1 2 3 4 Previous Next 33 Replies Latest reply on Sep 12, 2012 4:33 PM by SafeBoot

    SafeTech Decryption Option is 100% unacceptable!

      We have been using McAfee Endpoint Encryption since it was called SafeBoot.  In the past, you could use a BartPE, sometimes called a Wintech disk to decrypt/remove EEPC from a machine which took only hours to complete, or use the regular SafeTech disk, which takes literally DAYS to decrypt a machine.  We are running Endpoint Encryption 5.2.10 and please, don't tell me to upgrade and my problems will disappear because we all know that is not going to happen.

       

      So today, I tried to create a new BartPE disk, but it is not pulling in the necessary EEPC plugin files.  I have tried this numerous times, so I know it doesn't work.  all it does is create a BartPE disk to boot the computer.  No way to authorize to Safeboot, blah blah.  I can't even get the A43 File Utility to work to get this guy's stuff off to ensure data is saved.  I'm basically taking a big risk here in that I'm hoping that decryption goes off without a hitch and not crash and burn in the middle of the process, thereby abandoning all hope of recovering anything.  This should be stricken from the McAfee Tech's KB like today.  I've wasted 4 hours of my day trying this.

       

      Therefore, I am now restorted to using a SafeTech disk, that will take over 2 days to fully decrypt a computer, just so I can troubleshoot a corrupted Windows boot sector problem.  Days vs hours....This is ridiculous.  Why does it only take about 4 hours to encrypt a machine, but DAYS to decrypt?  It mystifies me!

       

       

      So my question is this, is McAfee working on now, or will release soon a better, and faster tool to encrypt/decrypt a machine?  If not, why?  Is there some other resource I can use that will accomplish my goals?

        • 1. Re: SafeTech Decryption Option is 100% unacceptable!
          mat.kordell

          First off I'm in complete ageement with you.  The bood disks are crap.  Now let me answer your questions.

           

          I just upgraded to 6.2 and it is awesome.  I would highly recommend it.  The new safetech standalone disks don't take days, maybe a good part of a day to decrypt.  The new safetech winPE disks are a lot more straight forward to make (so I'm told, i still haven't bothered after my bad experiences with 5.2 and bartPE) and the step-by-step process is well documented in the product guide.

           

          The reason for the big difference in time (so I'm told by mcafee people) is drivers.  The winPE/bartPE disk has the filter drivers and can take full advantage of the power of your system vs the standalone disk is using the drivers at the bios level and can't use any advanced memory or processor features.

           

          No McAfee will not be creating a new type of boot disk, although they have moved to winPE from bartPE which is supposed to be much more straight forward.  They have told me that they look at this boot disk flexability as a feature and provide the standalone bootdisk as a alternative.

           

          I know you don't want to hear this but if at all possible upgrading to 6.2 is pretty great.

          • 2. Re: SafeTech Decryption Option is 100% unacceptable!

            As Mat says, the speed disparity is due to the Windows version being able to use all the resources of the hardware, drivers etc, and the stand-alone version having to use the bios for everything.

             

            With BartPE/WinPE - the most common reason you won't see anything in the file browser etc, is because your CD does not contain the right drivers for your hardware.

             

            The clearest cut example of this is if the drive does not appear at all (no C: etc) - EEPC does not hide the drive, it just encrypts the data. Nothing EEPC does will stop Windows showing you the drive. It will just appear unformatted.

             

            So, no drive means Windows can't see the hardware, thus usually, missing drivers.

             

            The solution, either add the right hard disk drivers to your CD, or switch the BIOS into ATA or "compatibility mode", then the built in Microsoft Drivers tend to work fine (though slower of course than the manufacturer drivers).

            • 3. Re: SafeTech Decryption Option is 100% unacceptable!
              mat.kordell

              I should mention, because I probably often come off as a total jerk, that while I do quite a bit of hating on the boot discs around these forums, EEPC is a great product and the boot disc is one small blemish on an otherwise killer peice of software.  We just upgraded from 5.2 to 6.2 recently and I could have just as easily went with bitlocker but I didn't because EEPC is awesome.

              • 4. Re: SafeTech Decryption Option is 100% unacceptable!
                pierce

                Agree with Mat, We are upgrading to 6.2 at the moment and its made it much more useful and one less management server to have to manage. I agree the boot disks are a bit naff but they have always saved the drives that were recoverable. Its worth mentioning they are 'emergency' boot disks, i would never use them to encrypt a machine unless i was trying to waste days of my life :-)

                 

                And if the machine is busted then it taking a day to decrypt and recover all the files is fine, just make sure you have a process to have a spare machine to dish out when needed!

