cancel
Showing results for 
Search instead for 
Did you mean: 
S5dreamer
Level 7

Offline scan an encrypted drive

So we have machines encrypted with EEPC v6.0.1 managed by ePO 4.5.1

How can i run an offline virus scan using an external USB drive, basically we'd like to be able to go through the preboot login and then be able to boot off a USB drive rather than booting up to the OS.

thanks in advance

0 Kudos
10 Replies
SafeBoot
Level 21

Re: Offline scan an encrypted drive

You can't boot off the hard disk (to go through the pre-boot), then boot off another media - that's not going to work.

You could add EETech to your bootable USB device though, and then mount the drive in the WinPE or whatever prior to scanning it?

0 Kudos
S5dreamer
Level 7

Re: Offline scan an encrypted drive

SafeBoot wrote:

You could add EETech to your bootable USB device though, and then mount the drive in the WinPE or whatever prior to scanning it?

Can you expand on that please ?

My bootable USB drive is using linux based boot files to boot up the machine for a scan.

0 Kudos
SafeBoot
Level 21

Re: Offline scan an encrypted drive

You won't be able to access the drive through Linux - we don't provide drivers for that OS, only Windows.

So, you're going to have to use a WinPE environment at the least.

0 Kudos
Valeinrete
Level 9

Re: Offline scan an encrypted drive

You won't be able to scan an encrypted disk neither using the bartpe stuff.. I mean you could but you should decrypt, scan the disk and than encrypt again ... too long to be really usefull, and you can't neither automate it, becouse of the daily encryption code...
could be cool if the ecnryption team provides to the Antivirus team a sort of API to the ecnryption software to permit to Virusscan an interaction with the data same as MOVE on the Citrix virtual machines

Obviously the security of the encrypted data will fall down ... but If you see BitLocker from microsoft it suffer for cold boot attacks... so .why not to think about that ?

Regards

Valentino

Message was edited by: Valeinrete on 24/09/10 09:44:14 CDT
0 Kudos
SafeBoot
Level 21

Re: Offline scan an encrypted drive

You don't need the daily code to mount a drive in eetech, so, it's entrely possible to scan a drive from an AV tool on a BartPE disk..

You just need to mount the drive first, which as mentioned, is a manual process because you need to login.

0 Kudos
S5dreamer
Level 7

Re: Offline scan an encrypted drive

Well i think i got some headway on this, using BartPE i was able to go through the authentication portion which then allowed me to browse the files of the HardDrive. So now the next step is finding an antivirus plugin that i can add to BartPE, compile it again and give it a try. If anybody knows of any good antivirus scan tools that can incorporated into BartPE CD it will be great help.

0 Kudos
SafeBoot
Level 21

Re: Offline scan an encrypted drive

0 Kudos
S5dreamer
Level 7

Re: Offline scan an encrypted drive

Info talks about installing this on the HardDrive, any instruction on how to add it to BartPE instead ?

0 Kudos
SafeBoot
Level 21

Re: Offline scan an encrypted drive

I think you'd need to make a Module for BartPE - it's all in the docs of BartPE if I remember. There also always used to be sample modules for AV solutions, you just had to download and stick the code in them.

0 Kudos