Symantec Endpoint Encryption v11.0.1 [ Knowledge Base ]
Best practices to follow prior to performing Symantec Disk Encryption
The following best practices are recommended for preparing to encrypt your disk with Symantec Drive Encryption.
Please follow the recommendations below to protect your data during and after encryption.
Before you encrypt your disk, there are a few tasks you must perform to ensure successful initial encryption of the disk.
1. Determine whether your target disk is supported.
The Drive Encryption secures your desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. CD-RW/DVD-RWs are not supported using Drive Encryption.
Supported Disk Types
• Desktop or laptop disks, including solid-state drives (either partitions, or the entire disk).
• External disks, excluding music devices and digital cameras.
• USB flash disks.
• GPT partitions with UEFI: Refer to article TECH203071 for more details and requirements on UEFI support and Symantec Drive Encryption (Windows 7 UEFI is supported only with 64-bit and Symantec Drive Encryption 10.3.2 and above).
• The following formatted disks or partitions are supported: 04 (FAT16), 06 (FAT16B), 07 (NTFS), 0B (FAT32).
Unsupported Disk Types
• Dynamic disks.
• SCSI/SAS drives/controllers.
• Software RAID disks.
• Diskettes and CD-RW/DVD-RWs.
• exFAT formatted disks.
• Any configuration where the system partition is not on the same disk as boot partition.
2. Confirm operating system support.
The following operating systems are supported with Symantec Drive Encryption.
Note: See the following article TECH203071 - Running Symantec Encryption Desktop on Microsoft Windows 8 UEFI Systems for more information on using Drive Encryption on Windows 8 systems.
• Windows 8/8.1 Enterprise (32-bit and 64-bit versions)
• Windows 8/8.1 Pro (32-bit and 64-bit editions)
• Windows 7 (all 32-bit and 64-bit editions, including Service Pack 1)
• Windows XP Professional 32-bit (Service Pack 2 or 3)
• Windows XP Professional 64-bit (Service Pack 2)
• Windows XP Home Edition (Service Pack 2 or 3)
• Microsoft Windows XP Tablet PC Edition 2005 SP2
• Windows Vista (all 32- and 64-bit editions, including Service Pack 2)
• Windows Server 2003 (Service Pack 1 and 2)
3. Back up the disk before you encrypt it.
Before you encrypt your disk, be sure to back up the data so that no data will be lost if your laptop or computer is lost, stolen, or you are unable to decrypt the disk. Also be sure to make regular backups of your disk.
4. Ensure the health of the disk before you encrypt it.
Before you attempt to use Drive Encryption, use any scan disk utility that has the ability to perform a low-level integrity check and repair any inconsistencies with the drive that could lead to CRC errors. Third-party software such as SpinRite or Norton Disk Doctor can correct errors that would disrupt the encryption of the disk.
Note: As a best practice, highly fragmented disks should be defragmented before you attempt to encrypt the disk.
Before starting Encryption Process check for Power Options, Disable Hibernation and Sleep mode.
5. Create a recovery disk.
While the chances are extremely low that a master boot record could become corrupt on a boot disk or partition protected by Drive Encryption, it is possible. Before you encrypt a boot disk or partition using Drive Encryption, create a recovery disk.
6. Be certain that you will have AC power for the duration of the encryption process.
Because encryption is a CPU-intensive process, encryption cannot begin on a laptop computer that is running on battery power.
Do not remove the power cord from the system before the encryption process is over.
7. Perform Disk Recovery on Decrypted Disks.
Where possible, as a best practice, if you need to perform any disk recovery activities on a disk protected with Drive Encryption, it is recommended that you first decrypt the disk.
Do this using one of the following: Symantec Encryption Software, using your prepared Recovery Disk.
Once the disk is decrypted, proceed with your recovery activities.
Warning: Do not attempt to decrypt the drive more than once using the recovery disk - doing so will cause file corruption and make any data on the drive unrecoverable.