5 Replies Latest reply on Mar 24, 2014 9:10 AM by SafeBoot

    No pre-boot authentication - insecure?

    prodevaluator

      I'm currently reviewing/evaluating an install of McAfee Endpoint Encryption, used for full-disk encryption of laptops at a large company.

       

      When I read the product specs/data sheets for McAfee Endpoint Encryption online, it says that the product should have preboot authentication. When I start the computer, there are no prompts for anything though, until I arrive at the normal Windows login prompt AFTER the normal Windows login sequence has finished.

       

      When I use the McAfee Agent inside Windows though, it does indeed say that the C: disk is encrypted.

       

      My question then is: Why is there no preboot authentication as promised, and can this really be secure?

       

      My software versions, as reported by the McAfee Agent "McAfee Endpoint Encryption status" screen, are as follows:

       

      McAfee Endpoint Encryption Core Provider Plugin - 1.1.2.314

      McAfee Endpoint Encryption Product Detection Plugin - 1.1.2.314

      McAfee Endpoint Encryption Provider Plugin for PC - 6.1.2.314

      McAfee Endpoint Encryption ePO Plugin - 1.1.2.314

      McAfee Endpoint Encryption Agent Host - 1.1.2.314

        • 1. Re: No pre-boot authentication - insecure?

          Did you set "Allow temporary automatic booting"?

           

          p58

           

          https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 24000/PD24140/en_US/Endpoint_Encryption_7_0_Product_Guide.pdf

           

           

          Yes, it's not secure if you have this mode enabled.

          • 2. Re: No pre-boot authentication - insecure?
            prodevaluator

            Thanks for your reply!

             

            I did not set up this system myself, so I'm unfortunately not aware if this has been done before I received it. Is there any way I can verify this, e.g. by looking at some registry key values or something like that?

             

            (I currently do not have local admin access to the test computer, which seems to be required for using the commands specified for that task in the product guide that you linked to)

            • 3. Re: No pre-boot authentication - insecure?

              you need to look in the policy within EPO itself, but if you are seeing a quick flash of "Starting EEPC..." as the machine boots, then it's likely whoever set it up enabled this.

               

              If you are evaluating EEPC though, just contact your McAfee reseller and get some professional help. No point struggling on your own.

               

              Message was edited by: SafeBoot on 3/24/14 9:52:39 AM EDT
              • 4. Re: No pre-boot authentication - insecure?
                prodevaluator

                Thanks again!

                 

                Just one (hopefully) last question:

                 

                Is it possible (given e.g. the reported modules/version in my original post above) that the computer in question is running some other version of McAfee Endpoint Encryption than the "ePO Managed" version, and in that case, would your answers be any different?

                 

                I selected this forum (i.e. instead of the "EEM Managed" one) because my  "McAfee Endpoint Encryption status" screen in the local McAfee Agent in the computer included the "McAfee Endpoint Encryption ePO Plugin", but perhaps that is not definitive proof that the computer is running the "ePO Managed" version, or is it? Could it be running the "EEM Managed" version instead? How can I check this?

                 

                And about the "evaluation", it's really more of a review of a test configuration of an already purchased product, and I don't have the contact details to the entities you mention, since I'm just a lowely techie assigned to investigate this myself, so I feel that I have to get back with some kind of result myself before just referring to some external sales department or support line or similar.

                • 5. Re: No pre-boot authentication - insecure?

                  No, you're running EEPC 6.1, quite an old version of the product now but absolutely the EPO connected version. EEPC5 is the stand-alone version.

                   

                  If there's no pre-boot authentication, but the machine is listed as encrypted, then the key is stored on the drive (a bit like leaving your house keys in the outside of the lock). It's absolutely not "secure" though it is very convenient for users.