3 Replies Latest reply on Feb 18, 2016 8:21 AM by bhautik

    The "Drive Encryption System Status" remains active after disabling the drive encryption

    jcgonzales

      Hello,

       

      We are in the process of upgrading the whole set of PC from Windows 7 to windows 10, and for this purpose we need to remove the encryption on a bunch of lapotops.

       

      With the help of the "McAfee Drive encryption - Product guide 7.1", we have applied the recommandations from the chapter named "uninstalling the Drive Encryption client", "Disable the Drive Encryption client" paragraph but the "Drive Encryption System Status" remains active, so no way to go further. We experience this behavior on a regular basis, with no clue to avoid it.

       

      What is the trick to set the "Drive Encryption System Status" to Inactive at this point or more clearly, what is the common known mistake to be in such a situation ?

       

      Thank you in advance for you help

       

      Jean-Christophe

        • 1. Re: The "Drive Encryption System Status" remains active after disabling the drive encryption
          bhautik

          Hope you have disable the policies and Disk set to None to remove it. But if you can elaborate a little on ""but the "Drive Encryption System Status" remains active, so no way to go further. We experience this behavior on a regular basis, with no clue to avoid it"" it will help to understand.

           

          One thing you can try,

          Create Tag - Decrypt.

          Create Drive Encryption policy - Product one - Deselect Enable Option and Encryption set to None for all drive.

          Create Policy Assignment Rule and assign Drive Encryption Product policy to Decrypt with tagged system Decrypt.

          Create Client Task - with Encryption uninstall with Decrypt tag.

           

          Hope this will help


          • 2. Re: The "Drive Encryption System Status" remains active after disabling the drive encryption
            jcgonzales

            Thank you for your suggestions, but what do you mean by "tag" ? Policy and task entities, ok, but tag ?

             

            The goal is to remove the encryption, and after having deactivated the encryption, the PC is well decrypted, but the encryption statut displays "Active" (both on the ePO and on the client side), although it must be inactive prior to uninstall Drive Encryption from the client system (p35 on the McAfee Drive Encryption 7.1.0 Revision B Product guide)

             

            In fact we have found a similar behaviour in the knowledge base (KB76103) which suggests to change a string value to force the (encryption) system state, We have applied the solution and we were abble to remove EEPC. 100% efficient, but there is something wrong somewhere as we should not have to change the registry manually.


            After the registry modification it is important to not synchronize either from the PC or the ePO after changing the string value in the registry otherwise the registry string value is changed again to Yes !

            • 3. Re: The "Drive Encryption System Status" remains active after disabling the drive encryption
              bhautik

              Tag is criteria to identify system in ePO, it's on Menu --> Systems --> Tag criteria

              I think this is due to some strings not uninstall properly from system and hence you have to perform manual steps.