SecureDoc Enterprise Server

Release Notes

Product Version: 9.1 SR1

Published July 26th, 2024

SecureDoc Support

WinMagic strongly recommends that you install the most recent software release to stay up to date with the latest functional improvements, stability fixes, security enhancements and new features.

Please visit Knowledge Base Article 1397 for more information on End of Life and End of Support timelines for SecureDoc software releases.

About This Release

This document contains valuable information about the current release. We strongly recommend that you read the entire document.

Recommended – WinMagic recommends this service release for all environments. Apply this update at your earliest convenience.

NOTE: End of Life date for Hotfixes is the same as the Version or Service Release upon which they are based.

Download the latest release notes for each version listed within Knowledge Base Article 1756.

System Requirements

If using features that use the TPM (e.g., MagicEndpoint, or other TPM-based authentication such as TPM protection for Key Files), devices must have TPM 2.0 – TPM 1.2 or earlier are not supported.

For server and client system requirements: https://www.winmagic.com/support/technical-specifications

For supported devices, drives, smartcards, and tokens: https://www.winmagic.com/device-compatibility

Note: It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation.

More information is available here: http://msdn.microsoft.com/en-us/library/ms143786(v=sql.100).ASPX

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note: Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g., Admin desktop) on which it runs for the console to function properly.

Client OS Support

Devices utilizing MagicEndpoint authentication must have Windows 10 or 11 – Windows 7 is not supported.

For a detailed view of which specific versions of SecureDoc are supported under various versions of Windows, macOS or Linux: See: https://www.winmagic.com/support/technical-specifications

Mobile Token-based authentication using Bluetooth is not supported on any pre-Windows 10 Operating Systems

The KnownConfigs.XML File

Customers are strongly advised to download the most current KnownConfigs.XML file, then replace the current version (if older) in the SES Application folders and

Installation Packages.

WinMagic strongly recommends that you seek out the most up-to-date version of the KnownConfigs.XML file and incorporate it into your SES implementation on a regular basis (e.g., monthly). This will help ensure your SES Version will take advantage of new client installation override settings that have been added since the version of the KnownConfigs.XML file that came with your version of SES. This will improve installation success on any new device makes/models you might purchase since installing SES, utilizing the new special settings available in newer versions of this file.

Customers are advised to look to the SecureDoc Knowledge Base for a link to the available KnownConfigs.XML files, then check that document (e.g., on a monthly basis) for updates to this file, then use the new version to replace all versions of the KnownConfigs.XML file in their SES Implementation folder structure. For example:

1. Position Windows Explorer to: c:\Program Files(x8)\WinMagic\SDDB-NT, then

2. Search for files like *.xml.

3. Sort the resulting search list by name

3

4. In each directory where a KnownConfigs.XML file is found, replace it with the new one that you have downloaded from the WinMagic Knowledge Base article.

Additional information can be found here: Installing or updating the KnownConfigs.xml file (Applies to SES from Version 7.5 onward).

The latest versions of the KnownConfigs.XML files can be found at the following links:

• SecureDoc Device KnownConfigs.XML File for SES V8.2 And Later- Download the latest version of this here: https://na80.salesforce.com/articles/Service/SecureDoc-Device-KnownConfigs-XML-File-for-SES-V8-2-Download-the-latest-version-of-this-here

• SecureDoc Device KnownConfigs.XML File for SES V7.5 - Download the latest version of this here: https://na80.salesforce.com/articles/Service/SecureDoc-Device-KnownConfigs-XML-File-for-SES-V7-5-Download-the-latest-version-of-this-here

The contents of the KnownConfigs.XML file are reserved to be developed and advanced by WinMagic solely. While customers might consider enhancing it, WinMagic cannot be held responsible for issues that might arise from such modifications and may (at its sole discretion) levy an additional support charge to any customers that encounter support issues that can be traced back non-sanctioned customer-initiated changes to KnownConfigs.XML.

WinMagic welcomes customer ideas and suggestions on how KnownConfigs.XML can be extended and improved, but WinMagic reserves the sole right to test, approve and to publish any changes to KnownConfigs.XML that it deems to be in the broader customer interest, and makes no commitment to act upon or publish all, or indeed any customer-recommended changes.

