Hello, I'm hoping someone can help me here. I have a laptop that had Endpoint Encryption installed on it. We performed an uninstall about 1 year ago. The disk just recently went bad so I sent it out to a Data Recovery center. They were able to rebuild the bad part of the drive but it now thinks it is encrypted. The vendor has asked for the .SDB file and the Code of the Day. We do not have any .SDB file. Is there any other way to get past this?
No, there's no way to get around the encryption - that's the whole point of it. You can probably find the sdb file in a backup of your encryption management database?
Is it actually encrypted though? If you uninstalled the product, it can't be of course.
Unfortunately we have a 6 month data retention policy so there are no backups. I agree that it shouldn't be encrypted and I really don't think it is but it sounds like it just want some sort of authentication to allow them to look at the drive. I know that just before the drive failed the user said they booted up the system and it said something to the effect "can not boot, endpoint encryption is not installed". So there is no way to get past whatever authentication request it is that the Data Recovery people are seeing? Bummer... not good.
sounds like the end user got a rootkit and the machine was encrypted.
simpy, if the drive is encrypted, and someone has deleted the machine record from eem (it can't delete it itself), then no, there's no way to recover the data on this machine.
are you SURE the machine is not listed in EEM?
I was thinking more on the lines of a master key that gets generated specif to the installation within the corporation not someting that global to the product.
but then, any admin would be able to get into any machine - that would be bad.
Wouldn't it be better to maintain a unique recovery key for each machine, then you could choose who could access which machine, and there'd be no chance of a rogue user or administrator going beyond their responsibility...
No, if someone deleted the recovery keys for this machine out of eem, and you don't maintain backups you can retreive it from, you won't be able to recover the data I'm afraid if the drive is indeed encrypted.
the only people who would have access are the one's with the key. Just like the doors within your office. I'm sure there's a master key to them and only the bearer has access.
But back to your comment of rootkit. Do you think it is not EE and that a rootkit that has added encryption?
whoever has a master key, gets access to everything. EEPC is designed to be a little more sophisticated than that.
No, I don't think the root kit has added what your recovery agency is asking for - is it Kroll by any chance? They seem to know what they are doing. Only you know if the drive is actually encrypted or not though - You need to talk to them I think and find out what makes them think the drive is encrypted still.
If it is, you're not going to be able to recover the data unless you can get the machine object back out of a backup of your DB. There's no way around it.