First of all, yes I know this isn't a bitlocker forum, but I hope someone have had the same problem as me.
Problem: EEPC 6 won't install. From what I've been told from McAfee Tier 3 (case logged) it's due to a file named fvevol.sys that autostarts with windows (Bitlocker related file).
The thing is that I've never ever used bitlocker on the computer (this is my own work laptop). I installed Win7 Pro 64-bit and directly installed EEPC 5 and been running that for about year now without trouble. Removed it and tried deploying EEPC on it, followed KB68410, but no go. Bitlocker isn't supposed to work on Win7 Pro as far as I know.
If I look in the msinfo32 I clearly see the fvevol.sys, other info is kernel driver, start mode Boot, error control critical and accept stop YES. But I can't rename the file from either windows or safe mode, so I tried with a Linux cd, but Windows won't start at all when it was renamed. renamed it back and it Windows started again. but the only help I get from Tier 3 is that "We don't know how to do it, but EEPC won't install if the driver is started." I can almost buy that If it wheren't for the fact that EEPC5 worked like a charm.
I don't see the point in looking for other (competitor) software like TrueCrypt (which I use to encrypt USB sticks to/from customers but not using FullDiskEncryption) or Bitlocker it's not in use. Is this McAfees' way of removing Competitor software. What else would there be if EEPC 5 works without doing theses checks? I asked whether it was possible to remove the checks that EEPC makes on the target computer but that seems impossible.
So, rant ended, and here's my questions:
How do I disable fvevol.sys from loading?
Can I disable the checks that EEPC agent makes on the target PC so that I can use Truecrypt to encrypt USB sticks etc.?
I will, of course, try and get a hold of my boss and find some way to contact Microsoft, and log a case, as Tier 3 suggests, but I thought that in the meen tim, I'd ask the community.
Thanks in advance.Message was edited by: Turift on 6/1/10 12:37:47 PM CEST
EEPC5 does not check for dangerous situations, which means you can install it on a bitlocker protected machine, and then you have to clean up manually. EEPC6 checks for these dangerous situations to save you going through these efforts.
Do you have other W7 64 machines in your estate working fine? If so, what's "special" about your machine? You need to work out where this bitlocker driver came from, or probably simpler, reimage your machine back to standard to get rid of it.
Hello Mr Safeboot
Thanks for the quick reply, as always.
First of all, I like the idea of doing checks to make sure that the user don't lie when I ask them if they have another FDE product installed. Or something similar. But I don't like the fact that the checks are badly implemented (i.e. fails to recognize if in fact FDE is being used, and stops me from using TrueCrypt to encrypt my USB sticks) and the fact that they cannot be disabled/removed. If, like in this case, I do get into trouble I'd like do make that decision myself if I'm willing to take the risk of "clean up manually" in order to save time and money for me and my clients to not have to go through all his troubleshooting. It should be optional, but by all means enabled by default.
So for your questions:
Yes I have some other Win7 64-bit machines that works. The only thing we could find that was "special" was the fvevol.sys kernel driver.
Reimage the computer is a way to "solve" this I guess. And while I often recommend this, I really wan't to understand EEPC6 and why it's behaving like this, and to just go the default Microsoft problem solving way by reboot/reimage isn't going to solve this, it's just a way around the problem. So when my clients experience this and say "There's like totaly no way for you to reformat my computer because I'm soo important" I can hopefullt remedy that instead of logging another McAfee case.
No thoughts on how do disable the fvevol.sys kernel driver from loading when Windows starts?
Thankson 6/1/10 2:52:34 PM CEST
sorry no, I have no idea why your machine is reporting Bitlocker as active, and other machines are not :-( And no, I don't know the official way of disabling that driver, which to be honest, should not be there in the first place.
You can turn off competitive checks in the EEPC machine policy though? Why don't you do that if you are prepared to take the chance?
I'm guessing that's a guess from your side? Because like SafeBoot indicated; that would be interesting to do with a kernel driver that's marked critical.
But, I'm game; it gave me a BSOD, even in safemode
So, I have some things to fix before continuing
Sure it was a guess. You have asked how to disable driver, I answered it.
Interesting part is that I have EEPC v6 installed on my W7, despite this driver being active.
So it is something else going on there. Again, lack of good EEPC v6 installation analysis guidelines hampers efficient troubleshooting.on 6/1/10 10:13:37 AM EDT
Hehe, no grudge agains you, I'm thankfull that you trying to help Peter_eepc.
Computers' backup again.
It's intresting that you have the same driver going, I haven't acctually looked at another computer for that file. I'll do that.
EEPC v6 checks for compatibility only if incompatible product have been imported to ePO and checkmarked.
By default none of incompatible products is being checked.
See ePO "Configuration" -> "Server settings" -> "Endpoint Encryption" -> "Non Compatible Products"