Back in January, PGP Corporation released a much anticipated update to their PGP Desktop lineup -PGP Desktop 10.0.  This update was much anticipated because it finally added support for Mac OS X 10.6 Snow Leopard.  The great benefit here is that those who would be so inclined to utilize whole disk encryption on mac, and choose PGP as their platform of choice, could now upgrade to Snow Leopard and have their drive encrypted.

In testing this new software I discovered a bug, however.  When utilizing PGP Desktop 10 for Mac in an environment managed by PGP Universal Server (2.12), I was frequently asked to re-enroll my Mac with the universal server.   Until I was able to re-enroll, PGP Desktop was unavailable.   Whole Disk Encryption was thankfully NOT affected.

After working fairly closely with PGP support on this issue it was determined to be a bug,  and after providing them a wealth of information from our environment they were able to reproduce the issue on their end and provide a list of steps that would reproduce it 100% of the time.

Thankfully,  we’ve also been able to determine a successful workaround for this issue.

The underlying cause for this behavior appears to be on-access scanning by antivirus products on the Mac interfering with the PGP plist files in ~/Library/Preferences/

The workaround that has worked in my testing so far has been to create exclusions in the scanning policy for:

~/Library/Preferences/com.pgp.pgp.plist

~/Library/Preferences/com.pgp.desktop.plist

~/Library/Preferences/com.pgp.admin.plist

~/Library/Preferences/com.pgp.engine.plist

With those four files excluded from on-access antivirus scanning, I have been unable to get PGP Desktop to prompt me for re-enrollment,  indicating that this does, in fact, provide a workaround for the issue.

A huge thanks goes to the PGP Support team who worked this issue hard and were a pleasure to work with in finding a resolution to this issue.

(note: I am in no way affiliated with PGP Corporation.)