cancel
Showing results for 
Search instead for 
Did you mean: 
capri
Level 7
Report Inappropriate Content
Message 1 of 18

Need help/advice data recovery from Endpoint encrypted laptop

Company issued laptop encrypted with McAfee Enpoint Encryption V5.2 and story like others , I'd like to get my data back.

I am working with my IT Dept. but I think this is first for them (for me too).

One day when trying to power  up my laptop I get  " the following file is missing  windows/system32/windows/config ".

To make long story short , stupid me I ran "fixboot" on the machine.

Now the machine shows my 160GB drive as 10MB HD, FAT12 .

The  folders are there but their names appear like wierd hieroglyphic characters , dates like October 20 2089 ???

Trying subsequently to boot the machine I get the McAfee Endpoint Encryption screen and I can log in OK with my ID and password

but the message this time is the the OS is missing.

I made a clone of the drive and gave the laptop to our IT Dept.

The IT guy says he removed the encryption from the HD but sees nothing on it ?

What is the proper procedure/steps to be taken here ?

I am a bit confused because McAfee in the KnowledgeBase of the product states that fixboot disables preboot authentication and an

emergency procedure must be used, but as stated above I do get McAfee log in screen ????

Thanks in advance for any help.

17 Replies
rbdudani
Level 11
Report Inappropriate Content
Message 2 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

Hi

1 What is current status when you boot system ? (safeboot screen ? or blank screen ?)

PS:. if safeboot screen is not there you will need .SDB file for this machine from server to decrypt it

capri
Level 7
Report Inappropriate Content
Message 3 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

When I boot the machine first I have to authenticate, I get  (McAfee window/screen ) , I enter my ID and password, it accepts it

Next goes to a black screen and on the top of it it say "missing operating system"

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 4 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

sounds logical. Your IT team will either need to decrypt the machine and then re-fix the boot sequence, or copy the data off and reimage. The fact the pre-boot still works is a good thing since they won't need to use any possibly outdated information from their systems.

capri
Level 7
Report Inappropriate Content
Message 5 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

Yes it works , and lets hope it is a good thing but the question is WHY does it work ?

I read in McAfee FAQ's (BTW can you copy and paste on to this site , if so how ?)

about the Endpoint Encryption  product that fixboot command destroys pre-boot and an emergency

procedure need to be used, (there is no McAfee window/screen) therefore why my pre-book works ?

The IT guy tells me that he removed the encryption but sees 160GB HD with no data on it.

BTW to make it clear we are working with 2 clones here , original drive has NOT been touched.

One drive has IT one drive I have at home.

Last night I ran EaseUS Partition recovery on the encrypted clone and it found FAT16 partition

so I have restored it.

The drive looks llike this now:

IMG_1484.JPG

IMG_1485.JPGIMG_1486.JPG

This drive is connected via USB dock to my home laptop.

So right what I have at home and what you see on the pictures is a drive with a restored boot sector but still being encrypted.

Should I give it to IT guy to decrypt this one ?

Highlighted
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 6 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

nope - your partition recovery tool found the FAT32 records for the pre-boot file system. Unfortunately, it's not stored as a real partition, so all it will be able to do is recover the root folder structure - none of the files will work or be recoverable. It's messed things up even more so discard this - it's worthless and no help whatsoever.

You need to give your IT team a full binary image of your whole drive, not a partition image (or the real drive) and they need to do either an eboot or a decryption. Tinkering will get you nowhere.

capri
Level 7
Report Inappropriate Content
Message 7 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

What tool/program would you recommend for taking "full binary image" ?

As far a tinkering , I am learning and it is a good thing ..

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 8 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

I used to use Ghost many years ago - but sorry, It's not something I've done in years.

capri
Level 7
Report Inappropriate Content
Message 9 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

I have used EaseUs Disk Copy ,2.3.1 and the company states that their  software creates sector by sector 100% identical clone of the original HD.

This is what I gave to my IT Dept along with my laptop.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 10 of 18

Re: Need help/advice data recovery from Endpoint encrypted laptop

should work then I guess.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator