cancel
Showing results for 
Search instead for 
Did you mean: 
tun
Level 7
Report Inappropriate Content
Message 1 of 7

Unable to decrypt McAfee Drive Encryption

Dear All,

I am using Lenovo X240 with Windows 7 Professional (32 bits) encrypted All the partitions with McAfee Drive Encryption version 4.8.0.1500.

Unfortunately, Windows boot partition corrupted and i am unable to retrieve data. When i decrypt using EE tech 7.1, i received WARNING message "could not detect a version of McAfee Drive Encryption on this system. If this system was known to be active, please ensure that you are using the corresponding version of DETech/WinTech and check that the boot disk is set correctly. This version of DETech/WinTech is 7.1"

Please give me advise for this matter

6 Replies
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Unable to decrypt McAfee Drive Encryption

Moved to EPO managed if you think another forum better like EMM managed let me know and I will move this post again. Better here to get an answer as more like users here than in original area you posted in.

McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 3 of 7

Re: Unable to decrypt McAfee Drive Encryption

There are 4 different combinations that are possible that you will need to verify before attempting a decryption of a system.

First, verify the version of Drive Encryption on the system from ePO and ensure you are using the same version of DETech. This can be seen by selecting system in the system tree and clicking the products tab. If the system is 7.1.3.604, you should use a 7.1.3.604 DETech. The 4.8 version you are seeing is the version of McAfee Agent rather than Drive Encryption.

Next you will need to check the Firmware type of the system. It will either be BIOS or UEFI. This can also be seen in ePO by clicking on the system in the system tree, selecting the Drive Encryption tab and clicking "More". The Firmware Type Value will show BIOS, EFI32 or EFI64.

You will also need to verify if the system is PC Software or PC OPAL. From the same screen look at the "Encryption Provider" value.

Last, verify the version of Drive Encryption on the system from ePO and ensure you are using the same version of DETech. This can be seen by selecting If the system is 7.1.3.604, you should use a 7.1.3.604 DETech. The 4.8 version you are seeing is the version of McAfee Agent rather than Drive Encryption.

Depending on these settings, you will need to create the appropriate disk:

BIOS / PC Software      - DETech Standalone or DETech WinPE

BIOS / OPAL                - DEOpalTech Standalone or DEOpalTech WinPE

UEFI / PC Software      - DETech Standalone UEFI or DETech WinPE

UEFI / OPAL                - DEOpalTech WinPE

Note: If using the DETech Standalone BIOS version booting from a USB, you must click the option to "Select Boot Disk" and select the hard drive or the error you are seeing will be seen.

Note: UEFI can be 32 bit or 64 bit. If using the UEFI DETech Standalone, you must use the correct .efi file.

Note: You can use the 32bit WinPE version on both 32bit and 64bit systems.

More information regarding creating the DETech disks can be found in PD24871.

An automated tool called EZPE used to create both WinPE and Standalone disks can be found here.

tun
Level 7
Report Inappropriate Content
Message 4 of 7

Re: Unable to decrypt McAfee Drive Encryption

Dear Jhall2,

Thanks for reply my message.

First of all, i would like to apologize that i didn't explain in details earlier in my post.

Computer’s Lenovo X240 with Windows 7 Professional (32 bits) unable to boot up computer after login McAfee login page, Boot Partition corrupted and Unable to boot Windows and Startup Repair is keep checking after restart.

After I researched, I tried to troubleshoot using https://support.microsoft.com/en-sg/kb/927392 to repair corrupted partition.


I restarted computer and McAfee login page disappear and I tried to decrypt using EE Tech 7.1 CD which is we used to decrypt using this CD.


When I booted up using EE Tech 7.1 CD, I received error message as attached file. Please give me advise to decrypt and retrieve data.

McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Unable to decrypt McAfee Drive Encryption

You overwrote the MDE MBR and replaced it with a Windows MBR. This means the BIOS is attempting to load the Windows Boot Loader rather than the MDE boot loader. The Windows boot loader is encrypted so the machine cannot boot to Windows. You will need to authenticate with the Recovery XML and select Restore MBR and restore the MDE MBR.

Highlighted
tun
Level 7
Report Inappropriate Content
Message 6 of 7

Re: Unable to decrypt McAfee Drive Encryption

Thanks for your explanation. Since this is first time i encountered this problem, It is possible to share with me step by step procedure ?

I am really appreciate your strong support.

Re: Unable to decrypt McAfee Drive Encryption

Hi

I m exactly facing same issue. Also i tried with recoveryXML file but it says cannot find primary hard disk.

After i tried to fix MBR with bootrec command m facing issue. Can u guide me how to fix it? Its really urgent for me.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator