EEFF v4.2 FAQs : Configurable Key Cache Expiry

Version 2

    NOTE : EEFF will henceforth be referred to as "File & Removable Media Protection".

    The necessary changes for the new product name will be incorporated in the next release v4.3.

     


    What is Configurable “Key Cache” expiry feature?

    The “Key Cache” expiry feature is software based, policy driven "kill-pill" capability that enables the Administrator to configure how long the “Key Cache” is available locally on the EEFF client machine before it is removed due to non-connectivity to the McAfee ePO Server

     

     

    What happens if the EEFF client machine does not connect to the McAfee ePO Server for the time period specified by the Administrator?

    The “Key Cache” (all the keys) is unloaded from the EEFF client machine, and the end user will not be able to perform any operations which require the availability of Keys such as:

    • Reading encrypted files/folders on the local machine/network share
    • Initializing/Encrypting Removable USB media with“Allow Encryption (with offsite access)” or “Enforce Encryption (with offsite access)” options where a Key has been configured for Recovery
    • “Key Based Recovery” of Removable USB Media
    • Encrypting CD/DVDs or USB Media with “Enforce Encryption (with onsite access)” option

     

     

    How can the Keys which were unloaded due to non-connectivity to the McAfee ePO Server be made available on the EEFF client machine?

    The Key Cache (All unloaded keys) will be reloaded again on communication with the McAfee ePO Server

     

     

    Are all types of keys unloaded when the specified time period elapses?

    Yes, all keys (Regular, User Personal Keys and User Local Keys) will be unloaded from the EEFF client machine

     

     

    Is there a minimum requirement of either ePO or MA for this feature to be available?

    The EEFF client machine needs to be running MA version 4.8 Patch 1 or later to enable this feature.

    Any supported version of ePO (i.e. 4.6 Patch 2 and above) will suffice.

     

     

    What happens if the EEFF client machine is running a MA version lower than 4.8 Patch 1?

    The Configurable “Key Cache” expiry feature will not be available.

    The Key Cache will not be unloaded from the EEFF client machine in this case.

     

     

    Where is this “Key Cache” policy option available to the Administrator?

    This policy option is available to the Administrator under the “Encryption Options” policy of EEFF

     

     

    What are the options available with “Key Cache” policy?

    Enable Key Cache expiry —when selected, enables the automatic removal of keys from the key cache if the client system fails to connect to the McAfee ePO server within the configured period

    Key Cache expiry period —specifies the number of days after which Key Cache is unloaded when “Enable Key Cache expiry” is selected and the client system has not connected to the McAfee ePO server.

    Default value is 90 days

     

    Note: By default, the “Key Cache expiry” feature is disabled

     

     

    What is the minimum value that can be configured for “Key Cache expiry period”?

    1 day

     

     

    Is this feature configurable for both “System” and “Users”?

    No, this feature is available only as a "System Based" policy