HOW TO: Add a PCI device exclusion using Symantec Drive Encryption (formerly PGP WDE) Command Line

Article:HOWTO84077  |  Created: 2013-04-29  |  Updated: 2013-05-09  |  Article URL http://www.symantec.com/docs/HOWTO84077
Article Type
How To



 

This can be useful when you have a laptop that is docked on a docking station or other USB devices attached to the system (such as a USB webcam), or else an PCI Express Raid Card, an internal smart card reader, etc. Anything that uses a PCI device ID. This will allow you to exclude this device from BootGuard. This is most commonly used to address a problem with USB token initialization at the preboot authentication screen known as BootGuard due to conflicts with this other USB device but can also be used to disable other devices at the BootGuard preboot screen.
 
Here is how to add an exclusion for a PCI device.
 
As an example: USB Host Controller, thereby excluding the USB Host Controllers from being probed by BootGuard at startup.
 
To add an exclusion, do the following:
 
Determine the Device Id and Vendor Id of the USB Controller or device
 
Gather the Device Id and Vendor Id for the device on your system. The Device Id and Vendor Id information is available in the Windows Device Manager.
 
If the problem is with a USB device. You can also use a freeware utility such as USBlyzer or a Linux Live CD to obtain this information using a command such as: lspci on Linux.
 
To obtain this information using Windows Device Manager:
 
  • Right-click My Computer and select Properties or by clicking the System icon in the Control Panel
  • Click the Hardware tab and select the Device Manager button
  • The Device Manager screen is displayed
  • Expand the PCI device (ie. USB Host Controller, Smart Card Reader, Raid controller, etc).
  • Right-click on the device and select Properties
  • Click the Details tab, notice and record the numbers following VEN and DEV in the Device Instance Id details
 
In the following example, the VEN_8086 and DEV_2688 entries report the vendor and device Id for the controller.
 
    Example: PCI\VEN_8086&DEV_2688&SUBSYS_01C11028&REV_09\3&.....
    
Click each of the PCI Devices on the system (or find the problematic device) and record the vendor and device IDs.
 
Exclude the USB Host Controller or problematic PCI device: 
  • Use the pgpwde command line tool to exclude the PCI device from the BootGuard probing using Symantec Drive Encryption Command Line and run the following commands:
 
Windows XP
 
   - Click Start>All Programs>Run.
    - Type cmd and click OK.
    - At the command prompt, change to the PGP Desktop directory.
 
    cd\
    cd program files\pgp corporation\pgp desktop
 
    -Type: pgpwde.exe --disk 0 --add-pci-exclusion --id Vendor Id:Device Id.
 
    Example: pgpwde.exe --disk 0 --add-pci-exclusion --id 8086:2688
 
   - Press Enter.
    - You can confirm the exclusion of the device by typing PGPwde.exe --disk 0 --list-pci-exclusions.
    - Close the command prompt.
 
Windows Vista or Windows 7
 
 
    - Click Start.
    - In the Start Search field, type cmd and press Enter.
    - Click cmd from the displayed Programs list.
    - At the command prompt, change to the PGP Desktop directory.
    cd\
    cd program files\pgp corporation\pgp desktop
 
    - Type: pgpwde.exe --disk 0 --add-pci-exclusion --id Vendor Id:Device Id.
 
    Example: pgpwde.exe --disk 0 --add-pci-exclusion --id 8086:2688
 
    - Press Enter.
    - You can confirm the exclusion of the PCI Device by typing PGPwde.exe --disk 0 --list-pci-exclusions
    - Close the command prompt.


Article URL http://www.symantec.com/docs/HOWTO84077


Terms of use for this information are found in Legal Notices