
UEFI's "Secure Boot" option should be configured as "Microsoft with 3rd Party CA" if the option is available. This will allow other third-party programs that are properly signed to properly boot with Secure Boot. Without setting this option, the system may still not boot with Symantec Drive Encryption 10.3.2 MP13.
Some NVMe systems do not have the option "Microsoft with 3rd Party CA" with Secure Boot, and "Enabled\Disabled" are the only options available. If Secure Boot is available, the option to Enable can be used.
Once the above considerations have been met, the system should boot properly after it is encrypted with Symantec Drive Encryption 10.3.2 MP13. If the problems persist, please work with Symantec Support to resolve the issue.
Symantec Drive Encryption 10.3.2 MP12 was released to includes fixes for Surface Pro 4 and Surface Book systems which use NVMe drives, however this build was pulled due to an issue found. For more information on this issue, see article ALERT2011 (fixed in 10.3.2 MP13).
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe