5 Replies Latest reply on Dec 12, 2016 6:11 PM by tun

    Unable to decrypt McAfee Drive Encryption

    tun

      Dear All,

       

      I am using Lenovo X240 with Windows 7 Professional (32 bits) encrypted All the partitions with McAfee Drive Encryption version 4.8.0.1500.

      Unfortunately, Windows boot partition corrupted and i am unable to retrieve data. When i decrypt using EE tech 7.1, i received WARNING message "could not detect a version of McAfee Drive Encryption on this system. If this system was known to be active, please ensure that you are using the corresponding version of DETech/WinTech and check that the boot disk is set correctly. This version of DETech/WinTech is 7.1"

       

      Please give me advise for this matter

        • 1. Re: Unable to decrypt McAfee Drive Encryption
          Peacekeeper

          Moved to EPO managed if you think another forum better like EMM managed let me know and I will move this post again. Better here to get an answer as more like users here than in original area you posted in.

          • 2. Re: Unable to decrypt McAfee Drive Encryption
            jhall2

            There are 4 different combinations that are possible that you will need to verify before attempting a decryption of a system.

             

            First, verify the version of Drive Encryption on the system from ePO and ensure you are using the same version of DETech. This can be seen by selecting system in the system tree and clicking the products tab. If the system is 7.1.3.604, you should use a 7.1.3.604 DETech. The 4.8 version you are seeing is the version of McAfee Agent rather than Drive Encryption.

             

            Next you will need to check the Firmware type of the system. It will either be BIOS or UEFI. This can also be seen in ePO by clicking on the system in the system tree, selecting the Drive Encryption tab and clicking "More". The Firmware Type Value will show BIOS, EFI32 or EFI64.

             

            You will also need to verify if the system is PC Software or PC OPAL. From the same screen look at the "Encryption Provider" value.

             

            Last, verify the version of Drive Encryption on the system from ePO and ensure you are using the same version of DETech. This can be seen by selecting If the system is 7.1.3.604, you should use a 7.1.3.604 DETech. The 4.8 version you are seeing is the version of McAfee Agent rather than Drive Encryption.

             

            Depending on these settings, you will need to create the appropriate disk:

             

            BIOS / PC Software      - DETech Standalone or DETech WinPE

            BIOS / OPAL                - DEOpalTech Standalone or DEOpalTech WinPE

            UEFI / PC Software      - DETech Standalone UEFI or DETech WinPE

            UEFI / OPAL                - DEOpalTech WinPE

             

            Note: If using the DETech Standalone BIOS version booting from a USB, you must click the option to "Select Boot Disk" and select the hard drive or the error you are seeing will be seen.

            Note: UEFI can be 32 bit or 64 bit. If using the UEFI DETech Standalone, you must use the correct .efi file.

            Note: You can use the 32bit WinPE version on both 32bit and 64bit systems.

             

            More information regarding creating the DETech disks can be found in PD24871.

            An automated tool called EZPE used to create both WinPE and Standalone disks can be found here.

            • 3. Re: Unable to decrypt McAfee Drive Encryption
              tun

              Dear Jhall2,

               

              Thanks for reply my message.

               

              First of all, i would like to apologize that i didn't explain in details earlier in my post.

               

              Computer’s Lenovo X240 with Windows 7 Professional (32 bits) unable to boot up computer after login McAfee login page, Boot Partition corrupted and Unable to boot Windows and Startup Repair is keep checking after restart.

               

              After I researched, I tried to troubleshoot using https://support.microsoft.com/en-sg/kb/927392 to repair corrupted partition.


              I restarted computer and McAfee login page disappear and I tried to decrypt using EE Tech 7.1 CD which is we used to decrypt using this CD.


              When I booted up using EE Tech 7.1 CD, I received error message as attached file. Please give me advise to decrypt and retrieve data.

              • 4. Re: Unable to decrypt McAfee Drive Encryption
                jhall2

                You overwrote the MDE MBR and replaced it with a Windows MBR. This means the BIOS is attempting to load the Windows Boot Loader rather than the MDE boot loader. The Windows boot loader is encrypted so the machine cannot boot to Windows. You will need to authenticate with the Recovery XML and select Restore MBR and restore the MDE MBR.

                • 5. Re: Unable to decrypt McAfee Drive Encryption
                  tun

                  Thanks for your explanation. Since this is first time i encountered this problem, It is possible to share with me step by step procedure ?

                  I am really appreciate your strong support.