It's known that new EEPCv6 generates recovery information in plaintext xml format, where encryption key if fully readable. So it possibly make security risk as this file may be read by unauthorized person.
In my opinion, this file should be encrypted for example by password entered during export and required to import into EETech.
What you think about this?
In my opinion it's not true, because I have to get WinTech tools (requires grant number to download) and daily authorization code (requires service portal account). If I have encryption key I can use "some other tools" to "read" encrypted disk.
It is not said that getting tech tool and daily code is hard to get, but it’s some kind of protection. Unless, McAfee implements AES in own propertiary way, then the case is simple.
Fortunately exporting recovery information can be restricted to authorized persons.
Don't rely on obscurity in obtaining WinTech/SafeTech/EETech applications, or daily codes.
Protect access to the management console and exported security information.