cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 11 of 17

Re: Need to recover data from crashed HDD which is end point encrypted.

no, the only way is with the SDB file from the IT teams database. Slaving it won't work.

This is security software remember - it's designed to make it impossible for someone unauthorized to access the data.

Highlighted
McAfee Employee ssarkar
McAfee Employee
Report Inappropriate Content
Message 12 of 17

Re: Need to recover data from crashed HDD which is end point encrypted.

Even if you slave the original hdd you still need the sdb file belonging to that particular node.

Only then the machine key used to encrypt the data will be available.

The only other way is to authenticate locally from sbfs which i guess isnt working.

As you probably guessed sdb file indeed varies with each machine.

So I suppose you are left to the mercy of your server admin..

Re: Need to recover data from crashed HDD which is end point encrypted.

Mr. safeboot, let me ask one question.  Does new sdb file generated each time we reinstall OS? I called one of the data recovery vendor and he is asking for old sdb file. If our IT department don't have old sdb file then how we can recover the data or it is impossible?

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 14 of 17

Re: Need to recover data from crashed HDD which is end point encrypted.

It's not a file - it's a database entry, and yes, by default a new one is created for every activation.

BUT as in my post above, it's possible for companies to use scripts and automation etc to overcome that safety measure.

Take a look in your client log (the EEPC tool tray icon) - if the activation log is still in there, and your machine name ends in 0001,0002 etc the chances are a new record was created and the old one still exists. That log gets purged pretty quickly though.

Re: Need to recover data from crashed HDD which is end point encrypted.

So what you are saying is in activation log I can find the old and new entry both? Also, I use the same name for the computer and my IT dept rep is saying it is database entry for sdb file is overwritten on their side.

Where does usually this activation log is located?

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 16 of 17

Re: Need to recover data from crashed HDD which is end point encrypted.

no, I am saying the log could give you a clue as to whether the DB record was overwritten or not.

you can find the log by right clicking the EEPC monitor/status icon in your tool tray.

It doesnt matter what computer name you use, though if you used a NEW name, it's highly likely there will be two records in the recovery db, one for each name. If you re-used the original name, there would normally be one record under name, and one under name0001 etc.

BUT as I said, your IT team could be cleaning old records up.

For the SDB record to be overwritten, they would have either had to delete it themselves, or use some scripting/automation. EEPC never deletes this kind of thing on its own for exactly the reason you are experiencing.

Re: Need to recover data from crashed HDD which is end point encrypted.

Thank you for this thread.  I have started a new position and have been handed the task of trying to recover data from two systems that have eepc installed and after running chkdsk on the drives neither will boot to the desktop.  They constantly loop trying to repair startup.  At least now I know what not to try.  This is a very large company and I am having trouble locating the proper IT support.  They do not call it "Endpoint encryption server admin"  in this company.  Is there anyone who has worked for  Dupont who would know the proper name?

JM

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community