Hello!
I have certain problem regarding rive Encryption and could use some insight, maybe it will steer me to the solution.
Let me first say, that I know that what I prepared is not a supported solution, and I know that McAfee in fact recommends different approach.
We are in the middle of W7 to W10 upgrade. Our laptops are encrypted with DE 7.2.6 (some older onec with 7.1). Sadly, due to sheer ammount of incompatibilities we couldn't use in-place upgrade scenario recommended by McAfee. In addition, we highly modified out systems and using custom .wim is simply easier in our environment.
In the past, while upgrading XP to W7 McAfee released a tool that allowed it. It was EpeWinUpgradeTool64.exe, which is no longer available.
I tracked back KB of how upgrade should had been performed back then and basing on that I engineered a process to mimic that.
Here is what I do:
-Stop McAfee services
-Save mbr usung external tool.
-attrib -r -s -h on c:\safeboot.* files
-Perform USMT capture, skipping safeboot.fs and .rsv files
-Create hardlink for safeboot.fs and .rsv files inside statestore directory (for some reason USMT could not hardlink those, while mklink command could)
-perform delayed reboot to WinPE (which I modified as per instruction of preparing winpe eetech image). During the delay, there is a script that restores MBR from backup.
-in winpe everything proceeds normally, new system is installed, drivers injected, etc.
-additionaly, I inject MfeEpePC.sys and Mfeccde.sys into system32\drivers and perform registry changes, identical that were required to be done in winpe.
-create new hardlink for saved safeboot.fs and .rsv files, into root of new OS.
-attrib +r +s +h c:\safeboot.*
-restart to new OS
-everything proceeds normally, like in any other REFRESH scenario
-USMT restores files, skipping safeboot.* again
-Mcafee agent and Drive encryption is installed
-Process ends with reboot.
After that, DE agent reports drive as encrypted, reports it correctly to EPO, PBFS is preserved, users are preserved, everything works normally.
Up to a point. At a random moment in the future, usually 2-3 weeks, there is an error
Fatal error: [0xEE020006] Getting disk info
The only thing that helps after that is EETech and force decrypt disk, using exported xml information.
Emergency boot does not work.
As I said, I know it is unsupported solution, so It very well may not work ever.
But maybe some of You will have any ideas of what to check and where to search for the problem.
Whole concept seems to be working. What is broken is protection of physical area on the disk, where information is stored. Probably at some point something is modifying data and overwrites physical area on disk, even though it should be "protected" by system files c:\safeboot.*
Don't know what does it (is this in process of any McAfee changes, or is it doen by something outside of DE).
Thanks in advance
Best regards
Jakub Drobiński