EEFF v4.1 FAQs

Version 3

    General

    Q: What versions of ePolicy Orchestrator (ePO) and MA are required for EEFF v4.1?
    McAfee ePolicy Orchestrator 4.6 Patch 2 and above, McAfee Agent for Windows 4.6 (
    MA build 4.6.0.1694) and above


     

    Q: Does EEFF v4.1 support Windows 8?

    No, Windows 8 is currently not supported; Support for Windows 8 clients will be in a release in 1H 2013


     

    Q: What are the burning softwares that EEFF v4.1 supports with CD/DVD Encryption?

    EEFF supports Windows Burner (Mastered Format), Nero and Roxio CD creator. EEFF v4.1 has been tested with the latest versions of Nero (Nero12) and Roxio CD creator (v12.1)


     

    Q: Can I manage a CD/DVD encryption policy as a User Based Policy instead of Machine Based Policy?
    Starting with v4.0 Patch 1, CD/DVD encryption policy can be managed as a User Based Policy as well


     


    Endpoint Encryption for Removable Media Reporting (EERM Reporting)

    Q: When a user with EERM chooses to encrypt a USB Drive, is an event sent back to ePO showing the encryption status of the media and the system/username that did the encryption?
    Starting EEFF v4.1, the following end user decisions are captured, and events sent to ePO.

    Device Insert Event : Triggered whenever any removable media device is inserted

    Removable Media User Response Event : Triggered whenever user makes a decision“YES/NO”  to initialize/create an encrypted container on the removable media device

    EERM Initialization Start Event : Triggered whenever user selects Initialize/Cancel in EERM initialization window

    EERM Initialization End Event: Triggered whenever initialization process ends


     

    Q: What is the information that is captured when EERM events are generated?

    System Information

    • User Info (DomainName\UserName)
    • Time Stamp
    • Agent GUID

    Initialization

    • Initialization State {FAILED, CANCELLED, SUCCESSFUL}
    • Backup State {NONE, FAILED, CANCELLED, SUCCESSFUL}
    • Backup Size
    • Time taken for initialization
    • Time taken for backup
    • Size of protected part (Valid only when initialization has completed successfully)
    • User Response {ACCEPTED, REJECTED (when user selects to Yes/No for EERM initialization prompt)}

    Device Information

    • Size {Bytes}
    • File System of device (FAT, NTFS, EERM : in case EERM protected devices)
    • Vendor Name
    • Product Name
    • Exempted {YES, NO, UNKNOWN}
    • Protected (only EERM protected devices are considered protected) {YES, NO, UNKNOWN}

    Note: Only relevant information is captured in each event. For example, Device Insert Event will not contain “Initialization State” field


     

    Q: Where do I find EERM queries/reports on ePO?

    Go to Queries & Reports, and under “Shared Groups”, you will find EEFF queries



     

    Q: What are the queries/reports related to EERM that are available on ePO?

    Protection Status : Removable Media (Displays the Protection Status of Removable Media in the company’s environment, lists the latest status (event) specific to each removable media device)

    Removable Media Device Events (Lists all events related to removable media)


     

    Q: What information does the query Protection Status: Removable Media give?

    Protection Status: Removable Media is a canned query which gives information on the “Device compliance” status in the company (% of removable media devices in protected state)


     

    Q: Can I run custom queries on the generated EERM queries/reports on ePO?

    Yes, it is possible to use the ePO infrastructure to run custom queries (to track devices, users etc.) The query/report “Removable Media Device Events” exposes the entire database of events related to EERM, and can be used for this purpose

     

     

    Q: Are the events generated specific to just the EERM functionality of the product?

    Yes, the events are currently restricted to the EERM functionality. To request enhancement of this feature in a future version of the product, you can submit a Product Enhancement Request (PER). To submit a PER, see the Related Information section


     

    Q: Can I purge events related to EERM?

    Yes, the Administrator is given provision to purge the events based on age by choosing the action “Purge Client Events” after running any of the EERM queries. The Administrator can purge the events by days, weeks, months, years

     

     

     

    Endpoint Encryption for Removable Media - General

    Q: Can I configure the password complexity rules for EERM?

