Views:

The FDE update is delivered as an executable (.exe) file using any of the following methods:

  • Use SMS or other software push method. A forced reboot is recommended to complete this installation.
  • Manually run the executable on a local client machine. End-users will be prompted if a reboot is necessary.
  • Upload the executable as a service pack to the PolicyServer.

It is recommended to do a small pilot of fresh installations and upgrades before deploying the latest FDE build to your user base.

For questions, contact Trend Micro Technical Support.

 
It is not recommended to use the PolicyServer in pushing updates on the existing FDE clients. It is very important to restart a device immediately after updating the FDE encrypted machine. This process can be automated when using SMS or another software push method.
If this is not restarted after the update, FDE pre-boot environment may become fragmented or corrupted leading to end-user downtime. This happens because a decrypt and recovery of end-user data files will be required prior to the repair of the machine.
It is recommended to target a sample group or small subset of users prior to pushing FDE update to your entire population of users.
  1. Log in to your MMC as an enterprise administrator.
  2. Expand the Enterprise Maintenance and click Enterprise Service Packs.
  3. Delete the previous service packs you may have uploaded.
  4. Right-click and choose Add.
  5. Browse the latest FDE Update files provided by Endpoint Encryption.
  6. Click OK.

The MMC will begin uploading the update to the PolicyServer. Once the upload is completed, any FDE client that synchronizes with the PolicyServer will begin downloading the update.

No. The FDE update files provided with the SP7 release can update SP4a to SP6a machines in one patch. You do not have to go in a particular path to get to FDE SP7 if you are on these versions.

Customers with FDE versions lower than SP4a are encouraged to contact Trend Micro Technical Support to work out the best possible upgrade path for their enterprise.

Yes. Due to the complexity of updating our drivers and pre-boot kernel, the FDE update must be run with Administrative level rights.

Yes, downloading updates from the PolicyServer is controlled at the Group level. The policy settings are in the MobileSentinel Policy for that group.

 
Turn off the ServicePackDownload policy for all the groups that you do not want to apply the service pack to.
  1. Expand the Group that you want to control the service pack update.
  2. Expand Policies and select MobileSentinel.
  3. Navigate to MobileSentinel > PC > ServicePackDownload.
  4. Right-click ServicePackDownload and select Properties.
  5. To enable the Service Pack updates, set the Property to Yes and click Apply.
    To disable the Service Pack updates, set the Property to No and click Apply.
  6. Right-click ServicePackDownloadBeginHour and select Properties.
  7. Set the time when to begin Service Pack Updates and click Apply.
  8. Right-click ServicePackDownloadEndHour and select Properties.
  9. Set the time when to end the Service Pack Updates and click Apply.

After applying the first stage of a Windows Vista Service Pack, Windows may not perform correctly during the loading process.

The following products are affected:

  • FDE SP5
  • FDE SP6 (upgrades only)
     
    Newly installed FDE SP6 are not impacted and can be updated with the latest Vista service pack per your established change management processes.

Endpoint Encryption has a registry fix to apply to FDE SP5 or upgraded DataArmor SP6 machines. Request the file from Trend Micro Technical Support.

  1. Confirm that the PC is 100% encrypted.
  2. Unzip the contents from RegistryFix.zip
  3. Right-click RegistryFix.exe and select Run as administrator.
  4. Reboot the PC.
  5. Run your Vista Service Pack upgrade on the machine.
Keywords: FAQ client updates,client updates,ways to update,best practices, best practices for FDE upgrades,best practices for FDE upgrades