Operating Systems Parent topic

Important
Important
Ensure that the following root certification authority (CA) certificates are installed with intermediate CAs, which are found in WKSrv.exe. These root CAs should be installed on the Safe Lock agent environment to communicate with Intelligent Manager.
  • Intermediate_Symantec Class 3 SHA256 Code Signing CA
  • Root_VeriSign Class 3 Public Primary Certification Authority - G5
To check root CAs, refer to the Microsoft support site:
https://technet.microsoft.com/en-us/library/cc754841.aspx
Note
Note
  • Memory Randomization, API Hooking Prevention, and DLL Injection Prevention are not supported on 64-bit platforms.
  • See the latest Safe Lock readme file for the most up-to-date list of supported operating systems for agents.
Windows clients:
  • Windows 2000 SP4 (32-bit)
    Note
    Note
    Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    To support these features, install Filter Manager:
    • For Windows 2000 Service Pack 4, apply the update KB891861 from the Microsoft Update Catalog website.
    • For Windows XP SP1, upgrade to Windows XP SP2.
  • Windows XP SP1*/SP2/SP3 (32-bit) (except Starter and Home editions)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Vista No-SP/SP1/SP2 (32-bit) (except Starter and Home editions)
  • Windows 7 No-SP/SP1 (32-bit and 64-bit) (except Starter and Home editions)
  • Windows 8 No-SP (32-bit and 64-bit)
  • Windows 8 No-SP (Professional/Enterprise) (32-bit and 64-bit)
  • Windows 8.1 No-SP (Professional/Enterprise with Bing) (32-bit and 64-bit)
  • Windows 8.1 No-SP (32-bit and 64-bit)
  • Windows 10 (Professional/Enterprise/IoT Enterprise) (32-bit and 64-bit)
    - Anniversary Update (Redstone 1)
    - Creators Update (Redstone 2)
    - Fall Creators Update (Redstone 3)
    - April 2018 Update (Redstone 4)
    - October 2018 Update (Redstone 5)
    Note
    Note
    • Unlock the endpoint before updating your Windows 10 operating system to the Anniversary Update, Creators Update, Fall Creators Update, April 2018 Update or October 2018 Update.
    • OneDrive integration in Windows 10 Fall Creators Update and Spring Creators Update is not supported. Ensure that OneDrive integration is disabled before installing Safe Lock.
    • To improve performance, disable the following Windows 10 components:
      • Windows Defender Antivirus. This may be disabled via group policy.
      • Window Update. Automatic updates may require the download of large files which may affect performance.
      • Windows Apps (Microsoft Store) auto-update. Checking for frequent updates may cause performance issues.
    • In Windows 10 April 2018 Update (Redstone 4) and later, Safe Lock has the following limitations when working with folders where the case sensitive attribute has been enabled:
      • Enabling the case sensitive attribute for a folder may prevent Safe Lock from performing certain actions (eg. prescan, quick scan, custom actions) on that folder. Folders that do not have the attribute enabled are not affected.
      • Safe Lock blocks all processes started from folders where the case sensitive attribute is enabled. Additionally, Safe Lock is unable to provide any information for the blocked processes, except for file path.
      • The Safe Lock agent cannot verify file signatures of files saved in folders where the case sensitive attribute is enabled. As a result, DAC exceptions related to signatures cannot work.
 
Windows Server:
  • Windows 2000 Server SP4* (32-bit)
    Note
    Note
    Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
  • Windows Server 2003 SP1/SP2 (32-bit)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Server 2003 R2 No-SP/SP2 (Standard/Enterprise/Storage) (32-bit)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Server 2008 SP1/SP2 (32-bit and 64-bit)
  • Windows Server 2008 R2 No-SP/SP1 (64-bit)
  • Windows Server 2012 No-SP (64-bit)
  • Windows Server 2012 R2 No-SP (64-bit)
  • Windows Server 2016 (Standard) (64-bit)
 
Windows Embedded Standard:
  • Windows (Standard) XP Embedded SP1*/SP2 (32-bit)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Embedded Standard 2009 (32-bit)
  • Windows Embedded Standard 7 (32-bit and 64-bit)
  • Windows Embedded Standard 8 (32-bit and 64-bit)
  • Windows Embedded 8 Standard No-SP (32-bit and 64-bit)
  • Windows Embedded Standard 8.1 (32-bit and 64-bit)
  • Windows Embedded 8.1 Standard (Professional/Industry Pro) (32-bit and 64-bit)
 
Windows Embedded POSReady:
  • Windows Embedded POSReady (32-bit)
  • Windows Embedded POSReady 2009 (32-bit)
  • Windows Embedded POSReady 7 (32-bit and 64-bit)
 
Windows Embedded Enterprise:
  • Windows Embedded Enterprise XP SP1*/SP2/SP3 (32-bit)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Embedded Enterprise Vista (32-bit)
  • Windows Embedded Enterprise 7 (32-bit and 64-bit)
 
Windows Embedded Server:
  • Windows Embedded Server 2003 SP1/SP2 (32-bit)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Embedded Server 2003 R2 (32-bit)
    Note
    Note
    • Safe Lock installed on Windows 2000 SP4 (without update rollup) or Windows XP SP1 does not support the following functions: DLL/Driver Lockdown, Script Lockdown, Integrity Monitoring, USB Malware Protection, Storage Device Blocking, Maintenance Mode, and Predefined Trusted Updater.
    • Safe Lock does not support a custom action of quarantine on Windows XP.
  • Windows Embedded Server 2008 (32-bit and 64-bit)
  • Windows Embedded Server 2008 R2 (64-bit)
  • Windows Embedded Server 2012 (64-bit)
  • Windows Embedded Server 2012 R2 (64-bit)
 
Windows Storage Server
  • Windows Storage Server 2016