Symantec Endpoint Encryption 11.4.0

12.5.0 12.0.1 12.0.0 11.4.0

System requirements for Symantec Endpoint Encryption Client

This topic lists the requirements for installing and using Symantec Endpoint Encryption Clients version 11.4.0.
This article details the system requirements for version 11.4.0 of the Symantec Endpoint Encryption Client software. The article will be updated as additional platforms or other system requirements are tested and added.
  • Microsoft recently introduced the Smart App Control feature for Windows 11 individuals or small business users that is designed to prevent users from running malicious applications on Windows devices that default blocks untrusted or unsigned applications. Currently, Symantec Endpoint Encryption is not yet compatible with the Smart App Control feature.
  • This article applies to the 11.4.0 version only. For system requirements information for 11.3.1.x, see this article.
  • The operating systems that are listed in this topic are supported with Symantec Endpoint Encryption only when all the latest hotfixes and security patches are applied.
  • When a version of an operating system reaches End of Life (EOL) or End of Service (EOS), support for that specific version of the operating system with Symantec Endpoint Encryption is automatically discontinued.
Update History
Table: Update History
Added support for
Supported SEE version
Updated date
Microsoft Windows 11, version 23H2 (Windows 11 2023 Update)
11.4.0 or later
Dec 18, 2023
Microsoft Windows 10, version 22H2 (Windows 10 2022 Update)
11.4.0 or later
Nov 30, 2022
macOS 13.x (Ventura)
11.4.0 or later
Nov 28, 2022
Microsoft Windows 11, version 22H2 (Windows 11 2022 Update)
11.4.0 or later
Sep 30, 2022
Microsoft Windows Server 2022 Datacenter and Standard editions (64-bit)
11.4.0 MP1 or later
July 29, 2022
Supported Microsoft Windows Operating Systems
The following Microsoft Windows operating systems are supported for installing Symantec Endpoint Encryption Client with all of the latest hotfixes and security patches from Microsoft.
  • Microsoft Windows 11 Enterprise, version 23H2 (2023 Update)
  • Microsoft Windows 11 Pro, version 23H2 (2023 Update)
  • Microsoft Windows 11 Enterprise, version 22H2 (Windows 11 2022 Update)
  • Microsoft Windows 11 Pro, version 22H2 (Windows 11 2022 Update)
  • Microsoft Windows 11 Enterprise, version 21H2
  • Microsoft Windows 11 Pro, version 21H2
  • Microsoft Windows 10 Enterprise, version 22H2 (Windows 10 2022 Update), 32-bit and 64-bit versions
  • Microsoft Windows 10 Pro, version 22H2 (Windows 10 2022 Update), 32-bit and 64-bit versions
  • Microsoft Windows 10 Enterprise November 2021 Update (version 21H2), 32-bit and 64-bit versions
  • Microsoft Windows 10 Pro November 2021 Update (version 21H2), 32-bit and 64-bit versions
  • Microsoft Windows 10 Enterprise, May 2021 Update (version 21H1), 32-bit and 64-bit versions
  • Microsoft Windows 10 Pro, May 2021 Update (version 21H1), 32-bit and 64-bit versions
  • Microsoft Windows 10 Enterprise, October 2020 Update (version 20H2), 32-bit and 64-bit versions
  • Microsoft Windows 10 Pro, October 2020 Update (version 20H2), 32-bit and 64-bit versions
  • Microsoft Windows 8.1 Enterprise
  • Microsoft Windows 8.1 Pro
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2022 Datacenter, 64-bit, with updates
  • Microsoft Windows Server 2022 Standard, 64-bit, with updates
  • Microsoft Windows Server 2019 Datacenter
  • Microsoft Windows Server 2019 Standard
  • Microsoft Windows Server 2016 Datacenter
  • Microsoft Windows Server 2016 Standard
  • Microsoft Windows Server 2012 R2 Datacenter
  • Microsoft Windows Server 2012 R2 Standard
  • Deploying a Symantec Endpoint Encryption client with Opal drives on Microsoft Windows 11 is not yet supported.
  • Starting with Symantec Endpoint Encryption 11.0.1, users are not required to install the Aero Desktop theme on Microsoft Windows Server 2012 R2.
  • Symantec Endpoint Encryption Drive Encryption is not compatible with the Microsoft Windows BitLocker Drive Encryption feature and the Symantec Endpoint Encryption for BitLocker feature. Do not install both Drive Encryption and Symantec Endpoint Encryption for BitLocker on the same computer.
  • Symantec Endpoint Encryption does not support a client that you have configured for Dual Boot (when Microsoft Windows and Linux are both installed in BIOS mode).