                • 5. Re: SafeTech Decryption Option is 100% unacceptable!

                  pierce wrote:

                   

                  Agree with Mat, We are upgrading to 6.2 at the moment and its made it much more useful and one less management server to have to manage. I agree the boot disks are a bit naff but they have always saved the drives that were recoverable. Its worth mentioning they are 'emergency' boot disks, i would never use them to encrypt a machine unless i was trying to waste days of my life :-)

                   

                  And if the machine is busted then it taking a day to decrypt and recover all the files is fine, just make sure you have a process to have a spare machine to dish out when needed!

                  pierce, we never use the Safetech disks to encrypt.  They are only to emergency boot, or decrypt a computer as a last resort.  As for having a spare, we of course do that, but it does not take 1 day to decrypt.  On the average, it takes 3 full days to decrypt.  So that's three full days of someone using a spare.  That's just unacceptable.

                   

                  Safeboot -

                   

                  I again will reiterate, that McAfee has an Encryption product that encrypts within hours.  Yet, it takes days to decrypt.  Relying on some random programmer on the net to come up with BartPE and then make a piecemeal boot disk, and with Windows XP at that in a Windows 7 age, makes me think two things:

                   

                  1.  McAfee is that cheap that the will not develop their own Windows Based Decryption program

                  2.  McAfee does not care that their users of their products have to sit through such an agonizing decryption process.

                   

                   

                  As for the drivers aspect, I have followed your KB to the letter and still the drivers do not show when I make my disk.  I had to have a tech rep from McAfee make it for me.  When I asked what did he do different, he stated, "Nothing, just followed the KB", then proceeded to list what he did, which was different than the posted documentation.  Again, this is another area where McAfee gives the appearance that they do not care at how time consuming all of this is.

                   

                   

                  SO, the ultimate question again is this.  Is McAfee now, or are their any plans in the near or distant future to come up with a better decryption option than the Slower than Molasses Safetech Disk, and the completely unreliable BartPE Wintech disk?

                  • 6. Re: SafeTech Decryption Option is 100% unacceptable!

                    1. We do have our own Windows based decryption program - it's shipped with all versions of WinTech/EETech - you just have to create it with Microsoft WinPE as the foundation.

                     

                    2. Of course we care, that's why we offer both a stand alone version, and one that you can build using your licence of WinPE.

                     

                    3. It already exists - the WinPE version - I think what you are missing is that McAfee cannot provide this disk to you directly - Microsoft simply don't allow it. They stopped allowing any vendor to offer WinPE based products a while ago.

                     

                    We can provide the drivers, the instructions, help etc, but we cannot give you a ready made CD image. It has to be made by your company using your licences.

                     

                    Now of course, we can provide someone to push the buttons for you and build it on your site, but our people can't give you one created under a McAfee licence - again, Microsoft forbids it.

                     

                    I know WinPE is challenging to get started with, but that's the direction Microsoft have taken - Once you're familiar with it, it's pretty obvious though.

                     

                    Now, if you can point me to the documentation that you found to be incorrect, I will make sure it's corrected for you. What ships with the product should be 100% accurate. I know there are many older docs though for previous versions of WinPE in circulation - most commonly the problems I see is people are trying to use docs written for Windows AIK, WinPE3.0 etc, with WinPE3.1, which simply won't work as the commands are all different.

                     

                    Message was edited by: SafeBoot on 9/12/12 12:37:23 PM EDT
                    • 7. Re: SafeTech Decryption Option is 100% unacceptable!

                      WIndows PE, never even knew this was an option.

                       

                      If you have documentation on this, I will try to give this a shot.  I would like the most current solution available please

                      • 8. Re: SafeTech Decryption Option is 100% unacceptable!

                        Unfortuantely you are not using the current version of EEPC (v6) - you are on a legacy version, so there's limited published information on that. WinPE though is really easy now, and the BartPE plugin (and associated files) are exactly what you need to build it - you just create your basic PE "shell", make the registry changes as per the files, copy the drivers into the right folders etc and then commit the image.

                         

                        I wrote a blog article on how to do it a while ago though which I believe is still current - http://ctogonewild.com/2009/08/25/disaster-recovery-wintech-and-pe3/

                        1 2 3 4 Previous Next