Enabling SUSAM will prevent Crypto-erase from performing correctly
Issue Where SES Administrators have checked the "Enable SUSAM" setting (V6.5) or have set a SUSAM value of 1 ( = enabled in versions prior to V6.5) within a device profile's Boot Configuration panel, the enabling of SUSAM will interfere with the execution of Crypto-erase at Pre-Boot/Boot Logon. This includes both use of user-initiated Crypto-erase (e.g. using the Crypto-erase keystroke sequence - which defaults to F1-F12-F1) or where the SES Administrator has initiated a Crypto-erase command which should normally be executed at pre-boot if the device is capable of communicating to PBConnex at pre-boot. NOTE: Where the device had been sent a Crypto-erase command from SES, if the crypto-erase command has first been accepted by Pre-Boot (and this will fail), then the command will be marked as having completed and will not be retried from within Windows. A second, or even further attempts will be needed. See Solution/Work-around notes below. This issue affects client devices running SecureDoc, all versions including V6.5, but ONLY where SUSAM has been set to a non-null/non-blank value. Details Any use of SUSAM interferes with the ability of the Crypto-erase function to execute correctly at Pre-Boot. The collateral impact of this problem is that the device will show in the database as having been crypto-erased, but in fact it is not. However, when the computer receives a Crypto-erase command from within the SecureDoc Windows client communication service, the Crypto-erase command will be executed correctly. Solution/Work-Around There is (at the time of this writing) no work-around for this issue. Users that require that SUSAM be enabled and do need to crypto-erase a device locally are encouraged to log in to Windows first, then log into the SecureDoc Control Center, after which the user can opt to crypto-erase the device from within the Control Center application. Administrators can validate whether crypto-erase has failed by checking for new events or audit-log entries logged from the device following the logging of the crypto-erase event. If such later log entries exist, try Crypto-erasing the device again from the console, ideally during a user's Windows session. This may need to be repeated if a user Windows session is not available. Resolution This issue is targeted to be corrected in SES Version 7.1. Once V7.1 is available, it is recommended that you upgrade client devices. |
Custom Fields
|