Drive Encryption on Microsoft Windows Servers
Drive Encryption is supported on all of the client versions that are listed above as well as the following Windows Server versions:
  • Microsoft Windows Server 2022 Datacenter edition (64-bit), with an update for RAID 1 and RAID 5 (UEFI boot mode only)
  • Microsoft Windows Server 2022 Standard edition (64-bit), with an update for RAID 1 and RAID 5 (UEFI boot mode only)
  • Microsoft Windows Server 2019, Datacenter 64-bit, with an update for internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
  • Microsoft Windows Server 2019, Standard 64-bit, with an update for internal RAID 1, (UEFI boot mode only)
  • Microsoft Windows Server 2016, Datacenter 64-bit, with an update for internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
  • Microsoft Windows Server 2016, Standard 64-bit, with an update for internal RAID 1, (UEFI boot mode only)
  • Microsoft Windows Server 2012 R2, Datacenter 64-bit, with an update for internal RAID 1 and RAID 5 (UEFI and BIOS boot mode)
  • Microsoft Windows Server 2012 R2, Standard 64-bit, with an update for internal RAID 1, (UEFI boot mode only)
Dynamic disks, software RAID, and logical partitions are not supported.
Software Requirements for Microsoft Windows clients
.NET Framework Requirements
Depending on the version of Microsoft Windows that you use, the Symantec Endpoint Encryption requires the following versions of .NET Framework:
.NET Framework versions supported
Operating system
.NET Framework
  • Microsoft Windows 11 Enterprise, version 23H2 (2023 Update)
  • Microsoft Windows 11 Pro, version 23H2 (2023 Update)
4.8
  • Microsoft Windows 11 Enterprise, version 22H2
  • Microsoft Windows 11 Pro, version 22H2
4.8
  • Microsoft Windows 11 Enterprise, version 21H2
  • Microsoft Windows 11 Pro, version 21H2
4.8
  • Microsoft Windows 10 Enterprise, version 22H2
  • Microsoft Windows 10 Pro, version 22H2
  • Microsoft Windows 10 November 2021 Update (version 21H2)
  • Microsoft Windows 10 May 2021 Update (version 21H1)
  • Microsoft Windows 10 October 2020 Update (version 20H2)
4.8
Microsoft Windows Server 2022
4.8 (For Symantec Endpoint Encryption 11.4.0 and later)
Microsoft Windows Server 2019
4.7 (For Symantec Endpoint Encryption 11.3.0 and later)
Microsoft Windows Server 2016
4.6.2 (For Symantec Endpoint Encryption 11.1.3 and later)
Microsoft Windows Server 2012 R2
4.5.2
Microsoft Windows 8.1
4.5.2
Virtualization Platforms Compatibility
The Symantec Endpoint Encryption client software for Microsoft Windows is supported on the following:
  • VMware ESXi 7.0
The Removable Media Encryption feature additionally supports VMware vSphere.
VMware considers a boot disk as a removable disk. For Symantec Endpoint Encryption Drive Encryption to work correctly, disable the HotPlug capability in VMware. See the following VMware article to disable this capability: Disabling the HotAdd/HotPlug capability in virtual machines (1012225).
Citrix, Terminal Services, and Hypervisor Compatibility
Symantec Endpoint Encryption supports the Management Agent feature with the following terminal services software:
  • Microsoft Windows Server 2012 R2, 64-bit with the update
  • Citrix XenDesktop 7.1 and 7.6
  • Citrix XenServer 6.1 Hypervisor
Symantec Endpoint Encryption does not support Drive Encryption in the Citrix and Terminal Services environments.
Symantec Endpoint Encryption for BitLocker support for Trusted Platform Module (TPM)
Symantec Endpoint Encryption for BitLocker supports TPM version 1.2 and later.
Removable Media Encryption and Symantec Data Loss Prevention Compatibility
For the integration of Removable Media Encryption with Symantec Data Loss Prevention, the following are the supported versions of Symantec Data Loss Prevention:
  • 15.8 Maintenance Pack 1 and later
The integration of Removable Media Encryption with Symantec Data Loss Prevention is not supported on the earlier versions of Data Loss Prevention 15.8 Maintenance Pack 1. For more information, see the article, DLP 15.8 requires new Flex Response Plugin for Symantec Endpoint Encryption Removable Media Encryption.
For information about the supported Data Loss Prevention operating systems, see Symantec Data Loss Prevention System Requirements.
