Well the title is how it all started and still have.
When I try to decrypt with the eetech boot disk it tells me encryption is not active....no matter what button I press inside eetech I still get the same thing on the mcafee login screen.
The laptop will not decrypt if I use recovery to log into windows either.
So what now?
And by the way, if your not going to create a recovery iso for customers and push us off on BartPe or whatever BS that is then actually support that option. Following your documentation gets you about 15% of the way there, it's just atrocious. NO mention of adding storage drivers, NO mention of having to build on a 32 bit system to make it work right, yeah yeah I read all about "licensing issues" well create one with Linux or OS/2 for that matter I know IBM owns that.......I'm hoping I get an answer from someone here before next year since this community seems like a graveyard for unanswered questions.
At least MS tools that don't work are easy to download and use.
Oh and BTW when I try to Remove EE I get Error EE120000, Endpoint Encryption is not currently active.
So that's where I'm at, any documentation on what to do?
if you're getting an EEPC error when you boot the machine, but xTech tells you that EEPC is not installed, then you have a root kit virus.
use EETech Standalone and do a force decrypt of the drive using the disk information to get the sector range, and the key dump from EPO. It will take many hours but will work and you won't have to deal with WinPE
Alternatively, you need a working WinPE etc version. You don't need to build it on x32 but if you build it on x64 use the 64bit drivers, not the 32bit drivers - WinPE does not support WOW64. That's a Microsoft condition.
If you don't want to go through the hassle of installing third party storage drivers, simply switch the BIOS HDD mode on the machine to "compatibility" - then the built in Windows drivers will work.
If I have a virus Mcafee VirusScan enterprise doesn't see it, even after a forced scan?
Support sent me the standalone iso of eetech, but it won't read the USB drive with the authentication file on it, and any button I press on the bottom causes it to hang so that's pretty useless, do I have to use compatibility mode for the one use guys send out (for the HDD)?
I have the BartPe built and that boots and reads the USB drive, I'm decrypting the drive now because what do I have to lose. Once decrypted though will I be able to get past the PBFS? Or how do I get it to finally rebuild the PBFS? Will it let me remove EE from EEtech then? Getting to the data wasn't an issue as I mentioned I could use the machine recovery method to get into windows anyway...this has all been a project to see how the tools work and see if this thing could get put back into production without a reload.
It's late on a Friday so I don't know if I'll see this thing finish decrypting today, but I will leave you with one last question because I've fought with this laptop to long anyway and it might get reloaded/shelved.
On the licensing in EPO do I regain the license if I just delete this machine within EPO or does EPO have to see the uninstall? I'm tight on EE licenses so I need to regain this one if it's not restored as it sits.
If it's a root kit, possibly not. Are you running Deep Defender? You could try a stinger scan - http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
Standalone does not use any drivers. Only Windows needs a driver (so it can run faster than the built in BIOS support), so the HDD mode does not matter UNLESS the BIOS is buggy, then compatibility mode is usually more reliable.
Did you use the force decrypt, or the remove option? If it's the former, you need to restore the MBR to clear out the EEPC boot loader. If you did remove, it will do it for you.
You can delete the machine from EPO once you're done. Depending on what version you are using (ie 6.2+) , the key will remain in the DB in case you need it again.