Endpoint Encryption

Hello,

we have a problem with the PGP WDE on one notebook. It always boots into the Windows Recovery after we encryted it.

Notebook: Lenovo S540

PGP Desktop Version: 10.2

Thank you in in anticipation!

It won't be bootguard that's causing this.  When you authenticate, it simply allows access to the MBR, which is followed as normal.  If the MBR wants you to boot into recovery mode, then it will do so.  I suggest after authenticating to press F8 then boot into windows normally.  Then restart and try and boot up as normal.

What OS is on the system?  I see the post tagged as Windows 7, but I just want to verify.  Is it Windows 7?  32- or 64-bit?

Just to verify the issue as well, you install successfully, and reboot successfully, then after beginning encryption it goes to Windows Recovery on reboot?  Does it show Bootguard, then go to recovery after a successful authentication?

What security software or antivirus programs do you have running?  Some antivirus software does try to prevent modification of the boot sector, which can cause Windows to enter recovery after encryption begins, since we modify the boot sector during instrumentation.  Some of the data may have been moved, but enough might remain to allow Windows to detect that there is a Windows installation, and some boot files are "missing".

Sorry for my late feedback. I was on holiday.

F8 does not work because it could not detect a Windows installation and always boots into Windows Recovery Mode after encryption. But it worked correctly before encryption. It shows the Bootguard before it boots into Recovery Mode.

It is a Windows 7 64-bit. The AV is SEP.

Thank you!

Were you using System Lockdown or Host Integrity with SEP?

Can you boot into windows normally after recovery mode ?

No we don't use System Lockdown or Host Integrity.

Here are some pictures of Windows recovery mode. We cannot boot Windows normally after recovery mode because it could not detect a OS.

Attachment(s)

Recovery_Pictures.zip   3.64 MB 1 version

I suggest trying to boot into command prompt, and using the pgpwde --decrypt command to decrypt the drive, this may enable you to get into the computer at least to be able to fix it.  Click on the "View advanced options for system recovery and support" and select the command prompt.

Then try and decrypt the drive : pgpwde --decrypt --disk # --p passphrasehere

We cannot reach the file system over the Command prompt.

Have you tried slaving the drive of this machine into another machine with PGP on to gain access to it that way?

If you've done that with no luck I think you're only left with using the recovery iso image to force a decrypt.

Montgomery,

I understand that you are experiencing issues where the window bootloader is not acting properly. In this case, we recommend decrypting the drive and performing any troubleshooting with the bootloader after decryption has happened. If there is any important data, you'll want to make sure you back it up after decrypting, before troubleshooting any remaining problems. Alex is correct that in order to do this you will need to either remove and slave the drive of this machine to another computer with PGP, or boot from a recovery CD and decrypt the drive that way. I will include some links to the recovery process below.



Drive Encryption Diagnosis and Recovery - Symantec Drive Encryption & PGP Whole Disk Encryption - http://www.symantec.com/docs/TECH149679

The above article is fairly large, so I'll go ahead and provide some relevant excerpts for you as well.

SECTION 3 - Using Recovery Disk Images (bootg.iso or bootg.img)

Warning: Use of the recovery disks should be used as the last step when attempting recovery.  Should there be a power loss while decrypting with the recovery disk, the result to the disk could be fatal and non-recoverable. It is also highly recommended to use the latest recovery disk available for the version you are running

• PGP Desktop 10.2.x for Windows Recovery Disk Images - http://www.symantec.com/docs/TECH176201

Caution: Users with extended partitions on their hard disks that were encrypted should ONLY use the latest available Recovery disk for your version. Prior versions could cause these partitions to no longer be visible to Windows after fully decrypting the disk.

Once you have started to decrypt a disk or partition using a recovery CD, do not stop the decryption process. Depending on the size of the disk being decrypted, this process can take a long time. A faster way to decrypt the drive is to use another system that has the same version of Encryption Desktop\PGP Desktop installed on it.
 

Use the Recovery Disk with the following instructions should the system not boot into Windows for any other reasons:

The Symantec Encryption Desktop for Windows User's Guide provides instructions for creating recovery disks.

1. Boot the system with the recovery disk.
2. When prompted, press any key to continue. Drive Encryption Recovery searches for user records and prompts to press any key when the records are found.
3. Press any key to continue.
4. On the PGP BootGuard screen, enter the passphrase and user name, if required.
5. Press D to decrypt the drive. Drive Encryption Recovery starts decrypting your disk.
    

Note: Decrypting using a Recovery disk might take considerably more time than it does from within Windows.

____________

I hope this has helped you.
- Phil