Mac 除錯 | 賽門鐵克

1.【如何確認 PGP 硬碟加密目前是採用 DES-128 或 DES-256】2. 【若將 PGP 硬碟加密政策由目前的 DES-256 改為 DES-128，該硬碟是否需先行解密後再進行加密】

【如何確認 PGP 硬碟加密目前是採用 DES-128 或 DES-256】

【若將 PGP 硬碟加密政策由目前的 DES-256 改為 DES-128，該硬碟是否需先行解密後再進行加密】

以上問題可參考官網 https://support.symantec.com/en_US/article.TECH224377.html

【如何確認 PGP 硬碟加密目前是採用 DES-128 或 DES-256】

請參考下圖於用戶端執行以下指令：

【64 位元電腦請切換至以下目錄】

C:\Program Files (x86)\PGP Corporation\PGP Desktop

【32 位元電腦請切換至以下目錄】

C:\Program Files\PGP Corporation\PGP Desktop

再執行

pgpwde –status –disk 0 –xml |find “alg”

※ for Mac → 執行 pgpwde –status –disk 0 –xml

在輸出的結果中，找到以下數值，若 alg=”9” 則該硬碟採用 DES-256 加密，若 alg=”7” 則該硬碟採用 DES-128 加密

【若將 PGP 硬碟加密政策由目前的 DES-256 改為 DES-128，該硬碟是否需先行解密後再進行加密】

是的，請參考下方程序

Unable to Encrypt Mac Systems on MAC Yosemite with Symantec Encryption Desktop 10.3.2 with error 116385 when Microsoft Office 2011 has been installed prior to Symantec Drive Encryption

http://www.symantec.com/business/support/index?page=content&id=TECH229178

Issue

In attempting to encrypt a Mac OS X 10.10 Yosemite system with Symantec Drive Encryption 10.3., the following error occurs:【PGPError :116385】

Error

“An error occurred while encrypting your disk:
PGPError :116385”

In addition to receiving the above error, a prompt will continuously pop up indicating changes are needed. When Symantec Drive Encryption has been installed properly, this pop up should never be displayed:

Cause

The reason this happens is the permissions set for the /Library/PrivilegedHelperTools directory is not set according to what is needed for Symantec Drive Encryption 10.3.2. This condition typically happens when Microsoft Office 2011 has been installed prior to Symantec Drive Encryption, but only on Yosemite. Previous versions of Mac OS X (such as Mavericks), Office 2011 and Symantec Drive Encryption are unaffected by this issue.

Solution

The workaround for this is to run the following command via Terminal and then install Symantec Drive Encryption:

sudo chown 0:wheel /Library/PrivilegedHelperTools/

Once the above command is run, type in the Mac Admin password to allow the permission change to occur. Once the command is completed successfully, the permissions for the group “wheel” will be assigned, instead of “Admin”.

To confirm the appropriate permissions have been set, run the following command:

ls -al /Library/PrivilegedHelperTools/

The following permissions will be displayed to confirm the correct permissions have been set:

Running the following command can also confirm proper permissions have been set::

stat /Library/PrivilegedHelperTools/

The permission of “root wheel" should be displayed as seen in the example.

If this entry still says “root admin”, the command did not work. Check the syntax and retry the command.

Alternatively, checking the properties of the /Library/PrivilegedHelperTools/ properties via Finder will show the following correct permissions:

Once the permissions have been set properly, uninstall Symantec Drive Encryption if installed, and then install the application. This time, Drive Encryption should succeed.

Symantec Development is currently working into this for a final resolution. Subscribe to this article for any future updates with this issue.

新安裝之Mac OS X 10.10.0註冊後，在Userlist莫名出現其他使用者ID的問題

這樣的問題可能是使用者ID 在還原檔已存在

請參考以下畫面在該 Mac 機器中，移除 [ 其他使用者的 ] key pair

移除金鑰檔 (若有需要請先備份金鑰檔)

點選桌面左上方【Encryption Desktop】，並按下【Quit Encryption Desktop】

(1) 開啟【PGP】資料夾

(2) 將【.skr 檔】備份至其他位置或刪除

安裝 PGP Desktop 10.3.2 MP6 在 Mac OS X 10.10 需先 disable CoreStorage

What’s Changed in Symantec Encryption Desktop for Mac OS X 10.3.2 MP6
General
• Resolved incompatibilities with Apple Mac OS X 10.10 systems.
Known issues
• Compatibility with CoreStorage: CoreStorage may be applied, by default, to your Mac OS X 10.10 drives. Symantec Encryption Desktop is not compatible with CoreStorage drives. In order to install Encryption Desktop, you must disable CoreStorage. In addition, in order to prevent future issues, including issues with an encrypted disk, do not re-enable CoreStorage after Encryption Desktop has been installed and your drive has been encrypted. Failure to do so could result in data that cannot be recovered. This issue will be resolved in a future release of the product. [3653114]

所以目前安裝PGP於10.10之前需要先做以下動作

1. 先開啟terminal視窗
下指令: diskutil list查詢目前的情況
10.10版本的預設值會開啟CoreStorage

2. 輸入指令轉換格式：diskutil cs revert / (請注意revert後需要加一個空格再打/)
接著下diskutil list檢查一次格式
Hdd將會轉換回App_HFS，之後就可以正常安裝

為了防止系統出現問題或是Hibernation 回復時資料的遺失，PGP WDE disable Mac OS X Hibernation function

由於 PGP WDE 在處理 Mac OS X Hibernation 回復時，會使用到一個特殊的檔案，但 Mac OS X Hibernation 回復時是拒絕任何外來檔案
所以為了防止系統出現問題或是Hibernation 回復時資料的遺失，PGP WDE disable Mac OS X Hibernation function

http://www.symantec.com/business/support/index?page=content&id=TECH149486&viewlocale=en_US

Mac OS X

PGP Whole Disk Encryption is not supported with hibernation mode in the Mac OS X. In Mac OS X, an image file is created upon hibernation of the system. Once power is restored, the state of the system is restored, including any open programs or other processes that were running. The location of this file is in /var/vm/sleepimage and is the size of RAM memory on the system.

This mode may be referred to as Safe Sleep, Deep Sleep, or Hibernation. This is not the normal Sleep mode in which the power can remain on, but the system is essentially idle. This mode does not keep an image of the processes, but rather the information is stored in the RAM memory.

The Mac OS X operating system does not support foreign file systems for hibernation. Mac OS X Hibernation mode is not supported with “boot != root". This “boot != root" is essentially the system used by Mac to boot a foreign file system. For PGP Whole Disk Encryption to boot a system, a special file system is used which is considered foreign. As PGP Whole Disk Encryption is considered a foreign file system,hibernation mode is not supported by the Mac OS X< /strong>.
As a safeguard to prevent system issues and data loss, PGP Desktop disables the hibernation mode on Mac OS X. Although Sleep will still work, deep sleep does not build a sleep image