3 Replies Latest reply on May 14, 2009 12:25 PM by jvolltrauer

    SafeBoot user feedback

      Hi guys at Mcafee,

      Although SB is a great product and some major corporation have adopted it; from an IT infrastructure prespective it is an admin nightmare. We have to administrate a SB Server and 100s of SB clients out there, which drains our resources.

      There had been frequent boot record corruptions as well; as such staff downtime had been on the increase. Also the feedback from the end-users is that SB does not give them control over their PCs; for example harddisk backups and cold swap hdd standbys. SB is always in the way and they can't uninstall it to backup the hdd. Even when we are the legit user with the password when can't do it without control from the server admin.

      Whenever there is a crash, it takes 2 days to recover the PC, all because SB is in the way. I seriously think there is a better option out there. Once they have that, then we can say goodbye to SB. We understand the need to encrypt, however we must also allow room for user to manage their own PC resources to reduce downtime. We are seriously looking for an alternative.

      Thanks for listening.
        • 1. RE: SafeBoot user feedback
          Hi Which version are you running from 5500 build on there is self recovery which sovles some of the password issues your users may be having. Also we have been running about 3000 clients and the main problems are due to basic understanding of the product. When security are concerned if it very easy to use then it will be very easy to hack it. Most problems we had fixed by doing emergency boot procedure. My only wish was to able to to this process with USB boot disk as it currently stand McAfee offically only support this by booting from Floppy boot disk. hope this any help.

          Kuru
          • 2. RE: SafeBoot user feedback
            Although SB is a great product and some major corporation have adopted it; from an IT infrastructure prespective it is an admin nightmare. We have to administrate a SB Server and 100s of SB clients out there, which drains our resources.

            >some customers manage 50,000+ devices without having a dedicated team? Maybe there's some processes you're missing which could smooth out the management - what are the time consuming things you are having to do?

            There had been frequent boot record corruptions as well; as such staff downtime had been on the increase. Also the feedback from the end-users is that SB does not give them control over their PCs; for example harddisk backups and cold swap hdd standbys.

            >neither should be prevented unless you are talking about sector backups. Cold swaps are not affected at all by full disk encryption?

            SB is always in the way and they can't uninstall it to backup the hdd. Even when we are the legit user with the password when can't do it without control from the server admin.

            >you want your users to be able to disable the security!? if that's really the case, why not give each user admin rights in the EEM to their own machine, then they can turn it on and off.. Oh wait, it will stay off so problem solved..

            Whenever there is a crash, it takes 2 days to recover the PC, all because SB is in the way.

            >no reason for this - you can use wintech to boot in 30 seconds and fix most windows problems - there's no reason why problems should take you any longer than normal to resolve?

            I seriously think there is a better option out there.

            >maybe for you there is? but generally EEPC is the most widly distributed product on the market. As I say though, maybe you'd be happier with the free version from HP which users manage on their own (but does not give you any audit or compliance reporting)?

            Once they have that, then we can say goodbye to SB. We understand the need to encrypt, however we must also allow room for user to manage their own PC resources to reduce downtime. We are seriously looking for an alternative.

            >Have you considered file encryption (EEFF) instead? That's far simpler for a technical user community to deal with.

            >Perhaps you can tell us >why< you bought EEPC in the first place? was it to make you secure for compliance and regulatory reasons? If so, you are in a difficult place as giving users rights to remove the protection will, as you know, mean you have no safe harbor coverage.

            >what feature set in a FDE product are you wanting?
            • 3. RE: SafeBoot user feedback
              We currently have a touch over 1000 users on safeboot and have it at a level where it requires little to know interaction.

              A few thoughts:

              Implementing a full drive encryption solution with out a proper backup solution is asking for trouble.

              We found that cutting down on the amount of syncronizations helped a huge amount on local db corruption. We switched from 60minutes to 240 and I have yet to see a ticket with any trouble.

              Did I mention a back up solution?