Directly contact our Support Team

Endpoint Security for Mac 4.6.9.200009 Release Notes

Release date:

  • Fast ring: 2019.03.26
  • Slow ring: -

New Features and Improvements

  • Starting with this version, Endpoint Security for Mac supports full disk encryption with FileVault for boot drives and with diskutil for non-boot drives, respectively. Depending on the drive type, the security agent automatically leverages the appropriate application, with minimal input from users.

    This update affects new and existing installations as follows:

    • For boot drives not currently encrypted, when an encryption policy is applied, the security agent prompts the users to enter their system credentials to send the corresponding recovery key to GravityZone and to start encryption with FileVault.
    • For boot drives previously encrypted by older versions of Endpoint Security for Mac (using diskutil):
      • After update, if an encryption policy is already applied on Macs without T2 chips, no user interaction is required. The encryption passwords and the recovery keys previously configured will continue to function as before the update, until a decryption policy will be applied. At that moment, the security agent will decrypt the boot drives with diskutil (using the old encryption passwords). At the next encryption policy, those boot drives will be encrypted with FileVault (using system credentials) and new recovery keys will be stored in GravityZone.
      • After update, when a decryption policy is applied on Macs without T2 chips, the security agent prompts the users to enter their passwords previously configured to encrypt the disk, in order to start the decryption process.
      • After update, if an encryption policy is already applied on Macs with T2 chips, the security agent prompts the users to change the recovery key by entering their system credentials. The new recovery key will be stored in GravityZone.
      • After update, when a decryption policy is applied on Macs with T2 chips, the security agent prompts the users to enter their system credentials in order to start the decryption process with FileVault.

      You do not need to apply a new GravityZone policy for the above changes to take place. The security agent will prompt the users with corresponding windows according to the existing policy settings.

    • For boot drives encrypted with FileVault (Macs with and without T2 chips), independently of GravityZone:
      • When an encryption policy is applied, the security agent prompts the users to change the recovery key by entering their system credentials. The new recovery key will be stored in GravityZone.
      • When a decryption policy is applied, the security agent prompts the users to enter their security system credentials in order to start the decryption process with FileVault.
    • Non-boot drives are encrypted with diskutil and the encryption and decryption processes work as before with no changes.
      • When an encryption policy is applied, the security agent prompts the users to configure a password to start the encryption process and to send a recovery key to GravityZone.
      • To decrypt, the security agent prompts the users to enter their encryption password.
      • The update does not require changing the password or recovery keys for non-boot drives.

    For Macs encrypted with FileVault, the users have to enter their credentials to start the system and unlock the boot drive at the same time. Once logged on, the system will prompt the users to unlock any encrypted non-boot drives by entering the disk password.

  • The product user interface now displays the EDR Sensor status.

Resolved Issues

  • In a particular situation, different Mac systems were displayed in the GravityZone console under the same Mac endpoint.
  • Traffic Scan caused file corruption when using FTP in passive mode.
  • Traffic Scan caused slow login to Active Directory for endpoints running High Sierra (10.13) and Mojave (10.14).
  • On systems with T2 chips, the password and recovery key set for full disk encryption would not unlock the boot drive. Users could unlock the boot drive only by using their system credentials. With the new encryption functionality, the user password is required to encrypt, unlock and decrypt a boot drive and, additionally, a recovery key is generated and backed up in GravityZone.

Known Issues

  • Anti-tampering module may cause crashes to the Time Machine tmutil tool, on macOS El Capitan (10.11).
  • The Decryption Process window does not reappear if clicking the "X" button instead of Dismiss. It reappears after a system restart.

Rate this article:

Submit