EEFF v4.1 Patch 1 FAQ - McAfee Encryption for CD/DVD/ISO Media

Version 1

    Following closely on the success of McAfee Endpoint Encryption for Files & Folders version 4.1, we are very close to releasing v4.1 Patch 1. This patch provides two new features.


    What's New in this release ?

    • McAfee Encryption for CD/DVD/ISO 
    • Support for Windows 8

     

    McAfee Encryption for CD/DVD/ISO Media

     

    What is “McAfee Encryption for CD/DVD/ISO Media”?

    This feature is an additional option available to encrypt/securely share information on optical media (CD/DVDs) and ISO container files. The advantage with this option is that it provides the capability to read encrypted optical media (CD/DVDs) and encrypted ISO files on machines without any McAfee encryption software installed

     

     

    What is the main benefit of this feature?

    This feature enables sharing of information with third parties (Partners, customers etc.) who may not have McAfee Encryption technology deployed to read the encrypted content. Customers can share large amounts of data securely with partners/customers via low cost optical media (CD/DVDs) or ISO files. This features also provides the ability to force end users to burn CD/DVDs using this option thus ensuring that ALL CD/DVDs burnt on that system will be encrypted

     

     

    Is this functionality similar to the currently available Endpoint Encryption for Removable Media (EERM) capability for USB devices?

    Yes, the EERM functionality for Removable Media USB devices has now been extended to CD/DVDs and ISO files, although the “write once” nature of optical media means that the data to be protected must be defined before the process is completed

     

     

    What versions of EEFF will support this feature?

    This feature will be available starting version EEFF 4.1 Patch 1. This feature will not be available on EEFF 3.x

     

     

    What are the OS platforms that are supported?

    All OS platforms supported by the product; Windows XP SP3, Vista, Windows 7 and Windows 8

     

     

    Does this feature require installation of any CD/DVD burning software?

    This feature uses the native Windows API (Microsoft Windows Image Mastering API v2.0) to burn CD/DVD which is available by default on Windows starting Windows Vista. For Windows XP SP3, this can be downloaded for free from the Microsoft Download Centre

     

     

    Is multi-session burning of CD/DVDs supported?

    No, currently the feature is limited to single session burning only

     

     

    Is there a limit to the size of encrypted ISO files?

    Yes, currently the ISO file size is limited to the capacity of DVD-DL media, the largest physical media supported.  Windows XP SP 3 only supports media up to DVD-SL

     

     

    What is the largest file size that is supported with this new feature?

    This feature utilizes a FAT32 file system to manage the encrypted files. FAT32 imposes a 4GB max file size limitation

     

     

    Does this feature provide an option to use other burning software (Nero, Roxio) to burn CD/DVDs?

    No, the feature uses the native Windows API and does not support other burning software

     

     

    Can I force end users to burn CD/DVDs using this feature, else block CD/DVD write operations?

    Yes, in the CD/DVD encryption policy, select the option “Encryption for CD/DVD/ISO” and also check the sub-option, “Disable normal CD/DVD write operations”. This will ensure that ALL CD/DVDs burnt on that system will be encrypted

     

     

    Can I create password protected encrypted ISO files using this feature (and later burn them or share the ISO)?

    Yes, during the creation process, there is an option to either burn the data on a CD/DVD or just create an encrypted ISO image

     

     

    Can I read the encrypted ISO image on a machine without McAfee software?

    Yes, the encrypted ISO image can be mounted and read on machines without having to install any McAfee software

     

     

    What is the authentication mechanism for accessing the encrypted CD/DVD/ISO?

    Password based authentication is currently supported to unlock the encrypted CD/DVD/ISO

     

     

    Can I configure the password complexity rules for this feature?

    Yes, it is possible to configure the password complexity via the “Password Policy Rules” page in ePO.

    The Administrator will be able to configure the following minimum values:

    • Password length
    • Number of uppercase characters
    • Number of lowercase characters
    • Number of alphabetical characters
    • Number of numeric characters
    • Number of special characters

     

     

    Can I assign a CD/DVD encryption policy to an user instead of a machine?
    Yes, Starting with EEFF 4.0 Patch 1, CD/DVD encryption policy can be managed as a User Based Policy

     

     

    Does this option only work with files and folders located on my local client machine?

    No. Files and folders can come from any location that is accessible via your Windows browser, including network locations, however if at the time the media is written any files are not accessible, they will be omitted

     

     

    Is there a temporary location where the encrypted blob/container (containing the selected data) is created before being burnt on a CD/DVD or streamed out as an ISO image?

    Yes. The Windows API is used to return the temporary path, and a sub-folder is created below that. For versions Win 7 and above, it is C:\Program Data\ by default but can be reconfigured within Windows

     

     

    Do I have to select the files and folders to be written to CD/DVD/ISO each time?
    No. The feature allows the user to define and save a project file (.emo extension) that contains metadata about the source location(s) and content, and this can be opened at any time in the future. If changes have been made to the source structure or content since the project was last saved, the changes are highlighted by the tool

     

     

    What about a scenario where I want to use this to backup the same source content on a periodic basis?
    The project file saves metadata about the source folders and content. A project file can be set up to capture the files and folders that are to be included in the backup. The project file can then be opened and used to define the content to be archived to CD/DVD/ISO

     

     

    Does the structure on the CD/DVD/ISO have to be the same as in the source location?
    No. The project file provides a mapping between the source files and folders and the structure used in the CD/DVD/ISO image. Folders can be moved, renamed and created within the project file. Files can be moved and renamed. The structure created on the CD/DVD/ISO will reflect the structure defined in the project file