Symantec Endpoint Encryption v11.0.1 [ Knowledge Base ]

Best practices to follow prior to performing Symantec Disk Encryption 

The following best practices are recommended for preparing to encrypt your disk with Symantec Drive Encryption.

Please follow the recommendations below to protect your data during and after encryption.

Before you encrypt your disk, there are a few tasks you must perform to ensure successful initial encryption of the disk.

1. Determine whether your target disk is supported.

The Drive Encryption secures your desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. CD-RW/DVD-RWs are not supported using Drive Encryption.

Supported Disk Types
•    Desktop or laptop disks, including solid-state drives (either partitions, or the entire disk).
•    External disks, excluding music devices and digital cameras.
•    USB flash disks.
•    GPT partitions with UEFI: Refer to article TECH203071 for more details and requirements on UEFI support and Symantec Drive Encryption (Windows 7 UEFI is supported only with 64-bit and Symantec Drive Encryption 10.3.2 and above).
•    The following formatted disks or partitions are supported: 04 (FAT16), 06 (FAT16B), 07 (NTFS), 0B (FAT32).

Unsupported Disk Types
•    Dynamic disks.
•    SCSI/SAS drives/controllers.
•    Software RAID disks.
•    Diskettes and CD-RW/DVD-RWs.
•    exFAT formatted disks.
•    Any configuration where the system partition is not on the same disk as boot partition.
 

2. Confirm operating system support.

The following operating systems are supported with Symantec Drive Encryption.
Note: See the following article TECH203071 - Running Symantec Encryption Desktop on Microsoft Windows 8 UEFI Systems for more information on using Drive Encryption on Windows 8 systems.
•    Windows 8/8.1 Enterprise (32-bit and 64-bit versions)
•    Windows 8/8.1 Pro (32-bit and 64-bit editions)
•    Windows 7 (all 32-bit and 64-bit editions, including Service Pack 1)
•    Windows XP Professional 32-bit (Service Pack 2 or 3)
•    Windows XP Professional 64-bit (Service Pack 2)
•    Windows XP Home Edition (Service Pack 2 or 3)
•    Microsoft Windows XP Tablet PC Edition 2005 SP2
•    Windows Vista (all 32- and 64-bit editions, including Service Pack 2)
•    Windows Server 2003 (Service Pack 1 and 2)

3. Back up the disk before you encrypt it.

Before you encrypt your disk, be sure to back up the data so that no data will be lost if your laptop or computer is lost, stolen, or you are unable to decrypt the disk. Also be sure to make regular backups of your disk.

4. Ensure the health of the disk before you encrypt it.

Before you attempt to use Drive Encryption, use any scan disk utility that has the ability to perform a low-level integrity check and repair any inconsistencies with the drive that could lead to CRC errors. Third-party software such as SpinRite or Norton Disk Doctor can correct errors that would disrupt the encryption of the disk.  
Note: As a best practice, highly fragmented disks should be defragmented before you attempt to encrypt the disk.

• Power Options

Before starting Encryption Process check for Power Options, Disable Hibernation and Sleep mode.

5. Create a recovery disk.

While the chances are extremely low that a master boot record could become corrupt on a boot disk or partition protected by Drive Encryption, it is possible. Before you encrypt a boot disk or partition using Drive Encryption, create a recovery disk.

6. Be certain that you will have AC power for the duration of the encryption process.

Because encryption is a CPU-intensive process, encryption cannot begin on a laptop computer that is running on battery power.

Do not remove the power cord from the system before the encryption process is over.

7. Perform Disk Recovery on Decrypted Disks.

Where possible, as a best practice, if you need to perform any disk recovery activities on a disk protected with Drive Encryption, it is recommended that you first decrypt the disk.

Do this using one of the following: Symantec Encryption Software, using your prepared Recovery Disk.

Once the disk is decrypted, proceed with your recovery activities.

Warning: Do not attempt to decrypt the drive more than once using the recovery disk - doing so will cause file corruption and make any data on the drive unrecoverable.

