cancel
Showing results for 
Search instead for 
Did you mean: 
cr0100
Level 7

Endpoint Encryption - complete removal

Jump to solution

When testing Endpoint Encryption, we encrypted some machines which we ultimately do not wish to leave encrypted.

While we've successfully removed the encryption by adding them to a group with a "decrypt" policy, (and have uninstalled the ePO agent) it's not obvious how to remove the funky modified boot loader.

So.. here I sit with 3 completely unencrypted drives which still have the McAfee Endpoint Encryption boot loader.  Everything I've found online refers to special magic boot disks and all sorts of restore/recover procedures to restore the boot sector.  I have a difficult time believing it has to be that complicated.

What is the simplest way to let these now-unencrypted machines boot like they used to?

Sorry if I sound like an idiot - I'm pretty new to this product.

-Charles

Message was edited by: cr0100 on 4/27/11 3:47:48 PM CDT
1 Solution

Accepted Solutions
whgibbo
Level 12

Re: Endpoint Encryption - complete removal

Jump to solution

Hi,
Firstly could you please clarify what version of EEPC you are testing (6.1 or 6.0.x) ?

To completely remove the EEPC from your test machines you would need to do the following:

  • Assign an Endpoint Encryption Product policy to the client that has 'Enable Policy' unchecked.
  • Wait for the policy enforcement to complete on the client.  Once this has finished, it  will remove the Pre-Boot Authentication (PBA)
  • Create a client task to remove the following:
    • Endpoint Encryption for PC Software
    • Endpoint Encryption Agent for Windows
  • Then optionally remove the McAfee Agent.

Just decrypting the disk will not remove the Pre-Boot Authentication.

Hope this helps

0 Kudos
3 Replies
whgibbo
Level 12

Re: Endpoint Encryption - complete removal

Jump to solution

Hi,
Firstly could you please clarify what version of EEPC you are testing (6.1 or 6.0.x) ?

To completely remove the EEPC from your test machines you would need to do the following:

  • Assign an Endpoint Encryption Product policy to the client that has 'Enable Policy' unchecked.
  • Wait for the policy enforcement to complete on the client.  Once this has finished, it  will remove the Pre-Boot Authentication (PBA)
  • Create a client task to remove the following:
    • Endpoint Encryption for PC Software
    • Endpoint Encryption Agent for Windows
  • Then optionally remove the McAfee Agent.

Just decrypting the disk will not remove the Pre-Boot Authentication.

Hope this helps

0 Kudos
cr0100
Level 7

Re: Endpoint Encryption - complete removal

Jump to solution

The trick was creating/assigning a policy with the status as "not enabled".  That was kind of... odd.

Then it all worked, I got the prompt to reboot and the loader was not there.

Seems... somehow... like that was more difficult to suss out than it should have been.  Ah well.  Thank you for your guidance!

-Charles

0 Kudos
whgibbo
Level 12

Re: Endpoint Encryption - complete removal

Jump to solution

The point to remember is that you can enable EEPC without encryption, which will just give you the PBA.  This allows for testing of hardware without encrypting the disk..

Anyway glad that I could help.

0 Kudos