Endpoint Encryption

 View Only

  • 1.  FTP'd files will not encrypt

    Posted Apr 22, 2015 02:51 AM

    Hi,

     

    As the title states, none of my FTP'd files automatically encrypt when arriving in a folder that is encrpyted.

    • The File Share has listed under the "Symantec File Share" tab, the administrator key and the Group key for the folder that is encrypted.
    • The files are FTP'd to the encrypted folder using a 3rd party software (GoAnywhere).
    • Once FTP'd, I would expect those files to automatically encrypt.
    • Files that are moved or created manually to the same encrypted folder are automatically encrypted successfully with the encrypted access inheriting from the parent folder, even with an account that is not enrolled to the Symantec Encryption Management Server.
    • I've tried to fix this by selecting "Force the encryption of files in the following folders" for that particular consumer policy.
    • Then it successfully encrypts the files. However, it randomly chooses a member of the group key to add to the encrypted access on the files instead of following the encrypted access list that is set on the parent folder - why is that?
    • This means that as an administrator, I cannot manage the encryption on those files - ever!
    • I've tried to fix this by enrolling the service account (used for ftp processes) with the encryption server. I've even tried to change the account to the Encryption Administrator account. These steps have not solved the issue.

     

    Any help would be greatly appreciated.

     

    Server version 3.3.1 - problem still occurs on 3.3.2MP8

    Encryption Desktop version 10.3.1 - problem still occurs on 10.3.2MP8



  • 2.  RE: FTP'd files will not encrypt

    Posted Apr 22, 2015 06:50 PM

    Files will not encrypt unless there is an active session to that folder from a user that has Encryption Desktop installed.  This is the reason for the files not automatically encrypting.

    I would recommend not using the "Force the encryption of files in the following folders" option.  It will actually override the existing encryption access list from the folder, encrypting to the master keys of the first user to open an active session with that folder after the files are saved in that location.

    If the FTP server is running Windows, you could possibly install SED on that system, so there could be an open session for that SED user when it transfers the files over.



  • 3.  RE: FTP'd files will not encrypt

    Posted Apr 22, 2015 09:09 PM

    Thanks Mike,

    I'll remove the forcing of file encryption.

    I'm interested in your suggestion to install SED on the server - it's running Windows 2008.However, I don't want the service account to be constantly logged on to the server just to have a SED session running.

    Is there any way this can be achieved without having the service account physically logged onto the server?