1. Open Deployment and Imaging Tools Environment (Run As Administrator)

If you don’t have to obtain and install from the following link

• Download WinPE: https://www.microsoft.com/en-us/download/details.aspx?id=30652

2. Creating Image

• For 32-bit Windows environment

           copype.cmd x86 C:\winpe

• For 64-bit

           copype.cmd amd64 C:\winpe

Above Commands creates the windows PE Image at C:\winpe

3. Installing the Symantec Endpoint Encryption Drive Encryption tools

To install SEE Tools

From computer running Drive Encryption, copy the following files and paste them to c:\eede folder  ( Create eede folder in C: Drive If You Can't Fine It )

• C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\*
• %SYSTEMROOT%\system32\drivers\eed*.sys
• %SYSTEMROOT%\system32\shfolder.dll ( If you are running > 11.0.1 )

Make the winpe folder your current working directory using the following command

cd c:\winpe

4. Now Download the eede.zip folder from the following link

https://support.symantec.com/en_US/article.TECH223783.html

5. Extract eede.zip into c:\winpe and run following command

eedpe.bat winpe.wim c:\eede

6. Copy the file c:\winpe\winpe.wim to c:\winpe\media\sources\boot.wim

Overwrite the old boot.wim file.

To do this Run Following Command

Xcopy /y c:\winpe\winpe.wim c:\winpe\media\sources\boot.wim

7. Creating a bootable ISO file and USB flash drive

1. Open Deployment and Imaging Tools Environment Command prompt ( Run As Administrator )

2. Run the following command to create ISO

          MakeWinPEMedia /UFD C:\WinPE E: (Where E: is USB Drive )

Press Enter

Press Y and Enter

Done, be patient It will take some time.

Verify the working of the bootable disk via booting from it once.

Steps to Follow.

1. Boot From WInPE Recovery Media USB.

If you don't know about WinPE recovery media Refer https://support.symantec.com/en_US/article.TECH223783.html

=> Type following command to check disk status.

eedAdminCli --disk 0 --status --au username --ap password

(Please Enter Actual Admin username & Password above)

2. Find Out users of client machine

=> List User: The --list-userscommand lists user information for all registered users.

3. Start eedRecoveryGui.exe From Command Line.

Command: eedRecoveryGui.exe

Click NEXT to decrypt full disk.

Select Disk to Decrypt

You can Chose one of the below method.

Select Client Admin & Enter Administrator UserName and Password, Enter the relevant Information and press Next.

Now It will start decrypting Disk.

Most Important: Be Patient It will take a long time to decrypt whole disk. ( Depends on your Drive size but still minimum 5-6 Hours  )

Successful Decryption.

Done.

We can upgrade Symantec Messaging Gateway (SMG) without Internet access.

Since version 10, we can upgrade SMG locally.

Here are the steps:

Preparation:

1. Install IIS on a Windows OS which located on the same network of the SMG

2. Expand the Default Web Site of the IIS, double-click the 'MIME Types':

3. Click 'Add' of the MIME Types:

4. Input '.iso' of the 'File name extension', for the 'MIME type', input 'text/plain':

5. Click OK to save the MIME types.

6. Copy the SMG OS restore ISO, for example Symantec_Messaging_Gateway_OSrestore_10.5.4-4_Linux_Int.iso to the root folder of the IIS

You can change the name of the ISO to a short one for convenience.

After the IIS prepared, we can start the local upgrade of the SMG.

7. Log into SMG command line as admin

8. Type the following command:

update localinstall http://<IPAddressOfTheIIS>/SMG1054.ISO

9. Type y to continue:

10. The SMG will start to download the ISO to local from the IIS:

11. After the download completed, the SMG will start to verify the signature of the package:

An invalid signatures will cause upgrade to abort with an error。

12. All the verified packages will be copied to a tmp location:

13. The upgrade process will be started:

14. Type space to continue to review the license agreement:

15. Type y to accept the license agreement:

16. The upgrade script start:

17. After the upgrade finished, there will be a summary and the SMG will be rebooted automatically:

After the SMG rebooted, it will take several minutes for the SMG to change and display as the new version.

