File & Removable Media Protection (FRP) is the new name for Endpoint Encryption for Files & Folders (EEFF)
Q: Are files of size > 4 GB now supported with “Allow/Enforce Encryption with offsite access” options (formerly EERM)?
Yes, large VM images, files such as .pst can now be copied to USB devices in a secure manner and accessed on systems without having to install any McAfee encryption software
Q: Why were files larger than 4 GB not supported previously with “offsite access” options?
A FAT 32 filesystem was used for the secure encrypted container which places a maximum file size restriction of 4 GB
Q: How are files of size > 4 GB being supported now?
We have made improvements to the existing FAT32 container implementation to support files of size > 4 GB
Q: What is the max file size supported now?
Theoretically, files of size up to 256 GB can be placed in the encrypted container
Q: Why not use a File system such as NTFS for the container?
NTFS is proprietary to Microsoft and is not natively supported on platforms such as OS X
Q: My device file format is NTFS, do I have to format the USB stick to FAT before using with McAfee Removable Media Protection solution?
No, the base file format of the USB device can be either FAT or NTFS. McAfee Removable Media Protection solution creates a secure FAT32 based container on top of it
Q: Can files of size > 4 GB be read/copied even on systems without FRP installed (offsite access)?
Yes, this also includes support for Mac OS X
Q: I have devices initialized with previous versions of FRP (EEFF). I want to leverage the new functionality and be able to place files of size > 4 GB, how do I do it? Do I have to necessarily format/reinitialize the USB sticks in my environment?
No, with the “Allow large file support (> 4GB)” policy option ON, the container format is automatically updated to support large files on the first occasion that the older format USB device is inserted on to a v4.3 client
Q: What happens to smaller devices in my environment (devices < = 4 GB in size)?
Those devices will continue to retain the old container format. Updating the “Container format”does not serve any purpose in this case since files of size > 4 GB cannot be copied to these USB devices
Q: What if the device was initialized through the “User Managed” mode and the container size is less than 4 GB?
The device will continue to retain the old container format
Q: Is there an event generated for the “Container upgrade” process?
Yes, captured on the client and sent back to ePO for Audit and Reporting purposes. This event will help the administrator track upgrade trends and hot spots for remediation
Q: How much time does the “Container upgrade” process take to complete?
The upgrade process takes a few seconds to complete
Q: Do I have to move the data out of the device before the “Container upgrade” process?
No, it is a seamless in-place upgrade process with zero user interaction requirements
Q: Is there any sort of user feedback during the “Container upgrade” process?
Yes, there is a pop-up message displayed advising the end user to not to eject the device/perform any operations during the upgrade process
Q: Sometimes, I see the “upgrade message” twice during the “Container upgrade” process. Why is that?
In a limited set of cases, there might be a need to resize the container in addition to changing its format. It is clearly messaged to the end user during these scenarios that the “Container upgrade” procedure is a 2 step process
Q: What happens when a device initialized with a previous version is inserted on a machine running v4.3 and the “Allow large file support (> 4 GB)” option is not selected?
The container format remains the same as before, and users will not be able to copy files of size > 4 GB
Q: If the “Allow large file support (> 4 GB)” is not selected, what about devices newly initialized with v4.3? Will they have the new container format or the older one?
Devices will have the older container format which will place the file size restriction of 4 GB
Q: “Allow large file support (> 4 GB)” policy option is not selected, and I still see an upgrade message. Why is that?
The USB device in this case is being upgraded to provision the Mac offsite application. If “Allow large file support (> 4 GB)” is selected,the container upgrade and Mac offsite application provisioning occur simultaneously
Q: What will happen if I have a mixture of FRP 4.3 and earlier versions of clients in my environment? Will I be able to read the USB devices having the new container format on machines running previous versions of FRP (EEFF)?
Machines running the previous versions of FRP (EEFF) do not have the capability to detect the new container format. Files on the encrypted device can be read on these machines using the offsite application but this is not advisable
Q: What is the recommended approach then for the upgrade process of FRP clients in my environment?
Start upgrading clients to v4.3 with the “Allow large file support (> 4 GB)” option turned OFF. Once a critical mass of clients is on v4.3, switch ON the new container format by enabling the policy
Q: Is “Allow large file support (> 4 GB)” option enabled by default?
For new installs, it is enabled by default. For upgrades, it is disabled