    With effect from the v4.1 release, it is possible to configure the EERM password complexity via the “Password Policy Rules” page in ePO. Administrator will be able to configure the minimum length of the password, minimum number of uppercase characters, minimum lowercase characters, minimum number of alphabetical characters, minimum number of numeric characters and minimum number of special characters.

    Please note that the same password quality rules will be applicable for EERM, Self-extractors and User Local Keys

     


    Q: Can I customize and set the number of recovery questions for EEFF v4.1?
    Starting EEFF v4.1, this recovery option is no longer available. EEFF v4.1 will have 3 recovery options, “Recovery Password, Recovery Key and Recovery Certificate”


     

     

    Q: Will removable media devices initialized with the previous versions of EEFF work with EEFF v4.1 ?

    Yes, Devices initialized with EEFF v4.0, v4.0 Patch 1 will continue to work with v4.1 as well

     

     

    Q: During initialization of the device using EEFF v4.0/v4.0 Patch 1, I had selected "Recovery Questions" during initialization? How do I recover this device, I do not see "Recovery Questions" option in EEFF v4.1?

    The device can be recovered as before in the offsite mode (on machines without EEFF installed)



    Q: What is the maximum recommended device size for EERM?
    McAfee has tested and will support devices up to the 2 TB, with EEFF 4.0 Patch 1 (4.0.1) and later.

    NOTES:

    In EERM, you can either initialize the full device or part of the device (based on the policy that the company Administrator has configured)

    With the full device policy in place, if the end user chooses to back up the existing data, the data on the device will be copied first to the local computer; an encrypted container will be created on the removable device, before finally the data is copied back from the local computer to the encrypted container (removable device). Due to possible space limitations that may exist on the local computer (free space), and also the time that is taken for the copy operations (back and forth) to complete, McAfee recommends to use EERM devices less than 128 GB for the following situations:

    • Full device EERM policy.
    • The removable device has large amounts of existing data on it, and the end user wants to retain the data

     

    Q: Can the EERM Encryption user message be customized in EEFF v4.1?
    Yes, starting EEFF v4.1, it is possible to customize the prompt message that appears when an end user inserts a removable media device. Administrators can configure this text via the “Removable Media Policy”, and the text can be up to 300 characters in length


     

    Q: What are the encryption options available for Protected Area for EEFF v4.1?
    Options “% of Free Space” and “% of Total Space” have been replaced with the “User Managed” option. The following EERM encryption options are available on EEFF v4.1:

    • Entire Device
    • User Managed

    Selecting the “User managed” option will give the end user the option to choose the size of the encryption portion of the device


     

    Q: In EEFF 4.x, can I force a recovery option to be enforced for EERM?
    Yes, starting from EEFF v4.1, it is possible to enforce recovery options via a policy on the Removable Media policy page. Recovery options can be enforced by selecting the “Mandatory option”. In this case, the end user will not be able to initialize the device without filling in the mandatory recovery input


     

    Q: Can I read an EERM-encrypted USB device on a Windows computer that does not have EERM?
    Yes. This is a key point of using EERM because it has an explorer application residing on the USB stick, which negates the need for any computer to have EERM/EEFF installed to authenticate and access the data within the EERM container



     

    Q: Can I use NTFS instead of FAT32 for the EERM encrypted container?
    No, because there are no public driver implementations of NTFS available for EERM to create the EERM encrypted container in NTFS. Additionally, a driver must be installed on the host platform as well as requiring local administrator rights, which defeats the whole purpose of EERM. McAfee could use NTFS for the encrypted containers if we were allowed to install a driver or had some rights, but without this, it is impossible to install an NTFS file system. Instead, EERM container has to use FAT32 and, because it is public, it allows McAfee to build it into the application. However, the limitation of using FAT32 is that the maximum file size that can be placed within an encrypted EERM container is 4 GB, even though the container has no such limitation. McAfee will endeavour to address this file size limit in a future version of EERM while retaining FAT32 usage. This is currently subject to engineering research.

    NOTE: The file system of the USB device can be either FAT or NTFS, but the file system of the EERM encrypted containers can only be FAT32. Thus, the storage area that is not assigned to be an encrypted container can be NTFS