Update: In 2014 McAfee renamed Endpoint Encryption for PC (EEPC) to McAfee Drive Encryption (MDE). These instructions are valid for both versions.

 

 

Introduction

The McAfee Endpoint Encryption pre-boot environment uses the BIOS to access the hard disk. If there is a problem with the BIOS, then the pre-boot environment will not be able to properly access the disk. When this happens, the pre-boot might appear to get stuck or not even load. Also, the hand-off from the pre-boot environment to the operating system may fail. This type of failure prevents the end user from working and will certainly generate a helpdesk call.

 

Pre-Boot Smart Check allows us to prevent this kind of failure. In previous versions, there was no way to prevent these problems. Instead, we could only remediate them with our EE Tech recovery tool (which required having physical access to the system and booting from removable media). Pre-Boot Smart Check allows us to test for BIOS problems and then do two things. First, when a problem is detected, Pre-Boot Smart Check will change the configuration of EEPC and try that new configuration on the next boot. Second, if all alternative configurations fail, then Pre-Boot Smart Check will simply abandon EEPC activation and will remove the pre-boot environment. When this happens, it also sends an event to ePO so that administrators are aware of the occurrence.

 

Note: For more information please see our FAQ for Pre-Boot Smart Check

 

Pre-Boot Smart Check only runs during the installation and activation of EEPC. The process is detailed below.

 

PreBootSmartCheck.png 

Note: There are a total of 12 configurations available, so the end user may have to reboot 12 times before either finding a working configuration or abandoning activation. While this may take some time, it is vastly better than having to send support personnel to recover the system with bootable media.

 

 

Using Pre-Boot Smart Check

To use Pre-Boot Smart Check, you simply have to enable it in the EEPC Product Settings Policy. This feature forces a second reboot during the installation process. This is not configurable and users are not able to postpone it. This is why the policy option to reboot after activation is not configurable when you enable Pre-Boot Smart Check, as shown below.

prebootsmartcheck_policy.PNG

Note: Pre-Boot Smart Check is only available for BIOS based systems and cannot be used on UEFI systems.

 


Demo Video

Available here https://community.mcafee.com/videos/1484