People familiar with drive encryption know that initial encryption of the entire drive can take 3-6 hours. This depends on the size/speed of the drive and the CPU. Every available sector on the drive is read and encrypted whether it contains any data or not. For in-field deployments, initial encryption is throttled so that it is performed in the background and will not impact the end user.


Many customers tell us that they wish to move away from in-field deployments and prefer to hand over “pre-encrypted” laptops totheir users. Many of them would also like the option of “outsourcing” the initial encryption activity to an external vendor. In v7 (Dec’12), we added support for “offline activation”. With this new capability, admins can generate an offline installer package from ePO and use this standalone executable any number of times to pre-encrypt laptops without requiring connectivity to ePO. You can also safely share this executable to an external vendor that can quickly embed and integrate the EXE with their laptop imaging workflow processes.


In essence, the vendor will ship you pre-encrypted laptops with a default policy. When the laptop is brought onto the corporate network, ePO takes over and replaces the default policy with a corporate policy in seconds. Although the offline activation feature helped customers immensely with cost savings, they still had to wait for 3-6 hours for the initial encryptionprocess to complete.


In v7.0 Patch 1 (Q2’13), we enhanced the “offline activation” feature with two new capabilities. The first one disables the power fail throttling capability and the second encrypts only used sectors on the drive. When used together, you can literally encrypt a brand new drive in minutes.  As the user uses new sectors on the drive, these sectors are encrypted on the fly.


For example, a Dell e6410 brand new laptop with a fresh Windows XP image, regular encryption took “5.93 hours”. In contrast, fast initial encryption completed in just “4.53 minutes”. For scenarios where you pay IT by the hour, this can result in savings of ~$125 per laptop (assuming$25 per hour) with no loss in security posture.


For more technical information on this new capability, have a look at Anthony Merry’s FAQ https://community.mcafee.com/docs/DOC-4738


Have you already tried using this new capability? We would love to hear from you if you would like to share feedback.