cancel
Showing results for 
Search instead for 
Did you mean: 
jmcleish
Level 13

Client encryption key overwritten?

Jump to solution

At what point does an EEPC v6.1.1 client send its (or creates its) encryption algorithm to (in) ePO. When activation success is achieved or when the ee agent is installed?

I’ve been off on holiday and someone has decided to remove an encrypted drive from a machine and replace it with a newly imaged drive (unencrypted). of course they now want it decrypted and the data off it.

The existing machine doesn’t exist now in ePO and I’m thinking that because it has the same Mac address its changed the name to the new drive. It is sitting at in-active in ePO, but it’s not been on for 10 days so in theory it could have activated, but not sent that info back to ePO. I don't have access to this new drive (trying to track it down) to see whether it has activated locally in the log.

I did do the re-use key in the hope that the new disk wouldn't use a different key (- but as I say I’ll need to check locally on the client if it has activated) and she wether i'm too late

I’ve tried a decrypt on the fly with the recovery xml (which normally works), but this has not worked and now i'm thinking I may have to restore the db to another server with epo installed and export the key that way… or any other ideas?

i don't want to decrypt the drive (Remove EE) with the recovery xml, unless i can be sure that it is the original key for that drive.

Thanks

Jane

0 Kudos
1 Solution

Accepted Solutions
jmcleish
Level 13

Re: Client encryption key overwritten?

Jump to solution

OK- So in EETech I'd always used the recovery xml, but tried the "token" button.

This indeed allowed me to logon and decrypt and ghost on the fly.

Always thought this was to do with smart tokens (i.e. not password)

there's another one to add to the list!

Thanks

Jane

0 Kudos
4 Replies
SafeBoot
Level 21

Re: Client encryption key overwritten?

Jump to solution

You can use the API to export all the historic keys for a system - https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23437/en_US/...

0 Kudos
jmcleish
Level 13

Re: Client encryption key overwritten?

Jump to solution

Thanks Simon - not quite sure what to do with this at the moment but the guide references v6.1.2 and ePO 4.6.   I have 6.1.1 and 4.5 p4 HF1 - will this work for these versions?

Thanks

Jane

0 Kudos
SafeBoot
Level 21

Re: Client encryption key overwritten?

Jump to solution

You're right - the API is only available for Patch2 and beyond.

I am not sure what you can do here - you probably need to manually find the key in the SQL etc. Not sure how you do that - maybe it's time for a professional services engagement?

0 Kudos
jmcleish
Level 13

Re: Client encryption key overwritten?

Jump to solution

OK- So in EETech I'd always used the recovery xml, but tried the "token" button.

This indeed allowed me to logon and decrypt and ghost on the fly.

Always thought this was to do with smart tokens (i.e. not password)

there's another one to add to the list!

Thanks

Jane

0 Kudos