Company issued laptop encrypted with McAfee Enpoint Encryption V5.2 and story like others , I'd like to get my data back.
I am working with my IT Dept. but I think this is first for them (for me too).
One day when trying to power up my laptop I get " the following file is missing windows/system32/windows/config ".
To make long story short , stupid me I ran "fixboot" on the machine.
Now the machine shows my 160GB drive as 10MB HD, FAT12 .
The folders are there but their names appear like wierd hieroglyphic characters , dates like October 20 2089 ???
Trying subsequently to boot the machine I get the McAfee Endpoint Encryption screen and I can log in OK with my ID and password
but the message this time is the the OS is missing.
I made a clone of the drive and gave the laptop to our IT Dept.
The IT guy says he removed the encryption from the HD but sees nothing on it ?
What is the proper procedure/steps to be taken here ?
I am a bit confused because McAfee in the KnowledgeBase of the product states that fixboot disables preboot authentication and an
emergency procedure must be used, but as stated above I do get McAfee log in screen ????
Thanks in advance for any help.
1 What is current status when you boot system ? (safeboot screen ? or blank screen ?)
PS:. if safeboot screen is not there you will need .SDB file for this machine from server to decrypt it
When I boot the machine first I have to authenticate, I get (McAfee window/screen ) , I enter my ID and password, it accepts it
Next goes to a black screen and on the top of it it say "missing operating system"
sounds logical. Your IT team will either need to decrypt the machine and then re-fix the boot sequence, or copy the data off and reimage. The fact the pre-boot still works is a good thing since they won't need to use any possibly outdated information from their systems.
Yes it works , and lets hope it is a good thing but the question is WHY does it work ?
I read in McAfee FAQ's (BTW can you copy and paste on to this site , if so how ?)
about the Endpoint Encryption product that fixboot command destroys pre-boot and an emergency
procedure need to be used, (there is no McAfee window/screen) therefore why my pre-book works ?
The IT guy tells me that he removed the encryption but sees 160GB HD with no data on it.
BTW to make it clear we are working with 2 clones here , original drive has NOT been touched.
One drive has IT one drive I have at home.
Last night I ran EaseUS Partition recovery on the encrypted clone and it found FAT16 partition
so I have restored it.
The drive looks llike this now:
This drive is connected via USB dock to my home laptop.
So right what I have at home and what you see on the pictures is a drive with a restored boot sector but still being encrypted.
Should I give it to IT guy to decrypt this one ?
nope - your partition recovery tool found the FAT32 records for the pre-boot file system. Unfortunately, it's not stored as a real partition, so all it will be able to do is recover the root folder structure - none of the files will work or be recoverable. It's messed things up even more so discard this - it's worthless and no help whatsoever.
You need to give your IT team a full binary image of your whole drive, not a partition image (or the real drive) and they need to do either an eboot or a decryption. Tinkering will get you nowhere.
What tool/program would you recommend for taking "full binary image" ?
As far a tinkering , I am learning and it is a good thing ..
I have used EaseUs Disk Copy ,2.3.1 and the company states that their software creates sector by sector 100% identical clone of the original HD.
This is what I gave to my IT Dept along with my laptop.