What protects the Encryption Anywhere Master Boot Record and volume files?

Article:TECH151388  |  Created: 2006-09-19  |  Updated: 2007-01-31  |  Article URL http://www.symantec.com/docs/TECH151388
Article Type
Technical Solution


Issue



What protects the Encryption Anywhere Master Boot Record and volume files?

Solution



Question:
What mechanisms are used to protect the Encryption Anywhere volume files (within the EA File System - EAFS) and the Encryption Anywhere MBR that is created during the installation of EAHD?

Answer:
Encryption Anywhere Hard Disk works in the same manner that Encryption Plus Hard Disk but uses different filenames.

During the installation of EAHD, the Windows MBR is moved to a location known only to EAHD and an EAHD MBR is put in its place. The EAHD MBR includes a sector map of the entire hard disk and knows the locations of the the Encryption Anywhere File System (EAFS) and it volume files. This special EAHD MBR enables access to the EAFS volume files used for Authenticating users and initiating the encryption/decryption device driver so the data on the hard disk can be accessed.

It is essential that the EAHD MBR and EAFS volume files are protected from access by any other means and are not moved by Defragment Programs or any other software. The eafsprot.sys device driver is the mechanism used to protect the EAHD MBR and EAFS volume files. The eafsprot.sys driver is loaded at boot time by a Windows boot loader. Therefore the protection of EAHD MBR and EAFS volume files is present even in Safe Mode. Defragment Programs will not be able to move any portions of (and thereby eliminate access to) the EAFS volume files.


Legacy ID



903


Article URL http://www.symantec.com/docs/TECH151388


Terms of use for this information are found in Legal Notices