March 29th 2016
Announcing the availability of McAfee Management of Native Encryption (MNE) 4.1.0 for Apple FileVault and Microsoft BitLocker management via ePolicy Orchestrator (ePO).
Available now, McAfee announces the release of Management of Native Encryption (MNE) 4.1.0. This release contains several important new product enhancements and defect fixes. Details of the new enhancements in this release are listed in the section below.
MNE is the primary solution for Mac OS X and replaces McAfee “EEMac” that went EOL December 31, 2014; please refer to End of Life and End of Sale for Endpoint Encryption for Mac 7.0 KB79877
Management of Native Encryption is available in the following Endpoint Security Suites:
- McAfee Complete Data Protection
- McAfee Complete Data Protection - Advanced
- McAfee Complete Endpoint Protection - Business
- McAfee Complete Data Protection – Essential
- McAfee Endpoint Protection for SMB - Advanced
Please refer to the following articles for suitability in your environment:
New Enhancements in this Release:
Support for additional encryption algorithms (XTS mode)
MNE has added support for the latest XTS-AES encryption algorithms that were added into Windows 10 version 1511 (November Update).The XTS-AES encryption algorithm provides additional protection against attacks that “rely on manipulating cipher text to cause predictable changes in plain text.” MNE 4.1 allows XTS-AES algorithm types to be selected in the BitLocker policy.
The reporting capabilities within MNE have also been enhanced to allow the algorithm type to be queried for each system. This now shows all encryption algorithms supported by BitLocker, including all hardware encryption algorithms that the eDrive compliant OPAL drives support.
Permit the use of enhanced PIN (BitLocker)
Allow enhanced PINs for startup enables the use of more complex personal identification numbers (PINs) that include uppercase and lowercase letters, symbols, numbers, and spaces at startup.
Once you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs. Some computers might not support enhanced PINs in the pre-boot environment. It is strongly recommended that all systems are checked for compatibility prior to activating this in policy.
End user postponement of activation (BitLocker)
MNE 4.0.0 introduced the ability for end users to postpone activation of BitLocker. This feature allows the end user to postpone the entry of credentials (PIN/Password) for a predefined timeframe. At the end of this time period, the user will be prompted again to enter credentials but may repeat the postponement, and can do so repeatedly.
This feature has been enhanced in MNE 4.1 to allow the Administrator to define a limit for the number of times a user is allowed to postpone activation. Once this limit is reached, the user will no longer be offered the option to defer activation.
WebAPI command for expiring keys
Many Enterprises leverage internal or 3rd party helpdesk systems to provide recovery options for their user estate. Exposing a WebAPI command for expiring keys ensures that when a recovery action is invoked via the WebAPI, the recovery keys are marked as expired thus ensuring key rotation on next policy enforcement.
Dashboard and reports for activation failures
Rolling out and deploying software to endpoints can provide challenges and introduce additional overhead. MNE 4.1 now includes additional reporting and a new dashboard entry so that administrators can quickly and intuitively check to see if there are any encryption (activation) failures within their estate and target these systems for follow up action where appropriate.
Management of Native Encryption 4.1.0 (MNE 4.1.0) is available in the following languages:
- ePO Extension (MNEAdmin): English, Japanese, French, Spanish, German
- Mac OS X Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional
- Windows Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional, Italian, Portuguese Brazilian, Czech, Danish, Dutch, Finnish, Greek, Hungarian, Norwegian, Polish, Portuguese, Russian, Slovak, Slovenian, Swedish, and Turkish.
- DPSSP extension: English, Brazilian Portuguese, Chinese-Simplified, Chinese-Traditional, Danish, Dutch, French, Finnish, German, Italian, Japanese, Korean , Norwegian, Portuguese, Russian, Spanish, Swedish, Turkish
- Release Notes for MNE 4.1.0: PD26393
- Prerequisite Installation Checklist KB86810[BS2]
- MNE 4.1.0 Product Guide: PD26394
- MNE FAQs: KB79614
For more information:
- Supported Platforms, Environments, and Operating Systems for Management of Native Encryption: KB79375
- Support for Windows To Go: KB82249
- Management of Native Encryption 4.x Known Issues: KB86057
The product is now available for customers from McAfee Product Downloads with a valid grant number.
Internally, the product and documentation is available at:
Many thanks to everyone who participated in this release and made it possible.
If you have any questions, please feel free to reach out to:
McAfee Management of Native Encryption Team