cancel
Showing results for 
Search instead for 
Did you mean: 
drx_gt
Level 7

EEPC 6.1 encrypt options

Hi,

i have some questions about the encrypt option in the product setting policy of eepc 6.1. we want to encrypt all partitions of the notebooks local disk - and that's all . in v5.x.x it was possible to select the drive letters you wanted to encrypt but now i can only choose between all disks, only boot and all disks except boot.

so what exactly is encrypted when i choose all disks? all logical partitions or EVERY disk that is found, including maybe external usb or e-sata devices?

and how about the only boot option? does that refer only to the boot partition or the physical boot drive and which effect takes the "use windows system drive as boot drive" option to that? is it right that if only boot is selected, that under windows 7 only the hidden boot partition is encrypted?

eepc version: 6.1.0

epo versoin: 4.5.4

client operating systems: windows xp, windows 7

Thanks in advance!

0 Kudos
14 Replies
georgec
Level 13

Re: EEPC 6.1 encrypt options

From what I know it encrypts only internal disks. Removable storage is ingored. As for e-sata, the OS sees it as an internal disk so it might get encrypted also.

Please see this:

https://kc.mcafee.com/corporate/index?page=content&id=KB69422&cat=CORP_ENDPOINT_ENCRYPTION_FOR_PC_5_...

It encrypts partitions, not disks, when you use the option to encrypt the boot disk and exclude all other.

George

0 Kudos
SafeBoot
Level 21

Re: EEPC 6.1 encrypt options

Yes, it does a lot of work to identify what's internal and what's external. As George says though, the OS is pretty vague regarding what's eSata and what's SATA, so at the moment unless the drive is clearly marked as removable in Windows, EEPC will consider it encryptable.

External USB drives are always detected as removable (and thus not encrypted) - it's only eSATA which is a problem at this time.

0 Kudos
drx_gt
Level 7

Re: EEPC 6.1 encrypt options

thanks, you helped me a lot so far!

but that means the same problem exists for some "normal" SATA drives, that are connected via USB, because these devices are sometimes also identified as not-removable device, right?

is there any possibilty to exclude all other partitions or disks from encryption other than C: and the windows 7 boot partition?

Nachricht geändert durch drx_gt on 21.04.11 08:05:15 CDT
0 Kudos
SafeBoot
Level 21

Re: EEPC 6.1 encrypt options

No, there's no option to exclude drives - the choices are the ones you see in the list. None, all drives, boot drive only.

The main reson people use EEPC is to comply with data protection regulations, which insist that you have to disclose the loss of control of any personal data. There's no difference in the eyes of the law between a usb drive, a laptop, a dvd or an eSata drive - so, this product (to solve this problem) will try to protect as much data as possible.

If you need drive-by-drive selection, you can continue using EEPC5 which has this feature, or submit a feature request to your McAfee Platinum Support person to have this added in v6.x in the future.

At the moment though, there's no way to make a distinction in EEPC6.0 or 6.1

0 Kudos
drx_gt
Level 7

Re: EEPC 6.1 encrypt options

Thanks for that information, I just want to make sure that I don't leave out any possibility concerning this matter.

So I did a first test with two equal notebooks.

the first one was ok, "use windows system drive as boot drive" option was unchecked and only the win7 boot partition was encrypted.

the second one didn't encrypt the c-partition either, although the option was checked for this one.

DLarson said, that EEPC assumes whatever is numbered as disk 0 by the OS is the boot disk.

is there any known problem or reason why the system partition of the second client stayed unencrypted or did I get that wrong and it is meant to work that way?

0 Kudos
DLarson
Level 12

Re: EEPC 6.1 encrypt options

So are you saying that only the Windows 7 boot partition was encrypted if you enabled the option and when you disabled the option? I think that would be the expected behavior since that hidden partition is your boot disk.

You could also look in disk manager and see if it marks that Windows 7 boot partition as disk 0.

0 Kudos
drx_gt
Level 7

Re: EEPC 6.1 encrypt options

both of them, the boot partition and the system partition (C) are on disk 0, that's why i'm wondering why the system partition isn't encrypted when the option is enabled .

0 Kudos
SafeBoot
Level 21

Re: EEPC 6.1 encrypt options

it's not so important what the disk number is, it's whether it's the boot partition or not. If you want all partitions encrypted, you need to select that option - anything else limits the number of (fixed disk) partitions that EEPC will try to protect.

Fianlly, it only protects things visible within windows that have a drive letter - so anything else will be skipped. No GPT disks, no hard-linked partitions. It MUST be a basic disk with a drive letter to be supported.

0 Kudos
kevin_arw
Level 7

Re: EEPC 6.1 encrypt options

@Mr. SafeBoot

As always, thanks for hte inforamtion you provide.  I jsut encountered my first eSATA situation and EEPC 6.1 automatically encrypting.  If I were to introduce EEFF and whitelist this particular drive using the device ID, would this work as a solution to not encrypt this drive? 

I ask because in this situation, this is an engineer using the eSATA for non-business data purposes, supporting the business applicaton toolsets they use off the drives. 

Thanks.

0 Kudos