I have a group of two Windows XP Pro and two Windows 7 (64-bit) Laptops. EE Agent and EEPC packages installed with no problem. System state Active and Pre-boot authentication functioning on every system.
I changed the policy applied to the group to encrypt the boot disk. After ASCI and several Agent Wakeups the XP laptos strat encryptinf but the Windows 7 machines don't.
Are you sure it is not other way round. XP x64 is not supported. Windows 7 x64 is. From release notes:
Windows Server 2003 SP1 or higher (32 bit only)
Windows Server 2008 (32 and 64 bit)
Windows XP Professional SP2 or higher (32 bit only)
Windows Vista (32 and 64 bit)
Windows 7 (32 and 64 bit), (Not XP Mode)
Yes, I'm sure! Windows XP machines are 32-bit and Windows 7 64-bit. Sorry if I didn't explain it well.
By the way, what does it mean "Not XP Mode".
Turn on logging and tell us if there are any errors. I'd also be curious if you enabled "automatic booting" in your policy if it will activate the encryption.
Here's how to enable:
Create a new registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee EndPoint Encryption\MfeEpeHost\Configuration
And insert a DWORD value with the name "LoggingLevel". The possible values are from 0 to 4. 0 being no logging and 4 being the highest level of logging.
Immediately after setting this registry setting, logging will commence. This is logging for the host and will contain various pieces of information. A file will be created in the following location:
Directory: C:\Program Files\McAfee\Endpoint Encryption Agent
I don't have the "MfeEpeHost" key, do I have to create it?
No, if you dont have this its probably the root of your problem, possibly failed install? Try uninstalling and re-installing.
Apparently the EEPC fails applying policies, if I change anything in the policy nothing is applied. The Mcafee agent log doesn't show any errors, but if I change the task to remove EEPC I receive the info "Error uninstalling EEPC". Can I "manually" remove EEPC?
i beleive you can do a command line uninstall of EEPC as long as it has not done its "sync" to the server. That is the way i understood it when reading the documentation.
If the machine is unable to synchronize, perhaps because of a network or Windows
issue, you can still remove Endpoint Encryption by performing an emergency SafeTech
removal followed by the Sbsetup –Uninstall command from the Endpoint
Encryption program files directory.
I was able to remove EEPC. I've installed it again but the problem still happens: EEPC active but no encrypting. The registry key "MfeEpeHost"was not created.