Jump to content

Help for disk encryption for windows


Go to solution Solved by Cesare,

Recommended Posts

Posted

 

I need to encrypt a notebook. I followed the help, created a policy to encrypt the laptop's hard drive and activated it. appears completed, but when the notebook is restarted, it does not display the pre-boot screen.

 

I am using KSC 12 on a Windows Server 2012. The notebook is Windows 10, I'm using KES 11.6 for Windows + Network Agent.

 

I chose Kaspersky Disk Encryption, Encrypt all hard drives and users mode and checked All domain accounts on the computer! Only that. I saved and waited for the execution of the policy. The policy seems to be successfully implemented! But the notebook does nothing, it shows that it is only updated! I restart the notebook and it does nothing!

 

Can someone help me?

Posted

Hi,

first: did you install FDE module?
Second: did you close the black locks within KES policy encryption section?
Third: looking at this machine’s events (within KSC Console, i mean), are there any entries related to encryption errors?
Fourth: KSC Console>select the testing machine….what does the “Encryption status” field state within the gray left pane?

Cesare

Posted
  • How can I tell if the FDE module is installed? So far I have only used the FDE Test Utility 11.6.
  • There is no block between KSC and KSE. The encryption status is as follows: No encryption policy specified. However, I created the policy and enabled data encryption.
  • At KSC there is no event on cryptography, it is as if I have not been enabled.
  • Note: Forgive any typos, I am using google translator to communicate.
Posted
  • How can I tell if the FDE module is installed? So far I have only used the FDE Test Utility 11.6.
  • There is no block between KSC and KSE. The encryption status is as follows: No encryption policy specified. However, I created the policy and enabled data encryption.
  • At KSC there is no event on cryptography, it is as if I have not been enabled.
  • Note: Forgive any typos, I am using google translator to communicate.
  • FDE driver is klfde.sys and is stored within %systemroot%\System32\Drivers\ path: check if it’s present or not. 
    The open an administrative cmd session and execute this command:
    sc query klfde.sys
    The output will be self-explanatory
  • Not “blocks” but “locks” :)
    If the status is “no encryption policy specified” there might be a problem with the policy application itself (either the FDE module has not been installed at all or the policy has not been properly edited...black locks not locked, for example)
  • “so far i’ve used the FDE test tool only”….but you wrote you’re working with KES! Have you installed KES for Windows or not?
Posted
  • How can I tell if the FDE module is installed? So far I have only used the FDE Test Utility 11.6.
  • There is no block between KSC and KSE. The encryption status is as follows: No encryption policy specified. However, I created the policy and enabled data encryption.
  • At KSC there is no event on cryptography, it is as if I have not been enabled.
  • Note: Forgive any typos, I am using google translator to communicate.
  • FDE driver is klfde.sys and is stored within %systemroot%\System32\Drivers\ path: check if it’s present or not. 
    The open an administrative cmd session and execute this command:
    sc query klfde.sys
    The output will be self-explanatory
  • Not “blocks” but “locks” :)
    If the status is “no encryption policy specified” there might be a problem with the policy application itself (either the FDE module has not been installed at all or the policy has not been properly edited...black locks not locked, for example)
  • “so far i’ve used the FDE test tool only”….but you wrote you’re working with KES! Have you installed KES for Windows or not?
  • KES for Windows is installed and configured. I am using the KES for Windows 11.6.0.394 (Lite encryption) package. I used the FDE Test Utility to check if the notebook is compatible with Kaspersky Endpoint Full Disk Encryption.
     

  • I performed some tests and apparently the FDE module is not being installed automatically. What would be the way to install manually?

  • Solution
Posted

Hi,

FDE, FLE and Bitlocker Management are not installed automatically: you have to configure the installation package in advance (of course if you’re deploying KES via KSC).
In order to add FDE module the easiest way is to create and run a “Change application components” task from KSC (it’s a task related to KES for Windows)

Cesare

Posted

Hi,

FDE, FLE and Bitlocker Management are not installed automatically: you have to configure the installation package in advance (of course if you’re deploying KES via KSC).
In order to add FDE module the easiest way is to create and run a “Change application components” task from KSC (it’s a task related to KES for Windows)

Cesare

 

Thank you for your help. I managed to encrypt the notebook. Now just do some tests and put it into production. Thank you very much.

Guest
This topic is now closed to further replies.


×
×
  • Create New...