Version 9.1 SR1

IMPORTANT

For customers deploying 9.1 SR1 to devices containing Self Encrypting Drives (SEDs), if you encounter any unexpected messages indicating that SecureDoc Installation is not proceeding on such a device, please contact WinMagic Support for assistance.

Note: Starting with version 9.1, support for 32-bit operating systems is discontinued. This decision is aligned with industry trends and allows us to focus on optimizing and enhancing the performance, security, and features of our software for modern, 64-bit operating environments. Users are encouraged to transition to 64-bit operating systems to ensure compatibility with the latest developments and to benefit from the full range of capabilities provided by our software.

Which customers should upgrade to 9.1 SR1?

Version 9.1 is a release upgrade to the SecureDoc Enterprise Client and Server.

All customers are recommended can safely upgrade to 9.1 SR1

Why upgrade? https://winmagic.com/blog/5-reasons-to-update-your-winmagic-securedoc-investment/

4

NOTE: Any customers wishing to use Microsoft Azure AD (as opposed an on-premises Active Directory) must upgrade to V9.0 (or higher). Azure AD is not supported on earlier versions of SecureDoc Enterprise Server.

Any Azure AD-joined Devices must be either initially installed using V9.0, or any existing devices that will be joined to an Azure AD must be upgraded to the V9.0 (or later) client software before being joined to the Azure Active Directory.

    NOTE: SecureDoc installer now no longer supports installation on macOS Mojave. Version 9.1 ends support for macOS Mojave, and as a result the macOS Mojave target has been removed from the SecureDoc executables framework, installation, and run-time scripts.

End of Life Notice:

As of the current date, macOS Catalina has officially reached its End of Life (EOL) status. Users are strongly advised to upgrade to a newer macOS version to ensure the security and functionality of their systems. We are no longer supporting macOS Catalina.

5

IMPORTANT: For customers wishing to utilize SecureDoc’s Bluetooth Low Energy mobile device-based authentication at Pre-Boot:

1. 1 - The device Profile must specify the Linux-based Pre-Boot for UEFI devices – termed as PBLU in this documentation. Phone-based authentication (whether using Bluetooth Low Energy communication or network-based communication) does not work with

2. 2 – Bluetooth must be enabled in the endpoint computer’s hardware configuration (BIOS or UEFI settings), as use of Bluetooth Low Energy mobile device-based authentication is a compelling security feature.,

NOTE: These release notes are presented in a new format compared to prior releases. A) Rather than leading with the ticket number(s), these will include the ticket(s) at the end of each release note; b) Issues and improvements will be grouped into meaningful groups that discuss specific aspects of the product (e.g., Authentication, Server, client, and other groupings).

How to Install/Upgrade

Customers with an active support plan should contact [email protected] to receive the latest download link for their SecureDoc upgrade.

6

New Features

SecureDoc Console or SESWeb Console

SCIMSync - Directory Synchronization Service Based on SCIM 2.0 Protocol.

Description: SCIM simplifies managing user identities in cloud applications by standardizing how information is shared. This reduces the time and errors involved in adding and maintaining user data, ensuring secure and organized availability across different platforms.

Solution: SCIMSync manages user and group data between the client and server. The client sends requests, and the server responds. The client controls how often to sync, whether daily or more frequently. SES acts as the server to handle adding, deleting, and listing users and groups. SCIM focuses on syncing users, not logging them in. The SCIM username and password are unique and should be saved in OKTA and the SCIM settings for basic access.

Affected tickets: SD-47129

Linux

Support for Individual Machine Certificate Deployment in SDLinux Preboot.

Description: A new feature was introduced to support individual machine certificates for connecting to WiFi during preboot in SDLinux. To implement this, follow these steps: manually transfer a "pcks12" certificate from Windows to the Linux machine, extract it into a DER certificate and private key, deploy using the extracted certificate and private key, and provide a tool to update these certificates in SDSpace for future updates. Each client requires an individual certificate that must be picked up by the host machine.

Solution: The issue has been resolved by adding support for individual machine certificates to SDLinux wireless support. Additionally, an installer option has been added to facilitate the addition of machine certificates to SDSpace.

