Jump to content
Kaspersky Support Forum

Encrypted machine is unable to boot into Windows after FDE [KES for Windows]

Antipova Anna
 Share

Recommended Posts

Antipova Anna

Antipova Anna

Posted
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Version: KES 11.*

Scenario:

You're unable to boot into encrypted machine after FDE applied due to some problems with preboot agent or operating system. 

The the safest and one of the most trivial options to restore the data from encrypted hdd or decrypt it 'in place' is going through KES related ‘challenge-response’ procedure using another (i.e. proxy) machine with KES and FDE installed.

  1. KSC 11
  2. HostA with KES 11.1 (corrupted hdd with FDE policy applied)
  3. HostB with KES 11.1  (recovery host)

* KES version should be the same or higher than the one used on the affected PC and with the same AES module, it should be managed by the same KSC server but initially without FDE policy applied.

Solution:

  1. Disconnect encrypted hdd from HostA.

  2. Connect encrypted drive to HostB as a secondary.
  3. HostB is installed with KES and FDE but no FDE policy applied (DO NOT apply encryption policy to HostB once secondary hdd connected to avoid multiple encryption which will cause data corruption).

  4. The following pop-up window will appear once attempt to access the encrypted hdd:

    image.png.0ad52b432fab6446a73553e6b572fd70.png

  5. Save the file.

  6. On KSC, find the HostB. Right-click its property -> click on "Grant access in offline mode" -> navigate to "Data Encryption" tab:

    image.thumb.png.b99c11a82e20cf85596c5c23aa12064c.png

  7. Browse and select the saved "challenge file".

  8. You will be prompted to save the "response file".

  9. At HostB KES console, you can see a notification at the bottom, click at notification and input the "response file" you saved from KSC.

  10. You can access the encrypted hdd from HostB. Transfer all important data you want to restore to another backup drive or deploy Kaspersky FDE 'Decrypt all hard drives' policy to the proxy-computer (HostB) in order to decrypt the 'affected' drive connected as a secondary.

  11. The previously encrypted hdd can be connected back to HostA as primary in case it was decrypted successfully and the disk is healthy. 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...