3 Replies Latest reply on Apr 28, 2011 10:09 AM by whgibbo

    Endpoint Encryption - complete removal

      When testing Endpoint Encryption, we encrypted some machines which we ultimately do not wish to leave encrypted.

       

      While we've successfully removed the encryption by adding them to a group with a "decrypt" policy, (and have uninstalled the ePO agent) it's not obvious how to remove the funky modified boot loader.

       

      So.. here I sit with 3 completely unencrypted drives which still have the McAfee Endpoint Encryption boot loader.  Everything I've found online refers to special magic boot disks and all sorts of restore/recover procedures to restore the boot sector.  I have a difficult time believing it has to be that complicated.

       

      What is the simplest way to let these now-unencrypted machines boot like they used to?

       

      Sorry if I sound like an idiot - I'm pretty new to this product.

       

      -Charles

       

      Message was edited by: cr0100 on 4/27/11 3:47:48 PM CDT
        • 1. Re: Endpoint Encryption - complete removal
          whgibbo

          Hi,
          Firstly could you please clarify what version of EEPC you are testing (6.1 or 6.0.x) ?

           

          To completely remove the EEPC from your test machines you would need to do the following:

          • Assign an Endpoint Encryption Product policy to the client that has 'Enable Policy' unchecked.
          • Wait for the policy enforcement to complete on the client.  Once this has finished, it  will remove the Pre-Boot Authentication (PBA)
          • Create a client task to remove the following:
            • Endpoint Encryption for PC Software
            • Endpoint Encryption Agent for Windows
          • Then optionally remove the McAfee Agent.

           

          Just decrypting the disk will not remove the Pre-Boot Authentication.

           

          Hope this helps

          • 2. Re: Endpoint Encryption - complete removal

            The trick was creating/assigning a policy with the status as "not enabled".  That was kind of... odd.

             

            Then it all worked, I got the prompt to reboot and the loader was not there.

             

            Seems... somehow... like that was more difficult to suss out than it should have been.  Ah well.  Thank you for your guidance!

             

            -Charles

            • 3. Re: Endpoint Encryption - complete removal
              whgibbo

              The point to remember is that you can enable EEPC without encryption, which will just give you the PBA.  This allows for testing of hardware without encrypting the disk..

               

              Anyway glad that I could help.