Bromium Platform Requirements

Check that the systems on which you are installing the Bromium platform meet the following requirements:

Hardware or Software	Description
CPU	Intel Core i3, i5, i7 with Intel Virtualization Technology (Intel VT) and Extended Page Tables (EPT) enabled in the system BIOS. AMD processor with Rapid Virtualization Indexing (RVI). Bromium supports most enterprise class AMD CPUs sold since 2011. Supported models have names of type A4/A6/A8/A10 (followed by a four digit number in which the first digit is not 3.) Bromium recommends quad-core AMD CPUs for optimal performance. In VDI/nested virtualization environments, Bromium supports Intel CPUs only.
Memory	Minimum: 4 GB RAM Recommended: 8 GB RAM It is recommended that you check the amount of available memory by logging into a device after it has been powered on for a minimum of 30 minutes and before any applications have been launched. As a baseline, Bromium recommends that a typical device have the following amount of memory available before installing and enabling isolation: • Windows 7 32-bit with 1500 MB available memory prior to installation • Windows 7, 8.1, or 10 64-bit with 1800 MB available memory prior to installation
Disk	6 GB free disk space
Operating System	Microsoft Windows 7 SP1 32-bit or 64-bit (Professional, Enterprise, or Ultimate) Note: Ensure you have the following two prerequisites: • For Windows 7 32-bit, Physical Address Extension (PAE) must be supported and enabled in the BIOS • To use SHA-2 certificates, ensure you have Windows update KB3033929 or KB2949927 installed Microsoft Windows 8.1 with Update 1 64-bit (Professional, Enterprise) Note: The Japanese language version of Windows 8.1 is not supported. Microsoft Windows 10 versions are supported as follows: Anniversary Update, 64-bit (Professional, Enterprise) on Bromium Secure Platform 3.2 GA Update 8 and later Fall Creators Update, 64-bit (Professional, Enterprise) on Bromium Secure Platform 4.0 Update 3 and later April 2018 Update, 64-bit (Professional, Enterprise) on Bromium Secure Platform 4.0 Update 7 and later Note: Windows 10 April 2018 Update edition is not compatible with Bromium Secure Platform 4.0 Update 6 and earlier. For information about security features and hardware recommendations for Windows 10 releases, refer to the Microsoft site: http://www.microsoft.com If you are running monitoring only (that is, without isolation), Windows Server 2008 and Windows Server 2012 are also supported.

Note: Refer to your system manufacturer's documentation for details about enabling virtualization on Intel and AMD processors.

Required Software for Isolation

Microsoft Internet Explorer version 8, 9, 10, or 11

Note: On Windows 8.1, isolation does not protect web browsing sessions open in the Metro version of Internet Explorer. For more information, see the Browser.IEMetro.EnableIEHelperHook setting in Browser Settings.

Internet Explorer 11 Enterprise Mode and the Enterprise Mode site list

Note: If you configure enterprise mode using the EMIE site list, ensure you do the following:

1. If the EMIE site list is configured to be on a network path, that network path should be marked as trusted.

2. If the EMIE site list is hosted on a web URL, the TLD should be trusted.

Microsoft .NET Framework 3.5 or later (pre-installed with Windows 7)
Microsoft .NET Framework 4.5 (pre-installed with Windows 8.1)
Visual Basic for Applications (a shared feature in Microsoft Office installation for secure printing from Office)
XPS Services must be enabled and the Microsoft XPS Document Writer must be present to use secure printing

Additional Isolation Requirements

Bromium installation requires the following:

Local administrator privileges (if installing on specific machines for evaluation)
Active Directory administrator privileges (if installing in the enterprise for production use)
A Bromium license provided by your Bromium Sales or Customer Support representative, or use the built-in 21-day evaluation license
To run isolation in a virtualized environment using:
- Citrix Hypervisor 7.3
- VMware, ESX 5.5 Update 2 or later. ESX 6.0 is recommended

Supported Software

Isolation can be used with any file type (extension) that is associated with the following supported applications.

Chrome versions 54, 55, 56, 58, 59, 60, 61, 62, 63, 64, and 65
Mozilla Firefox versions ESR 52 (32-bit versions)

Note: If Firefox is already installed on endpoints and has not been launched prior to installing the Bromium platform, you must do the following to ensure browser sessions are isolated in a micro-VM:

1. Launch Firefox to create a new profile for the user. If you have multiple users or if you create new users, you must launch Firefox for each new or additional user.
2. Close Firefox and restart Bromium isolation.
You can now launch Firefox in an isolated micro-VM.

These steps also need to be performed if you create more than one Firefox profile per user.

