Jump to content
dpeters11

FDE question [Not a bug]

Recommended Posts

I was reading the release notes and have questions regarding this:

If the computer has the encryption module of Kaspersky Endpoint Security 10 Service Pack 1 installed, it also must be updated to the Service Pack 1 Maintenance Release 2 (Beta) version. In this case, the update for AES Encryption Module (56 bit) can be installed concurrently with the application update during a single restart. An update for AES Encryption Module (256 bit) can only be installed after the application update completes. That is, if AES Encryption Module (256 bit) is installed on the computer, you will have to restart the operating system twice in order to complete the full upgrade of the application and the encryption module.

 

• The functionality of full disk encryption will remain blocked until installation of updates for the application and encryption module completes.

 

If a system is on SP1 and using the 256 bit AES module 1.0.2.1068, does that module need updated to the MR2 level?

Can this be done without decrypting first? I'm not sure what it means that FDE functionality would be blocked until the installation is complete. If it's encrypted, and a second restart is needed, yet functionality is blocked, how would the system be able to boot?

Share this post


Link to post
I was reading the release notes and have questions regarding this:

If the computer has the encryption module of Kaspersky Endpoint Security 10 Service Pack 1 installed, it also must be updated to the Service Pack 1 Maintenance Release 2 (Beta) version. In this case, the update for AES Encryption Module (56 bit) can be installed concurrently with the application update during a single restart. An update for AES Encryption Module (256 bit) can only be installed after the application update completes. That is, if AES Encryption Module (256 bit) is installed on the computer, you will have to restart the operating system twice in order to complete the full upgrade of the application and the encryption module.

 

• The functionality of full disk encryption will remain blocked until installation of updates for the application and encryption module completes.

 

If a system is on SP1 and using the 256 bit AES module 1.0.2.1068, does that module need updated to the MR2 level?

Can this be done without decrypting first? I'm not sure what it means that FDE functionality would be blocked until the installation is complete. If it's encrypted, and a second restart is needed, yet functionality is blocked, how would the system be able to boot?

Yes it can be done without decryption. Blocked functionality mean that you will not be able decrypt disks or manage created fde accounts or add new accounts. System must boot normaly during update.

Share this post


Link to post
Yes it can be done without decryption. Blocked functionality mean that you will not be able decrypt disks or manage created fde accounts or add new accounts. System must boot normaly during update.

 

Thanks. I'm very glad to hear this. It wasn't pleasant to have to decrypt and re-encrypt to go to SP1.

Share this post


Link to post
Thanks. I'm very glad to hear this. It wasn't pleasant to have to decrypt and re-encrypt to go to SP1.

Sorry, wait a moment, we are clarifying this answer

Share this post


Link to post
Thanks. I'm very glad to hear this. It wasn't pleasant to have to decrypt and re-encrypt to go to SP1.

Sorry i misunderstood your questions, to install MR2 you need decrypt all disks, BUT next release patches will not need decrypt all disks to install new version of patch.

Share this post


Link to post
Sorry i misunderstood your questions, to install MR2 you need decrypt all disks, BUT next release patches will not need decrypt all disks to install new version of patch.

 

Great, so to go from SP1 MR1 to SP1 MR2 will require decryption?

Share this post


Link to post
Great, so to go from SP1 MR1 to SP1 MR2 will require decryption?

 

Yes, before migrate need decrypt hard drives

Share this post


Link to post

Then what we may just have to do is upgrade the rest of the systems that aren't on SP1 yet and leave SP1 MR1 on the other systems.

 

It wouldn't be so bad if there was no user interaction, but having to send out instructions, dealing with users that don't do it right etc is way too involved.

 

Then sure, as you say MR3 or whatever won't require decryption, but then if the next release does...do it all over again.

Share this post


Link to post
Then what we may just have to do is upgrade the rest of the systems that aren't on SP1 yet and leave SP1 MR1 on the other systems.

 

It wouldn't be so bad if there was no user interaction, but having to send out instructions, dealing with users that don't do it right etc is way too involved.

 

Then sure, as you say MR3 or whatever won't require decryption, but then if the next release does...do it all over again.

 

Hello,

please clarify your question.

Do you ask about possibility to decrypt and encrypt disks without user interaction ?

Thank you.

Share this post


Link to post
Hello,

please clarify your question.

Do you ask about possibility to decrypt and encrypt disks without user interaction ?

Thank you.

 

Well, it certainly would make it easier if they didn't have to re-input the domain and set their password again.

 

It's enough that if we move to Windows 10, we'll probably stop using Kaspersky FDE and move to Bitlocker.

 

To be clear, in this case, I'm not really talking about updating to MR2 beta, but once we get the production code. If there will be a difference in the ability to install on encrypted systems between the beta and final release, that would be an important distinction.

Share this post


Link to post
Well, it certainly would make it easier if they didn't have to re-input the domain and set their password again.

 

It's enough that if we move to Windows 10, we'll probably stop using Kaspersky FDE and move to Bitlocker.

 

To be clear, in this case, I'm not really talking about updating to MR2 beta, but once we get the production code. If there will be a difference in the ability to install on encrypted systems between the beta and final release, that would be an important distinction.

 

Do you wish to get successful upgrade without disk decryption ?

Thank you.

Share this post


Link to post
Do you wish to get successful upgrade without disk decryption ?

Thank you.

 

I would certainly yes. Like moving from KES 10 SP1 to KES 10 SP1 MR1.

Share this post


Link to post
Sorry i misunderstood your questions, to install MR2 you need decrypt all disks, BUT next release patches will not need decrypt all disks to install new version of patch.

 

Hi,

 

As my colleague mentioned earlier,to install MR2 you need to decrypt all disks, in future, when there will be patches, decryption is not needed.

 

BR

Share this post


Link to post
Hi,

 

As my colleague mentioned earlier,to install MR2 you need to decrypt all disks, in future, when there will be patches, decryption is not needed.

 

BR

 

I'm curious, when you say in the future decryption is not needed, how far out are you talking? MR3? MR4+? SP2? Or even further out?

Share this post


Link to post

Hi,

 

I'm after test of Symatec PGP and i would try to finish FDE with Kaspersky which we already have. I test on agent 10.2.434 + KES 10.2.2.10535.

When new version will be available do I need decrypt before update KES?

I see many different opinion above. Please clear explanation.

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.