Help for disk encryption for windows

acastro · April 12, 2021

I need to encrypt a notebook. I followed the help, created a policy to encrypt the laptop's hard drive and activated it. appears completed, but when the notebook is restarted, it does not display the pre-boot screen.

I am using KSC 12 on a Windows Server 2012. The notebook is Windows 10, I'm using KES 11.6 for Windows + Network Agent.

I chose Kaspersky Disk Encryption, Encrypt all hard drives and users mode and checked All domain accounts on the computer! Only that. I saved and waited for the execution of the policy. The policy seems to be successfully implemented! But the notebook does nothing, it shows that it is only updated! I restart the notebook and it does nothing!

Can someone help me?

Cesare · April 13, 2021

Hi,

first: did you install FDE module?
Second: did you close the black locks within KES policy encryption section?
Third: looking at this machine’s events (within KSC Console, i mean), are there any entries related to encryption errors?
Fourth: KSC Console>select the testing machine….what does the “Encryption status” field state within the gray left pane?

Cesare

acastro · April 13, 2021

How can I tell if the FDE module is installed? So far I have only used the FDE Test Utility 11.6.
There is no block between KSC and KSE. The encryption status is as follows: No encryption policy specified. However, I created the policy and enabled data encryption.
At KSC there is no event on cryptography, it is as if I have not been enabled.
Note: Forgive any typos, I am using google translator to communicate.

Cesare · April 13, 2021

How can I tell if the FDE module is installed? So far I have only used the FDE Test Utility 11.6.

There is no block between KSC and KSE. The encryption status is as follows: No encryption policy specified. However, I created the policy and enabled data encryption.

At KSC there is no event on cryptography, it is as if I have not been enabled.

Note: Forgive any typos, I am using google translator to communicate.

FDE driver is klfde.sys and is stored within %systemroot%\System32\Drivers\ path: check if it’s present or not.
The open an administrative cmd session and execute this command:
sc query klfde.sys
The output will be self-explanatory
Not “blocks” but “locks” :)
If the status is “no encryption policy specified” there might be a problem with the policy application itself (either the FDE module has not been installed at all or the policy has not been properly edited...black locks not locked, for example)
“so far i’ve used the FDE test tool only”….but you wrote you’re working with KES! Have you installed KES for Windows or not?

acastro · April 13, 2021

How can I tell if the FDE module is installed? So far I have only used the FDE Test Utility 11.6.

There is no block between KSC and KSE. The encryption status is as follows: No encryption policy specified. However, I created the policy and enabled data encryption.

At KSC there is no event on cryptography, it is as if I have not been enabled.

Note: Forgive any typos, I am using google translator to communicate.

FDE driver is klfde.sys and is stored within %systemroot%\System32\Drivers\ path: check if it’s present or not.
The open an administrative cmd session and execute this command:
sc query klfde.sys
The output will be self-explanatory

Not “blocks” but “locks” :)
If the status is “no encryption policy specified” there might be a problem with the policy application itself (either the FDE module has not been installed at all or the policy has not been properly edited...black locks not locked, for example)

“so far i’ve used the FDE test tool only”….but you wrote you’re working with KES! Have you installed KES for Windows or not?

KES for Windows is installed and configured. I am using the KES for Windows 11.6.0.394 (Lite encryption) package. I used the FDE Test Utility to check if the notebook is compatible with Kaspersky Endpoint Full Disk Encryption.
I performed some tests and apparently the FDE module is not being installed automatically. What would be the way to install manually?

Cesare · April 14, 2021

Hi,

FDE, FLE and Bitlocker Management are not installed automatically: you have to configure the installation package in advance (of course if you’re deploying KES via KSC).
In order to add FDE module the easiest way is to create and run a “Change application components” task from KSC (it’s a task related to KES for Windows)

Cesare

acastro · April 14, 2021

Hi,

FDE, FLE and Bitlocker Management are not installed automatically: you have to configure the installation package in advance (of course if you’re deploying KES via KSC).
In order to add FDE module the easiest way is to create and run a “Change application components” task from KSC (it’s a task related to KES for Windows)

Cesare

Thank you for your help. I managed to encrypt the notebook. Now just do some tests and put it into production. Thank you very much.

Help for disk encryption for windows

Recommended Posts

acastro

Link to comment

Share on other sites

Cesare

Link to comment

Share on other sites

acastro

Link to comment

Share on other sites

Cesare

Link to comment

Share on other sites

acastro

KES for Windows is installed and configured. I am using the KES for Windows 11.6.0.394 (Lite encryption) package. I used the FDE Test Utility to check if the notebook is compatible with Kaspersky Endpoint Full Disk Encryption.

I performed some tests and apparently the FDE module is not being installed automatically. What would be the way to install manually?

Link to comment

Share on other sites

Cesare

Link to comment

Share on other sites

acastro

Link to comment

Share on other sites

Forum

Products

Support

Personal Account