Endpoint security is a critical component in an organization's security program and is needed to gain the visibility necessary to rapidly detect threats and contain them before criminals gain access to critical resources. 



Join us for an interactive discussion and learn more about 



• How emerging security technologies are helping organizations defend against targeted attacks that use zero-days and evasion tactics to evade detection 

• What technologies typically make up modern threat protection solutions and how they enable incident responders to quickly identify infected endpoints and determine the scope of an attack 

• Why endpoint visibility must be combined with network, web, and messaging security solutions to create a security architecture that works cohesively to reduce the amount of time an attacker has on infected systems 

• How risk assessment plays a role in strengthening your security to preempt future attacks 



Speakers: Robert Westervelt is a Research Manager at IDC Security and Alejandro Borgia, VP Product Management at Symantec

Register Today: http://bit.ly/Symantecevents

Topic: Securing Regional Banking with ITS and Symantec

Speaker: Matt Reid, ITS VP of Risk Management

Date: Thu, Jul 7, 2016 11:00 AM - 12:00 PM EST

Details:

Regional Banks and Credit Unions are mobilizing to improve security and it’s no surprise why.

• Finance is a preferred target for cybercriminals and they are moving down market to medium sized companies and even SMBs.
• Increased pressure from Regulators is forcing lagging institutions to prove more due care and diligence.
• There is no such thing as anonymity in the Internet Age, hiding is not a viable security strategy.

Join Matt Reid, VP of Risk Management at ITS Partners to talk about the technology investments that regional financial institutions are making to bolster security.  Learn more about what peer institutions are doing to improve technology and processes, in the hopes of drawing less attention from cybercriminals and better protect the organization.

This webinar will focus on the following areas:

• Protecting the organization from advanced threats
• Protecting members and employee information from unauthorized disclosure
• Applying the right staff to operate the technologies

REGISTER TODAY

Blog Feature Image: 

ThinkstockPhotos-490926205.jpg

As a member of the Connect Community, we value your opinion about how we're doing and where we can improve. Please help us by taking this survey and tell us about your experience with Symantec Connect. One lucky winner will receive 500 Connect points!*

Take the survey.

* The winner will be selected from a random drawing of survey respondents and will be announced via this blog post on 7/15/16.

By the way, I want to know any command that can change the sso user to be windows user.

Endpoint drive encryption 11.0.1MP1

A windows 7 user already enabled SSO.

But now, I would like to change it to be windows user with the Attribute Information from S to W.

IS there any way to install sepm on lotus domino server??? Does symantec supports ?

IS there any way to push symantec client client from sepm to domino server ?

i need guidence on the above queries

Dear All,

My Symantec Manager was Down, Due to Server Issue. What will be the impact on Client Side?

Hi All,

We have noticed high disk space utlization on 10 different servers because of SEP client (Combination of SEP 12.1 RU2 and SEP 12.1 RU3 clients). While investigating it shows that the folder path C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\CmnClnt\ccSubSDK\ is accumulated with lot of files with large size and it piles up the disk space rapidly to more than 10GB and soon filling up the entire C drive space.

As a work around we have deleted the files from the above location and disabled the submission to Symantec reputation database. We have not made any changes to the SEP environment and no upgrades/patches have been installed on these servers.

Below is the event ID which shows the exact files which are filling up the hard disk space and we see these numerous events in the affected servers. Any help to investigate this issue is deeply appreciated. Not sure why Explorer.exe file is being detected as tamper protection detection security risk and why such files are being created in the above location. Please clarify. 

EVENT ID:

Scan type: Tamper Protection Scan Event: Tamper Protection Detection Security risk detected: C:\WINDOWS\EXPLORER.EXE File: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\CmnClnt\ccSubSDK\{FFFCD57B-8784-41E7-9246-24232B37FFE8} Location: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\CmnClnt\ccSubSDK Computer: AZ50MFGFGRD03 User: AZ50-CIMFDC-SVC Action taken: Leave Alone Date found: Saturday, June 25, 2016 2:09:07 PM

Regards,

Senthil Srinivasan.