Affected tickets: SD-46905

Improvements

SecureDoc Console or SESWeb Console

Improved PUSH Notification Delivery with Updated API.

Enhancement: To ensure seamless and reliable notification delivery, we've upgraded the IdP to use the latest FCM HTTP v1 API starting with version 9.1SR1.

Background: The legacy FCM API for sending PUSH notifications was deprecated on June 20, 2023, with a planned shutdown beginning on July 22, 2024. Continuing to use the old API could have led to disruptions in PUSH notifications.

Solution and Benefits: With this update, the IdP now sends PUSH notifications using the new HTTP v1 API. This enhancement ensures uninterrupted service and provides a more secure, efficient, and reliable notification delivery system. Users will benefit from continuous and dependable PUSH notifications, improved performance, and enhanced security, keeping the system aligned with the latest best practices and ready for future improvements.

Affect tickets: SD-46533

Improvement of IDP for CSS.

Description: We are enhancing IDP for CSS by adding support for nested groups, new settings for "user presence" and "mobile lockout," as well as a "captcha" option. These improvements aim to increase security and flexibility in user authentication processes.

Solution: The IdP Group Properties will now include options for Out-of-Band (OOB) authentication, user presence confirmation (no action, gesture/click, mandatory authentication), mobile lockout after failed login attempts, and captcha prompts during Mobile Push logins to prevent unauthorized access. These features are managed by administrators and integrated with Cloudflare's "Turnstile" service. The group settings will prioritize the highest security option in case of conflicts and enable relevant features for users belonging to multiple groups.

Affect tickets: SD-47766

Improvement Automatic Authentication for SP with Session Cookie.

Description: We're enhancing the user login experience by adding session cookies. After logging into SP1, the session will stay active for 10 minutes. If the user logs into SP2 within this time, they won't need to verify again with ME or OOB.

Solution: IDP now ensures smooth automatic logs. If users have access to SP2, they will log in seamlessly. If SP2 needs ME verification, IDP will request it. Otherwise, logins will proceed without interruption, whether higher or lower security is needed.

Action Mode Priority: No user action required << Simple gesture/click << Must authenticate.

Note: If the IDP portal is open, it will keep renewing cookies, so they won't expire after 10 minutes.

Affected tickets: SD-47783

8

SecureDoc Client - macOS

Support for SD Applications in macOS Sonoma Japanese Environment.

Description: In macOS Sonoma Japanese, the SD for FV2 installer didn't show a message to grant necessary access, causing the installation to pause. After switching the system language to Japanese and restarting, users noticed issues like the SecureDoc icon not appearing, no connection with SDConnex, SDCC not starting, no password change screen after recovery, and inability to uninstall SD for FV2. This didn't happen in the Monterey/Venture OS environment. The problem seemed related to language settings.

Solution: This issue has been improved in version 9.1SR1.

Affected tickets: SD-46911

SecureDoc Client – iOS/Android

Improved Handling of BLE Re-Conversion After OTP Login for ME2 iOS/Android.

Issue: After successfully logging into SDCC using OTP (backup method), users are prompted to change their password KF and then convert the password KF to a Phone token. During this process, some users may see the message "Cryptoki Not Initialized" due to an internal library interaction.

Solution: This behavior is recognized as part of the current version 9.1SR1. We are continuously working to enhance our system and user experience.

Affected tickets: SD-47889

Resolved Issues

Authentication & Recovery

High CPU Usage for WMI Process.

Description: A case was reported where WMI-Activity was using 30% CPU because of the SDService.exe process. This happened when a WMI query was closed too quickly or timed out without retrying. All affected devices were BitLocker encrypted.

Solution: The issue has been fixed by updating the files in the `C:\Windows\System32` folder.

Affected tickets: SD-46949

Crypto-Erase Function Unavailable for BitLocker Devices in SES.

Problem: The "Crypto-erase a device" option is no longer available for BitLocker devices in SES starting from version 9.0. This is because, unlike SWE encryption, BitLocker cannot be recovered once crypto erased.

Solution: Re-enable the crypto erase function for BitLocker managed devices (SDOT/SDBM) in the SES console and SES Web UI.

