cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

McAfee DE and W7->W10 REFRESH scenario (not in-place!)

Hello!

I have certain problem regarding rive Encryption and could use some insight, maybe it will steer me to the solution.
Let me first say, that I know that what I prepared is not a supported solution, and I know that McAfee in fact recommends different approach.

We are in the middle of W7 to W10 upgrade. Our laptops are encrypted with DE 7.2.6 (some older onec with 7.1). Sadly, due to sheer ammount of incompatibilities we couldn't use in-place upgrade scenario recommended by McAfee. In addition, we highly modified out systems and using custom .wim is simply easier in our environment.

In the past, while upgrading XP to W7 McAfee released a tool that allowed it. It was EpeWinUpgradeTool64.exe, which is no longer available.
I tracked back KB of how upgrade should had been performed back then and basing on that I engineered a process to mimic that.

Here is what I do:
-Stop McAfee services
-Save mbr usung external tool.
-attrib -r -s -h on c:\safeboot.* files
-Perform USMT capture, skipping safeboot.fs and .rsv files
-Create hardlink for safeboot.fs and .rsv files inside statestore directory (for some reason USMT could not hardlink those, while mklink command could)
-perform delayed reboot to WinPE (which I modified as per instruction of preparing winpe eetech image). During the delay, there is a script that restores MBR from backup.
-in winpe everything proceeds normally, new system is installed, drivers injected, etc.
-additionaly, I inject MfeEpePC.sys and Mfeccde.sys into system32\drivers and perform registry changes, identical that were required to be done in winpe.
-create new hardlink for saved safeboot.fs and .rsv files, into root of new OS.
-attrib +r +s +h c:\safeboot.*
-restart to new OS
-everything proceeds normally, like in any other REFRESH scenario
-USMT restores files, skipping safeboot.* again
-Mcafee agent and Drive encryption is installed
-Process ends with reboot.

After that, DE agent reports drive as encrypted, reports it correctly to EPO, PBFS is preserved, users are preserved, everything works normally.
Up to a point. At a random moment in the future, usually 2-3 weeks, there is an error

Fatal error: [0xEE020006] Getting disk info

The only thing that helps after that is EETech and force decrypt disk, using exported xml information.
Emergency boot does not work.

As I said, I know it is unsupported solution, so It very well may not work ever.
But maybe some of You will have any ideas of what to check and where to search for the problem.

Whole concept seems to be working. What is broken is protection of physical area on the disk, where information is stored. Probably at some point something is modifying data and overwrites physical area on disk, even though it should be "protected" by system files c:\safeboot.*
Don't know what does it (is this in process of any McAfee changes, or is it doen by something outside of DE).

Thanks in advance
Best regards
Jakub Drobiński

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community