Endpoint Encryption

Hello Guys,
Good morning,

Unfortunately I made a newbie error,
Basically I formatted a Laptop without decrypt the second partition, so now the file system It is showing as RAW, It has sensative and important data that I would like to recover.

Could you please help me?

Software: Endpoint Encryption 11.0.0

Operating System:  Windows 7 x64

What was done already:

1. Removed the HD from the laptop and attached to a computer running Endpoint 11.1.3

> Boot with WinPE USB

> eedrecoverygui.exe: Disk 1 not showing as an option to decrypt

2. EaseUS Data Recovery Wizard 8.6 used and I have the data but It is encrypted

3. Tried to follow the Article: Symantec Endpoint Encryption: Technical Note for Recovering Encrypted Disks Using Windows Preinstallation Environment (PDF)

> ADK 10 Installed

> eedadmincli command is not recognized after booting with WinPE

Any ideas? Thank you in advance,

Best regards

Hi Ruben,

Formatting a drive generally deletes all the info, and Symantec don't have a product to recover deleted files like that.

You'd have to look at a 3rd party software application to do this as you have. It can actually get expensive depending on what you choose, or if you go through a support company who specialises in this.

Thanks!

I'd recommend you log a case with Symantec to investigate.

In deleting the primary partition, you've removed the keys from the machine that would've allowed the recovery disk to access the 2nd partition.  In older versions of SEE, it was possible to export the keys from the Management Server, and use this with the recovery disk to decrypt a drive that has lost all its keys.

I don't know if this is still possible in SEE (as there is no longer a documented option to tell the recovery disk to use a specific key file), but it's worth asking Symantec.

Otherwise, you're back to CragEV's suggestion of fidning an external party to try to crack the encryption.