When SEP for Small Business is installed, does it uninstall or otherwise render moot Windows Defender? O/S is Windows-10 Pro.

Many thanks!

 - S

Just giving everybody a heads up that SEP 12.1.6 MP5 has been released.

Looking to utilise SEP to disable clipboard functionality for secure environments. I know this is possible with DLP, but we only have SEP.

Seem to be having a problem with one client, inbound emails are received successfully, however when sending an email to this one client, users receive an NDR and the audit log shows the following error;

553 5.3.0 _dialup_reject_

Reposting to try and get traction...

Remove SEPM Java Console Timeout implemented in v12.1.5. Might be good to force a timeout for the Small Business version, but for Enterprise, we should be able to choose NEVER, or at least something longer than one hour.

I have multiple responsibilities, one of which is SEP. Having to login to the console multiple times during the day is a pain.

Hi All

Apparently our SEP client installs are not installing on machines in our Bosnia office. Is there a possible problem with regional settings? I do not have any more info at the moment. What would you need to be able to help solve this problem?

Thanks

PaulC

So I've looked long and hard for a solution to this, and I can't find one.

I had a Dell Optiplex 980 that I did my work on for the most part.  It had a 120GB SSD as the primary boot drive (with Windows and my software installed to it), and two 1TB HDD's as secondary and tertiary drives on which I did my bulk data storage.  This computer was part of a domain network, and had all drives encrypted with a managed Symantec Endpoint Encryption (version 11.1.1) client.

One day, a user who ALSO used a Dell Optiplex 980 came in and her machine didn't power up.  She came to the help desk, and I decided that I would relinquish to her my Optiplex 980 since I had some other computers with which I could do my work, and she needed to get back up and running promptly.  I simply removed my SSD, hard drives, and expansion cards, and installed her SSD and it booted up like a charm. We had plenty of Optiplex 790s lying about (and those used Sandy Bridge processors, instead of the older Nehalem ones!) so I figured I'd simply move all my parts to one of those. 

We completed the swap, our user was back in business, and I went about setting up a nice, "new" Optiplex 790 for my own use.  I reformatted my 120GB boot drive SSD and installed Windows 10 64-bit over the previous Windows 7 64-bit installation (with SEE 11.1.1 installed and configured) that had lived there.  Obviously, when I attempt to access my old hard drives, I'm met with the message, "You need to format the disk in drive D: before you can use it."  I have since re-joined the domain using my old computer name, and even after installing the Symantec Endpoint Encryption 11.1.1 64-bit client, it doesn't seem to recognize the drives.  I'm at a loss as to what to do from here.  I searched for any useful information from Symantec's knowledgebase and found this article, but looking at the management console on our sysadmin's machine - it now shows my desktop with just one hard drive, rather than three.

I will be more than a little shocked if I'm told I've just lost my data, because before this wonderful "managed" solution that we spent god knows how much money on (that was to solve all of our encryption woes), I was using Symantec Encryption Desktop 10.3.2 and manually keeping track of recovery tokens in a KeePass database and never lost so much as a kilobyte of any user's data. 

EDIT 1:  This article states plainly, "Never format “C” drive or System Boot Drive (Where OS is installed) without performing Decryption for all the drives. If “C”  drive or System Boot Drive (OS in installed) is formatted then data is unrecoverable from the remaining drives," which is positively absurd.  If this is what a "professional" and "managed" encryption solution gets us, then that's ridiculous - I was able to store old encryption tokens for individual computers and individual drives in my manually maintained KeePass database.

EDIT 2:  We went into the management console and found my old computer under "Symantec Endpoint Encryption Users and Computers > Deleted Computers > [Computer]."  It lists three drives - C, D, and E.  Hope!