Microsoft Office 2010, MSI, x86 or x64:
Standard, ProPlus
Microsoft Office 2013, MSI, x86 or x64:
Standard, ProPlus
Microsoft Office 2013, Click-to-Run, x86 and x64
Standard, ProPlus, Home Business, Home Student, Personal, Professional, O365 ProPlus, O365 Business, O365 Small Business Premium, O365 Home Premium
Microsoft Office 2016, MSI, x86 or x64:
Standard, ProPlus
Microsoft Office 2016, Click-to-Run, x64 and x86:
Standard, ProPlus, Home Business, Home Student, Personal, Professional, O365 ProPlus, O365 Business, O365 Small Business Premium, O365 Home Premium

Note: Microsoft Office shared computer activation licensing is supported; however on some systems, when opening an isolated Word document users may temporarily see a banner stating Office has not been activated.

Microsoft Outlook 2010, 2013, and 2016
Adobe Reader versions 9, 10, 11, DC Classic 2015, DC Classic 2017, DC Continuous 2015, DC Continuous 2017, and DC Continuous 2018
Adobe Acrobat Professional version 10 and 11, DC Classic 2015, and DC Continuous 2015
Adobe Flash (all versions)
Windows Media Player 12 (32-bit and 64-bit)
Microsoft Silverlight 4 , 5, and 5.1
Oracle Java 6, 7, and 8 (32-bit)
Autonomy (FileSite or DeskSite) version 9
Oracle VM VirtualBox on:
Windows 7 32 and 64-bit
Windows 8.1 and later 64-bit version with Intel

Note: VirtualBox is not supported on endpoints running AMD processors

Support for endpoints running virtualization-based security (VBS) with the following configuration:
Windows 10 64-bit with virtualization-based security (VBS) and Hyper-V enabled
UEFI Secure Boot enabled
The Fast Startup power option in Windows must be disabled
Intel vPro 4th generation Core (i3/i5/i7) and newer or AMD Ryzen
Trusted Platform Module (TPM) is recommended

VDI deployments on:
VMWare Horizon View 7.x (last validated with version 7.3 with ESX 6.5)
Citrix Virtual Desktops 7.x (last validated with version 7.16 with Citrix Hypervisor 7.3)
Windows Defender Credential Guard
McAfee DLP for Internet Explorer
Symantec DLP
McAfee Endpoint version 9.3 and later

Bromium software has been tested with the following third-party endpoint security product solutions in their standard configurations:

Microsoft Security Essentials 4.0
Symantec Endpoint Protection 11.0.6, 11.0.7, and 12
McAfee Endpoint Protection or Total Protection 8.7 and 8.8
Trend Micro OfficeScan 10.6
Bit9 Parity

IMPORTANT: Ensure you create appropriate exclusions in the configuration of installed endpoint security products so that they do not interfere with or prevent the normal operation of Bromium products. Necessary actions may consist of excluding all Bromium processes and binaries from the third-party endpoint security product. The absence of exclusions may result in failed Bromium software initialization and slow or blocked browsing and opening of isolated documents. For more information, see Third-party Product Exclusions.

Supported Languages

Isolation supports user interfaces in the following languages on the specified version of Windows:

English US (en-US), all supported versions of Windows
English UK (en-GB), Windows 8 and later. On Windows 7, GB is supported as a locale, not a language.
French (fr-FR), all supported versions of Windows
French Canadian (fr-CA), Windows 10 and later
German (de-DE), all supported versions of Windows
Spanish (es-ES), all supported versions of Windows
Swedish (sv-SE), all supported versions of Windows
Italian (it-IT), all supported versions of Windows
Brazilian Portuguese (pt-BR), all supported versions of Windows
Japanese (ja-JP). all supported versions of Windows

Note: Isolation supports all Windows locales.

Running Monitoring and Windows 10 Fall Creators Update

Support for Windows 10 Fall Creators Update was introduced in Bromium Secure Platform 4.0 Update 3 and will not work on earlier versions of Bromium products. To upgrade to Windows 10 Fall Creators Update, you must upgrade to Bromium Secure Platform 4.0 Update 3 or later before updating Windows.

If you have already upgraded to Windows 10 Fall Creators Update, see https://support.bromium.com/s/article/Planned-Support-for-Microsoft-Windows-Fall-Creators-Edition for information about resolving this issue.

Configuring Isolation with McAfee DLP and Symantec DLP

To enable support for McAfee Endpoint version 9.3 and Symantec DLP version 14.0.1, add the following setting to your policy:

Browser.DLPCheckMode = 1 (on) or 0 (off)

Browser.DLPType = 1 (for McAfee DLP) or 0 (for Symantec DLP)

After you modify this setting, you must reinitialize isolation. To do this, use the Reinitialize Isolation remote command in the controller.