Note: After crypto erasing, the system is not recoverable.

Affected tickets: SD-46956

CSV Export Security Alert (ID: 127904).

Issue: During testing, a command in the user description exported to a CSV file was flagged as a security alert by Microsoft Excel. This happened because the application did not correctly handle certain special characters, which could be mistaken for formulas. Efforts to clean up these characters were only partially successful.

Solution: The issue has been resolved by updating the application.

Affected tickets: SD-46976

Unable to Answer Self-Help Questions - 0 Questions Appearing.

Problem: After installing SD 9.1, users see a prompt to answer self-help recovery questions, but it shows "Please answer 2 to 0 questions" with no questions. This prompt reappears after every login.

The issue is caused by a change in SD 9.1 where the "SHQuest" setting must be in the profile but not in the package. The "Import Profile" function may delete "SHQuest" from the profile or fail to move it, causing this problem.

Solution: Ensure the SES self-help questions are correctly added during the upgrade. If a profile without the SH question setting is imported, open and save it before assigning to the device.

Affected tickets: SD-47285

10

Lenovo T14 Gen4 Pre-Boot Freeze.

Problem: After logging in preboot with BLE, the screen shows a white arrow and freezes, taking hours to continue to Windows. This is due to the PBA thread getting stuck because of high BLE message traffic causing a pre-scan loop.

Solution: A fix has been applied to stop the pre-scan loop when the number of processed records hits the limit (450) in PBL (E3.BIN).

Affected tickets: SD-47293

Port Control Not Re-enabling After Command Sent from SES.

Problem: When SES sends a command to disable port control and re-enable it after 5 minutes, the logs show it's executed, but USB devices can still be accessed. This happens because when port control is restored, a whitelist of connected USB devices is created, allowing those devices while blocking new ones.

Solution: The device whitelist is created at the client side and managed through a tool called "PCWL.exe" (Port Control White list Tool). Port control is restored automatically after a set time (default is 60 minutes), causing the issue.

Affected tickets: SD-47310

BLE Doesn't Work at Preboot with Ethernet or Display Cables Connected.

Problem: During preboot, BLE functionality is compromised when ethernet or display cables are connected, requiring multiple attempts to establish connectivity. This issue occurs because the SES network timeout blocks the BLE scan and connection.

Solution: To resolve this, we've updated the system to allow customization of the connectivity timeout. This enables adjustment of the timeout to prevent the TestConnectivity procedure from blocking BLE scans and connections.

Affected tickets: SD-47363

SecureDoc Compatibility with Custom Built Intel Tower Server.

Issue: Installing SecureDoc on an Intel-based server faced some challenges. The installation paused after Boot Logon and before encryption. The display worked when connected to a KVM during boot-up but not when switched to a direct monitor connection

Solution: We have made updates to improve compatibility. To resolve the display and network issues, add the following parameters to the profile:

Parameters to Consider:

1. Disk Configurations:

   • Disk0 (RAID1): Primary boot disk with C:(Windows) and N:(DATA), encrypted with SecureDoc.

   • Disk1 (RAID1): Backup boot disk with F:(SystemRecovery), not encrypted.

   • Disk2 (RAID10): Storage disk with M:(DATA), encrypted with SecureDoc.

11

2.  Installation Scenarios:

• Scenario 1: Installing SecureDoc with all RAID disks may cause encryption not to start after installation and reboot.

• Scenario 2: Installing SecureDoc without Disk1 (SystemRecovery (F:)) results in successful encryption and deployment.

• Scenario 3: Installing SecureDoc with the same disks, but not in RAID, also results in successful encryption and deployment.

3.   Known Issue:

• Disk numbers can switch after a reboot. For example, the disk with C:(Windows) may change between Disk0 and Disk1, and the disk with F:(SystemRecovery) may become Disk0 if the primary OS disk is Disk1.

Steps to Resolve the Issue:

1. Understand the Problem:

   • Having Disk1 (SystemRecovery (F:)) in a RAID configuration can interfere with SecureDoc's encryption process.

2. Solution:

   • Re-enable the crypto erase function for BitLocker managed devices (SDOT/SDBM) in the SES console and SES Web UI.

