Encryption for Files and Folders 4.1 (EEFF) introduces new features for Endpoint Encryption for Removable Media (EERM).
These new features offer an even better and more comprehensive way of handling removable media, both inside and outside the company.
It has a very low need for user interaction and administrative tasks, while also offering the highest flexibility and of course the highest security.

The following requirements and use cases will be covered in this document:

EERM in Endpoint Encryption for Files and Folders 4.1:


- Ensure no data is copied to removable media without being encrypted


This is the basic requirement. The goal is to ensure that all data written to removable media is encrypted.


- Block writing of data to CD/DVD media


Only a small number of users still need to write data to CD/DVD. These write operations should be monitored and secured by an Endpoint DLP solution,
and all other uses should simply have read-only access to CD/DVD media. This can be done with EEFF or with McAfee Device Control.


- Let the user decide what to do when removable media devices are larger than a certain size (e.g. 64GB).


To ease the user experience, EEFF allows the user to determine the size of the encrypted container that will be created on their removable media.
This makes encryption faster on large devices by encrypting only a portion of the device rather than the entire device. The EEFF policy can be further
configured to prevent writing data to the non-encrypted portion of the device.


- Possibility to recover encrypted removable media

- Users can only recover their own devices

- All encrypted removable media can be recovered by central management


Enabling users to only be able to recover their own devices helps meet internal security policies. This configuration also ensures that support teams and EEFF
administrators can recover devices by leveraging the ePO administrative functions.



Step by Step Guide for configuration:


Enable User Personal Key feature


   1.  ePO Menu > Data Protection > EEFF Keys

   2.  Click Edit



   3.  Click Enable User Personal Keys

   4.  Click Save



Assign User Personal Key to policy


   1.  Click ePO Menu > Policy > Policy Catalog

   2.  Choose Endpoint Encryption for Files and Folders 4.1.0 from the Product drop down list

   3.  Choose Grant Keys (UBP) from the Category drop down list

   4.  Create Duplicate from McAfee Default policy

   5.  Edit policy by clicking the name of new policy

   6.  You will see a new key in the Available Keys section. Add the User Personal Key to the Selected Keys section



What is actually the User Personal Key feature?


User personal keys give you the ability to create user‑specific encryption keys. These keys are created

at the McAfee ePO server when the user logs on to the client system for the first time after the policy

is enforced.


Why creating a new policy rather then using an existing one?


It simply saves time, otherwise you would need to add the User personal key to every existing policy. In addition to that Grant Key policies do support

multiple assignments, so you won't run into problems if you need to assign other keys as well.



Configure EERM Policy


   1.  Click ePO Menu > Policy > Policy Catalog

   2.  Choose Endpoint Encryption for Files and Folders 4.1.0 from the Product drop down list

   3.  Choose Removable Media (UBP) from the Category drop down list

   5.  Edit a existing or create a new one by click Duplicate

   6.  Set Protected Area to Entire device, set 64 Gb as size for exceptions and choose User managed as result.



   7.  Click Use recovery key and select User Personal Key from drop down list





Add more recovery methods as needed and make them mandatory.



  8.  Click Make unprotected files, folders and devices read-only (on a client machine with EEFF installed)




   9.  You might also want to change the text which appears on inserting an unprotected removable media from default to something individual





In case of using the default message, the message will be displayed in the language based on the operating system and which is supported

by Endpoint Encryption for Files and Folders. As soon as an individual text is configured there would be the need to configure a separate policy

for every needed language.



Check Password Rule policy


   1.  Click ePO Menu > Policy > Policy Catalog

   2.  Choose Endpoint Encryption for Files and Folders 4.1.0 from the Product drop down list

   3.  Choose Password Rules from the Category drop down list

   5.  Edit an existing or create a new one by click Duplicate

   6.  Check and modify policy as needed





This policy sets the password complexity rule for EERM, User Local Keys and Self-Extractor files.



Make User Personal Keys available for recovery


   1.  Click ePO Menu > Data Protection > EEFF Keys

   2.  Choose User from the Preset drop down list




   3.  Click the user key you want to make available

   4.  Click Actions > Edit Key

   5.  Click Available as regular key



   6.  Click OK


The user personal key is now available as regular key and can be assigned to any Grant Key policy in order to be able to recovery removable media



Check EERM reporting capabilities


   1.  Click ePO Menu > Reporting > Queries & Reports

   2.  Choose Run from the Removable Media Device Events which can be found in the Shared Groups section under EEFF Queries



EERM reports following information:


System Information

  • User Info (DomainName\UserName)
  • Time Stamp
  • Agent GUID



  • Initialization State (FAILED, CANCELLED, SUCCESSFUL)
  • Backup Size
  • Time taken for initialization
  • Time taken for backup
  • Size of protected part (Valid only when initialization has completed successfully)
  • User Response (ACCEPTED, REJECTED (when user selects to Yes/No for EERM initialization prompt))

Device Information

  • Size (Bytes)
  • File System of device (FAT, NTFS, EERM : in case EERM protected devices)
  • Vendor Name
  • Product Name
  • Exempted (YES, NO, UNKNOWN)
  • Protected (only EERM protected devices are considered protected) (YES, NO, UNKNOWN)




Only relevant information is captured in each event. For example, Device Insert Event will not contain “Initialization State” field



EEFF 4.1 comes with two default reports. Of course you are able to create customized reports as well.
Some interesting examples could be:


  • Top 10 Removable Media Users
  • A list of all users who have rejected removable media encryption
  • List of the most common removable media devices in my environment


Check out the EEFF POC Installation Guide for a step by step guide to create a "Top 10 Removable Media Users" report.