This article includes the EFI recovery disks for a Mac OS X system which is has been encrypted using PGP Disk Whole Encryption. Warning: This recovery disk is only available for use on Macintosh OS X 10.5.8 (Leopard)and 10.6 (Snow Leopard) systems with PGP Desktop 10.0.x through 10.1.x. My DocumentsPGP is the default location for the placement of the keys. Symantec Encryption Desktop works best when the keys are on the local hard drive.

Symantec Encryption Desktop (PGP) for Mac is no longer available. Dell Data Protection Encryption (DDPE) will be replacing PGP for macs, please click here for more information!

Symantec Encryption Desktop (PGP) Mac OS X system requirements

• Apple Mac OS X 10.7.x, 10.8.x, 10.9.x
• Intel Processor
• 512 MB of RAM
• 64 MB hard disk space

• Desktop or laptop disks, including solid-state drives
• External disks, excluding music devices and digital cameras
• USB flash disks

• Disks formatted using the APM partition scheme
• Any type of server hardware, including RAID disk drives
• Diskettes and CD-RW/DVD-RWs

• Apple Mail 3.5, 4.0 Microsoft Entourage 2008 SP1
• Entourage is compatible for POP/IMAP only. 'Exchange Mode' is supported when using the Entourage Scripts included with Symantec Encryption Desktop (PGP). Automatic proxying is not supported with the scripts. For more information on using the scripts, see 'Integrating with Entourage 2008' in the Symantec Encryption Desktop (PGP) for Mac OS X User's Guide
• Lotus Notes 8.5.2
• Microsoft Outlook for Mac 2011

• iChat 4.0, 5.0 SL
• Other instant messaging clients may work for basic instant messaging, but have not been certified for use

• Norton Antivirus 11 and Norton Internet Security 3.0: To use Symantec Encryption Desktop (PGP) with email and instant messaging, you must disable the Vulnerability Protection option in Norton. To do this, select Auto Protection and then disable the option for Vulnerability Protection.' [18130]
• ClamXav: ClamXav is not compatible with PGP WDE on Mac OS X systems. [25682]
• VirusBarrier X6: VirusBarrier X6 is not compatible with PGP WDE on Mac OS X systems. [28849]

Install Instructions

If using another disk encryption software, decrypt and if applicable remove the other encryption software before installing Symantec Encryption Desktop (PGP). Ex. FileVault, Checkpoint FDE

1. Download the client installer from http://software.ucsf.edu/applications/pgp.html
   
2. Double click the compressed file and double click on PGP.pkg
   
3. Follow the on-screen instructions
   
4. When prompted restart the system
   
5. After installing Symantec Encryption Desktop (PGP) and restarting PGP Setup Assistant will launch to complete enrollment. Enter in your UCSF Email address, [email protected] and your email password – click Continue
   
6. Introduction screen – Select 'I am a new user' and click Continue
   
7. Keyring Setup Summary - Click 'Finish'
   

Whole Disk Encryption Best Practices

• Determine whether your target disk is supported. PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks
• Back up the disk before you encrypt it. Before you encrypt your disk, be sure to back it up so that you won’t lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk
• Ensure the health of the disk before you encrypt it. If PGP WDE encounters disk errors during encryption, it will pause encryption so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption
• System meets UCSF’s minimum security standards
• Screen lock configured
• Anti Virus, Anti Spyware and software firewall
• Be certain that you will have AC power for the duration of the encryption process

Setting up Whole Disk Encryption - Mac OS X

• Before encrypting review Whole Disk Encryption Best Practices
• A PGP encrypted disk must be decrypted before performing the following tasks:
  • Repartition encrypted hard drives
  • Running Boot Camp Assistant
  • Drive Recovery programs – Disk Warrior
• Symantec Encryption Desktop (PGP) must be uninstalled before upgrading to a new operating system
  • ex. 10.7 or 10.8 to 10.9
• Do not perform a hard shut down on your Mac OS X system while Symantec Encryption Desktop (PGP) is encrypting or decrypting your disk
• Do not accept any Operating System updates while the disk is encrypting. If the update occurs automatically, do not restart your computer until the encryption process has completed
• Hibernation also called Safe Sleep is not supported with PGP WDE, when a Mac goes to sleep and runs out of battery power the Mac will shut down and not go into safe sleep. It’s important to turn off the machine if it will run out of battery power
• Running Boot Camp setup assistant or running Boot Camp on a PGP WDE drive will cause data loss
• Safe boot is not supported

1. After installing Symantec Encryption Desktop (PGP), open Applications -> Encryption Desktop
   
2. Click on PGP Disk then “Encrypt a Disk”
   
3. Select your computer’s Hard Drive and click Continue
   
4. Create WDE passphrase user name and password. Minimum 7 characters then click Continue
   
5. Click the Encrypt button to begin encrypting the disk. Encryption will take 4-12 hours to complete; you must verify that your system is encrypted to 100% before it is considered ‘encrypted’ by our central logging system
   
6. After encryption is enabled the system will have a Pre-boot Authentication Screen, only the passphrase user that was created in the beginning of this process will be able to authenticate. Additional users can be configured. See Symantec Encryption Desktop (PGP) User’s guide for more information
   
7. Verifying disk encryption. Open Symantec Encryption Desktop (PGP), expand PGP Disk and click on your disk. Verify that status displays “encrypted'
   

The article will be updated when additional platforms or other system requirements are tested and added for Symantec Encryption Desktop for Mac OS X.

System requirements for the 10.4.1 release

• Supported platforms:
  • For Symantec Drive Encryption users: Mac OS X 10.9.5 and 10.10.x
  • For Symantec Encryption Desktop for FileVault users: Mac OS X 10.11.x, 10.12.x

• 512 MB of RAM

• 80 MB hard disk space

For more information about Symantec Encryption Desktop for Mac OS X support for Mac OS X 10.11.4, see article http://symantec.com/docs/INFO3684.

Symantec Drive Encryption is not compatible with any third-party software that could bypass the Symantec Drive Encryption protection on the Master Boot Record (MBR) and write to or modify the MBR.

Note: Starting with the release of Symantec Encryption Desktop 10.3.2, Symantec Encryption Desktop will not be compatible with Apple Boot Camp on any Apple Mac OS X system. For more information about upgrading Symantec Encryption Desktop 10.3.2 on Mac OS X systems enabled with Apple Boot Camp, see article http://www.symantec.com/docs/TECH212700.

Email client software compatibility

Symantec Encryption Desktop will, in most cases, work without problems with any Internet-standards-based email client that runs on Mac OS X 10.9.5 through 10.12.3.

The following email clients have been tested for compatibility:

• Apple Mail 8.x, 9.x, and 10.x

• Microsoft Outlook 2011 for Mac

• Hp m2n68 la bios update. Microsoft Outlook 2016 for Mac

Note: Always ensure that the latest updates for Microsoft Outlook 2016 for Mac are installed.

Anti-virus software compatibility

Symantec Encryption Desktop has been tested for compatibility with:

• Symantec Endpoint Protection 12.1 RU6 MP4

• Symantec Endpoint Protection 12.1 RU6 MP6

• Symantec Endpoint Protection 14.0