most likly you have a rootkit on your machine, so you could try restoring the SBR (depending on what version of EEPC - if it's 6 I don't believe this option is available), otherwise your only route forward is a manual decryption of the drive, then fixMBR to flush the root kit out.
How many sectors did you try to load into the workspace though? You really only need to load up a few dozen at most.
We are on version 6.0.1. I tried loading all sectors for the boot drive, maybe that's why I received the "insufficient memory"? It seemed no matter what option I tried, I would receive a different error.
This is concerning my manager and myself, as we have only deployed this to about 15 machines so far. No matter what we do we cannot get control on the malware around here. We are using ePO 4.5, AV 8.7 and cranked Artemis to its highest level. Even users without admin rights are getting hit. Oh well, that is a different subject.
Thanks! I will try your suggestions.
by the way, about loading the sectors... the PC has a Dell maint partition, I should only be doing the OS... right?
yes, the workspace is designed for a few undred sectors or so - unless you have 200GB memory you're not going to be able to load 200GB of data into it ;-)
And yes, you'd get a different error, because you were doing different things - out of memory because you were trying to load too much data, not currently active because the root kit removed the EEPC signature from the MBR etc, No Disk Information because again, the MBR hook has been overwritten. All these things are giving you information about the state of the system.
You just need to get the right export from ePO, test it with the workspace to make sure the keys are indeed correct, then decrypt the appropriate partition sector range.
rootkits are the worst thing for full disk encryption products, but it's entirely recoverable from - just decrypt the drive with the supplied tools.
Wow, what a pain!
I didn't think about how many sectors to load, just put in the starting and the range. Good to know!
The drive is de-crypting now. Thanks for all your help. I'll go ahead and close the SR once the encryption is complete and the MBR is restored/re-created.
The instructions that DLarson did were superb. I had a recovery disk (USB) created in no time. I just need to throw some AV utils on it in case I run into this again.