Hardware requirements for Microsoft Windows clients
Supported Disk Types for Drive Encryption
The following are the supported disk types and file systems for Drive Encryption:
  • Desktop or laptop disks, including solid-state drives (either partitions or an entire disk)
  • Advanced format drives with 512-byte emulation mode (512e)
  • FAT32 and NTFS formatted disks or partitions
  • GPT boot disks on Microsoft Windows 8.1 and later, and Microsoft Windows Server 2012 R2 or later (UEFI systems only)
Supported Opal v2-Compliant Drives for Drive Encryption
For information on the supported Opal v2-compliant drives, see the article, Compatible Opal v2-compliant drives for Symantec Endpoint Encryption Drive Encryption.
Unsupported Disk Types for Drive Encryption
The following are the unsupported disk types and file systems for Drive Encryption:
  • Any configuration where the system partition is not on the same disk as the boot partition
  • Native mode advanced format drives
  • Dynamic disks
  • SCSI drives and controllers
  • Software RAID disks
  • exFAT formatted disks
  • Resilient File System (ReFS)
Smart card support for preboot authentication
Symantec Endpoint Encryption supports the following for preboot authentication on both BIOS and UEFI systems:
  • Any generic USB CCID-compatible readers that you connect to a USB port
  • Personal Identity Verification (PIV) cards:
    • G&D SmartCafe Expert v7.0 144K DI
    • G&D Sm@rtCafé Expert 144K DI v3.2
    • G&D Sm@rtCafé Expert 80K DI v3.2
    • Gemalto Cyberflex Access 64K v2c
    • Gemalto ID Prime .NET
    • Gemalto TOP DL GX4 144K FIPS
    • HID Global Crescendo JCOP 21 version 2.4.1 R2 64K
    • Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
    • Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
    • Oberthur 64K CosmopolIC v5.2
    • Oberthur CS PIV End Point v1.08 FIPS201 Certified
    • Oberthur ID-One Cosmo 128 v5.5 Dual
    • Oberthur ID-One Cosmo v7.0
On BIOS and UEFI systems, Symantec Endpoint Encryption supports the following PIV CAC v2 smart cards:
  • G&D SmartCafe Expert v7.0 144K DI
    ATR: 3B F9 96 00 00 80 31 FE 45 53 43 45 37 20 03 00 20 46 42
  • Giesecke & Devrient SmartCafe Expert 144K DI v3.2
    ATR: 3b 7a 18 00 00 73 66 74 65 20 63 64 31 34 34
  • Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
    ATR: 3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 52 21 19 48
  • Oberthur C128K v5.5 Dual
    ATR: 3b db 96 00 80 1f 03 00 31 c0 64 b0 f3 10 00 07 90 00 80
  • Gemalto TOP DL GX4 144K FIPS
    ATR: 3b 7d 96 00 00 80 31 80 65 b0 83 11 17 d6 83 00 90 00
  • Oberthur ID-One Cosmo v8.1 128K with PIV 2.4.0
    3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 5X XX 1A XX,
    where X = mask
On UEFI systems, Symantec Endpoint Encryption requires the following smart card firmware:
  • AMI
  • HPQ
If you have issues with any of the cards listed, see the article, Symantec Endpoint Encryption Smart Card Support for preboot authentication.
Supported media types for Removable Media Encryption
  • USB flash drives
  • USB external hard drives
  • FireWire external hard drives
  • eSATA external hard drives
  • Secure Digital (SD) cards and memory cards
  • CompactFlash cards
  • NTFS drives that are compressed
  • CD-RW and DVD-RW Blu-Ray
Unsupported media types for Removable Media Encryption
  • Music devices and digital cameras
  • Diskettes
Microsoft BitLocker hardware encryption on self-encrypting drives
Symantec Endpoint Encryption for BitLocker supports hardware encryption for Microsoft eDrives.
Tablet support
Symantec Endpoint Encryption supports Microsoft Surface Pro 5 system that has an external Type or Touch keyboard. Symantec provides a utility to test whether your devices' Touch keyboards are compatible with Symantec Endpoint Encryption. For more information, see the article, https://knowledge.broadcom.com/external/article?legacyId=TECH237200
  • The external Type or Touch keyboard is required for preboot authentication on the tablet. The keyboard can be detached once the user authenticates.
  • You must disable BitLocker to use the Drive Encryption functionality on tablet computers. Alternatively, you can use the Symantec Endpoint Encryption for the BitLocker feature instead of the Drive Encryption feature.
Operating system requirements for Mac client computers
Requirements for Symantec Endpoint Encryption for FileVault
You can install Symantec Endpoint Encryption for FileVault on the Mac systems running any of the following macOS platforms:
Requirements for the Removable Media Access Utility
The Removable Media Access Utility is supported on the following macOS platforms:
Supported languages
The Symantec Endpoint Encryption Client is supported in the following languages:
  • English - Default
  • French
  • Japanese
  • Spanish

Content feedback and comments