   • Note: The system is not recoverable after crypto-erasing.

   • Update the SES profile with necessary settings to resolve the issue.

3. Recommended Configuration:

   • Avoid including Disk1 (SystemRecovery (F:)) in the RAID setup during SecureDoc installation.

   • Use non-RAID configurations or ensure that the primary OS and recovery disks do not interfere with each other.

Additional Notes:

• Save the SCIM username and password in OKTA and the SCIM settings for basic access.

• Follow the correct steps to add settings to the SES profile to ensure SecureDoc installation packages are properly configured.

By following these guidelines, you can resolve SecureDoc installation issues related to RAID configurations and ensure successful encryption and deployment.

Additionally, the KnownConfigs.xml file has been updated. These changes ensure a smooth installation process on Intel-based servers.

Affected tickets: SD-47419

No Communication Alert Improvement.

Issue: After upgrading from 8.6SR1 HF2 to 9.1, users noticed that the no-communication alert wasn't triggering as expected. When the no-communication period was set to 1 day, devices that had been off for about 29 hours could start up without any error messages. Users were able to continue using their devices without interruptions, as no alerts were shown from SecureDoc. This happened because Windows adjusts its internal clock, which can change by up to 24 hours, and our system needed to accommodate this time change.

Solution: We updated the system to better align with Windows time adjustments, allowing a 24-hour window for time changes to ensure smooth operation without false alerts. This fix ensures devices remain functional and users can work without unexpected interruptions.

Affected tickets: SD-47464

QWERTZ Layout with CAPS Lock Enhanced in DE/SLO Preboot Environment (v9.1.000.1349).

Issue: In the new SecureDoc client, there was an issue with the German and Slovenian QWERTZ keyboard layouts in the pre-boot environment. Using CAPS LOCK or Shift+Lock swapped the Z and Y keys, causing confusion with passwords.

Solution: The CAPS LOCK functionality for the QWERTZ layout has been fixed, ensuring the Z and Y keys work correctly in the pre-boot environment.

Affected tickets: SD-47466

PBCx Autoboot with Realtek RTL8852BE WiFi 6 Adapter.

Issue: Some HP ProBook 450 G9s with Realtek WiFi adapters had trouble connecting to Wi-Fi after updating to v9.1, while other PCs with Intel adapters worked seamlessly with the same settings.

Solution: In v9.1SR1, we resolved the issue by using previous versions of certain Wi-Fi connection tools. Now, both EAP-TLS and PEAP methods work perfectly, ensuring reliable Wi‑Fi connectivity for all devices.

Affected tickets: SD-47595

Issue: UserID Not Displaying in SESWeb 9.1.000.1349.

Problem: In SESWeb 9.1.000.1349, user IDs were not visible under the properties of a device in the SDWeb [Device] menu when logged in as a non-SD root account, despite having the necessary permissions. This issue did not occur when logged in as the SD Root user (Administrator).

Solution: A recent SES system update has resolved the issue of user ID visibility on its interfaces. User IDs are now properly displayed, improving system usability.

Affected tickets: SD-47676

ME Licensing Incorrectly Takes a License for Each Device Registration.

Issue: ME licensing is user-based, allowing users to use ME on multiple devices. However, the current licensing system incorrectly consumes a new license for the same user each time they register ME on a new device. This issue arises because the SES Server counts the same user on a different client as a new user.

Solution: ME license now counts unique users instead of devices. For Access Management, each new user logging in creates a key for the IDP portal, increasing the license count.

For example, User1 logging in on different devices will still count as one user. For FIDO Easy Enterprise, each user registering FIDO keys increases the license count, but multiple keys from the same user do not.

This ensures accurate license usage based on actual users rather than device registrations.

Affected tickets: SD-47863

SDLinux Wi-Fi Connection Issue (EAP-TLS) at Preboot.

Description: The SDLinux package was deployed with a WiFi connection set in the profile (EAP-TLS with an encrypted private key), and it worked correctly at preboot. However, after changing the WiFi certificate, the preboot could no longer connect to the WiFi. This issue was caused by a mismatch in the TLS version (OpenSSL: Invalid TLS version configuration).

Solution: The problem was resolved by moving the p2p configuration out of the network section and changing the TLS settings.

