EEPC File and Folder - A Couple of will it or won't it questions.
Thanks for reading.
We have recently installed the file and folder encryption module after using the main Safeboot (McAfee Endpoint) solution for approx 18 months.
I am currently testing the capabilities of the software before we decide what we can roll out as a company wide policy.
I have a few questions that have come up as a result of my tests that neither our reseller or McAfee gold support have been able to answer (I have a call logged with both). Hopefully someone on here is using the solution and may be able to help.
I have set a policy to encrypt any device USB storage device inserted into a laptop. I have the keys set to cache locally.
Where I am struggling is as follows:
1) When I instert a USB drive I am indeed prompted with the "You have inserted an unprotected medium into the computer....... Do you wish to proceed and encrypt the media" There are two options, Yes and No.
If either yes or no is selected the policy does as expected.... however an autorun window pops up in the background allowing full access to the device as long as neither yes or no is selected. So in theory the user could simply move the "Yes or No" window to the corner of the screen and then carry on using the device as if there was no policy in place.
It is not simply and autorun issue as I am also able to go to my computer and can access the volume through there.
2) The other issue we are having is authentication via encryption keys. I was given the impression from my IT director (who was invloved in the sales presentation) that users would be able to access a device based on an encryption key rather than having to enter a password each time they access a device as long as they were assigned to the correct key. e.g. I insert a new USB drive into my laptop. I get prompted that it needs to be encrypted I specify a password etc and the device encrypts. However each time I insert this device it requests the password I set when I encrypted it. As it was encrypted with the key I am assigned too should I not be authenicated against that and not have to put in a passord every time.
In an ideal world we wanted to hand out the USB drives ourselves already encrypted with the correct keys and not give the users the passwords. Essentially meaning they would only be able to share the devices with people who had the same key as themselves.
I have again spoken to both our reseller and McAfee who have both been "of the impression" that we should be able to do what we want to do but have both had to go away to do further research.
If this is not possible I guess we just need to know so we can have a re-think.
RE: EEPC File and Folder - A Couple of will it or won't it questions.
you're using EERM - ie giving the user choice to encrypt or not, and allowing them to continue to use that data in non-controlled PCs', thus your key won't help, as you won't have access to it.
if you want it to be transparent, use the policy controlled encryption (regular encryption), then they will be able to store stuff on the stick without doing anything, but will also only be able to use it on corporate owned machines.
your users will always need a password though - that's what protects the key - it will be their EEM password (so the same for EEPC or EEFF).
Sorted the first question on my original post..... had to maximize the window to see the tickbox I needed "make unprotected files and folders resd only" as there is no scroll bar I didn't know the option was there.