Jump to content
mclawler75

Unoffical Poll.... FDE (Full Disk Encryption)

Recommended Posts

I'm curious, how many of you out there are using Kaspersky FDE, we are attempting to use it at a couple of our plants to test it out, and it is not going well.  Before I expand the test any further, I'd like to get some anecdotal evidence of how many others out there are using it.

When all said and done we would have about 1200 clients running it, so far we've done about 50 for testing.

 

Thank you all,

Mike

Share this post


Link to post

We're about to deploy it.  What issues are you having?

Our testing was a struggle.  We had to get a patch from Kaspersky to additionally install.  Without the patch, it would pass the pre-encryption tests just fine but then once it rebooted after it got encrypted, the keyboard and mouse wouldn't work on the pre-boot screen.

Share this post


Link to post
2 часа назад, mclawler75 сказал:

I'm curious, how many of you out there are using Kaspersky FDE, we are attempting to use it at a couple of our plants to test it out, and it is not going well.  Before I expand the test any further, I'd like to get some anecdotal evidence of how many others out there are using it.

When all said and done we would have about 1200 clients running it, so far we've done about 50 for testing.

 

Thank you all,

Mike

Hi,

Please specify versions that you use.

Thank you!

Share this post


Link to post

Personally I've tried KES10SP2, and KES10SP1MR3 and MR4....

But ANY version of KES10 would work for my questioning.

I'm in the same boat as you Waterloo, our testing has been extremely painful, to the point that I'm questioning if we made the correct choice in using this for encryption.

We have the keyboard issue, and on any new Dell we get BSOD after encryption.  These are all latest generation systems.

Edited by mclawler75

Share this post


Link to post

I'm having a TON of problems on Dell Notebooks with Kaspersky FDE.  I have tickets open for all of them (5 total so far).

Share this post


Link to post

Our issues were on Dell laptops as well, and we run the Latitude series, both Ultrabooks and the E series (and now what was previously known as their E series).  Ever since I got pf3078 and ironed out an issue with not having "active accounts" properly set up for the authentication agent, we since have not run into issues.  Granted, we're at the head end of deploying it, so I hope that doesn't mean we'll run into issues later, but I have not witnessed BSODs and I'm not even really sure how that would be related.  I questioned if there was something in BIOS that was preventing things from working, because I got sent these articles https://support.kaspersky.com/9992  https://support.kaspersky.com/13486 , but I also got laptops to work when it was my understanding that they would have that Intel Rapid Start functionality.  I was reading up on the upcoming version 11 and in their release notes they do mention some laptops which will then be taken off of the list of computers which aren't compatible, which doesn't help the situation right now, but it leads me to believe that they're actively working on these issues.

 

My "active account" issue, in case anyone is wondering: I would get an error anytime the encryption task ran and I'd get maybe 6 errors.  Every other error said the device was incompatible and the opposite messages would say there were no active accounts.  I had been hoping to add users manually as opposed to adding whichever user was logged on, to add them to the allowed accounts list, but my wanting to manually do it wasn't working.  Even though I would successfully add an account before encryption started (or tried), it was only when I checked the box to say to automatically had the logged in user to the list that it worked.  Then I knew I could always go back and delete that account from the list if necessary.

 

I, too, questioned if we purchased the right solution, right off the bat.  I tried encrypting my laptop right away and it failed on me and then a few others had the issue where the keyboard and mouse locked up.  In my trial, I was on an 8 year old E5500, which is what I had laying around for a test machine, not knowing it makes a difference which model you use, and I was very much annoyed when the newer models started not working for me.  But I haven't since experienced issues since getting that patch and fixing that active account issue.

Share this post


Link to post
3 hours ago, mclawler75 said:

I'm having a TON of problems on Dell Notebooks with Kaspersky FDE.  I have tickets open for all of them (5 total so far).

If you would like to have any other issues investigated from the forum, aside from those you already have created incidents for, please specify of what nature those are. Different kind of data might be required for analysis. E.g. if a device encryption fails as incompatible even though it's not in the list and all the requirements are met, a GSI and FDE Precheck results are needed. If you experience BSOD on boot, we will need a memory dump from the failing host, etc.

Thank you.

Share this post


Link to post

To answer the original question, we have been using KL FDE for about 4.5 years.  We have 250 machines of which 120 are laptops with FDE.  We use the full AV, patch management and encryption features.  When it works it's good.  However, we are longing for our migration to W10 when we will be able to use Bitlocker instead of KL FDE.  There are too many overheads with FDE:  Every time we upgrade to the latest version we have to pull all the machines back in, decrypt them, remove the old version, install the new version and recrypt.  We have lots of problems with Dell laptops.  I currently have calls open regarding inability to add accounts, inability to remove duplicate accounts, machines encrypting when they shouldn't and FDE apparently stopping network adapters from working (reassuring to be told that FDE should not affect network - I couldn't agree more).  The support guys are generally great but the overhead is just too large.  I expect a product to just work, not to have to spend hours on each new machine running tests in order to determine which private fix I need to install.  If a fix is needed then it should be included in an automatic update and installed by the product as required; it should not be necessary to find it and tailor each installation.  We are currently running 10.3.0.6294.  I hope that helps.

Edited by simmitc

Share this post


Link to post

While I use Kaspersky products for 10+ years no I wouldn't dare to use their FDE, especially taking into consideration reports about "major windows updates fail", "KES version update fails", "you have to decrypt and later reencrypt for version update".

And with Dell Latitude 7x80 I have catastrophic BSOD experience... I am not sure it is due to KES (10.3.0.6294 mr1.mr2) or not but it's a fact... even worse experience with private fix application (nearly unrecoverable Windows 10 after installing next pf over a previous one), again not sure (suspecting non-default USB Attack blocker component installed)... And I do not have time and will to sit and collect the tons GSI-s in deeper and deeper mode (while you go down deeper and deeper from 1st line support).

So OPAL-managed self-encrypting drives is my choice for FDE instead, although I have to admit that their centralized management, at least, recovery management, is either painful (if you try to utilize BitLocker for hardware FDE) or expensive (using enterprise versions of relevant software). Fortunately with ~100 workstations at hand I can manage recovery-in-need manually.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.