Affected tickets: SD-48183

BLE Login to Windows Encountering Issues When Locking Screen (v9.1).

Issue: When trying to log into SDCP with BLE (Bluetooth) at the screen lock, the login does not succeed and shows "Username or Password wrong." Preboot Login works fine. This happens because the username formats don't match. The login screen uses a short name (e.g., E030288), but the system expects an email-like name (e.g., [email protected]).

Solution: The issue has been addressed in version 9.1SR1.

Affected tickets: SD-481135

SafeNet eToken 5110 (FIPS) Preboot Authentication Failure in v9.1.

Problem: Users are experiencing authentication errors when attempting to use the SafeNet eToken 5110 FIPS for preboot authentication. The issue is caused by the Preboot Authentication (PBA) module attempting to call a missing function, which results in a null pointer error.

Solution: The PBA crash was resolved by addressing the missing function calls related to PBL/PBU smartcards. This fix enables successful login at preboot using the SafeNet eToken 5110 FIPS.

Affected tickets: SD-48306

Limitations

IMPORTANT: Mobile Token-based authentication using Bluetooth is not supported on any pre-Windows 10 Operating Systems.

Viewing Encrypted Files in OneDrive Business.

Issue: After encrypting folders in OneDrive Business, some files within these folders remain unencrypted and can still be read in plain text.

Solution: This is a known limitation in version 9.1SR1.

Affected tickets: SD-47342

Duplicate File Creation in Encrypted OneDrive Folder.

Issue: When creating and then editing a text file in an encrypted OneDrive folder, a duplicate file is automatically generated. This unexpected behavior leads to multiple copies of the same file, which can be confusing and may impact file management.

Solution: This is a known limitation in version 9.1SR1. Our development team is aware of the issue and is working on a fix to prevent duplicate file creation in future updates.

Affected tickets: SD-47362

BLE Pairing and Dynamic Lock Test.

Description: The MagicEndpoint app has issues with Android phones paired to a PC when the "Dynamic Lock" feature in Windows is enabled. This feature should lock your system when your Bluetooth device is away. The problem is that some Android phones change their name and can't convert the password to Bluetooth after connecting and enabling Dynamic Lock.

Solution: iPhone devices work properly with this feature.

Affected tickets: SD-48218

Users may see a "The service is already registered. - code 1242" message after a power cycle if ME is not installed yet.

Description: If BLE push is set up by scanning the QR code, it might not work if ME is not installed on the client. This happens because the necessary information was not updated locally, causing the system to think BLE push is not set up properly.

Solution: To avoid this issue, install ME on the client before the next power cycle. This will ensure BLE push notifications work correctly and prevent the error message from appearing.

By installing ME before shutting down, users can enjoy smooth BLE push notifications without any issues.

Affected tickets: SD-48642

15

Contact WinMagic

Acknowledgements

This product includes cryptographic software written by Antoon Bosselaers, Hans Dobbertin, Bart Preneel, Eric Young ([email protected]) and Joan Daemen and Vincent Rijmen, creators of the Rijndael AES algorithm.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).

WinMagic would like to thank these developers for their software contributions.

©Copyright 1997 – 2024 by WinMagic Corp. All rights reserved.

Printed in Canada Many products, software and technologies are subject to export control for both Canada and the United States of America. WinMagic advises all customers that they are responsible for familiarizing themselves with these regulations. Exports and re-exports of WinMagic Inc. products are subject to Canadian and US export controls administered by the Canadian Border Services Agency (CBSA) and the Commerce Department’s Bureau of Industry and Security (BIS). For more information, visit WinMagic’s web site or the web site of the appropriate agency.

WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac, MySecureDoc, MySecureDoc Personal Edition Plus, MySecureDoc Media, PBConnex, SecureDoc Central Database, SecureDoc Cloud Lite, MagicEndpoint and MagicEndpoint FIDO Eazy are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2023 WinMagic Corp. All rights reserved.

© Copyright 2024 WinMagic Corp. All rights reserved. This document is for informational purpose only. WinMagic Corp. makes NO WARRANTIES, expressed or implied, in this document. All specification stated herein are subject to change without notice.

16