Endpoint Encryption

Hi everyone,

We have Latitude 7240 systems, and have been testing with SEE 8.2.1 MP9.   After installing Symantec Endpoint Encyrption the system will reboot and full disk encryption status says "Paritions not managed by SEE"  ..  The option to Encrypt Selected Partition is grayed out.

One thing stated inside the log file EAHDCliEncrypt.log it states "CEncryptServer::GetSectorMap() - sectorMap.Lookup(0) failed."

Does anyone know some level of compatibility exists between this Latitude model and SEE, or possibly with Flexchoice product that our licenses have the option of migrating over to?

Thanks very much for your guidance!

 

In case anyone else sees this post, we were told by support SEE does not yet support handling Self Encrypting Drives (which is what we discovered were installed in the Latitude 7240 system)

 

The drives tested were Samsung SSD SM841 mSATA 256 GB, and LiteONIT LMT-256 

 

Thank you!

Were you able to get this going? I am having the same issues. I enable legacy support in bios and disable secure boot and the problem still exists. Do you have an alternate solution?

Hi Jimmy, I didn't find a great alternate solution.... Are you also using Latitude 7240? If you are using a Samsung SSD this article hints that a solution may be in the works, but finding out when is anyone's guess: http://www.symantec.com/docs/TECH186370 Dell has their own flavor of encryption management software 'Dell Data Protection' that might be worth investigating

Alright, SEE supports self-encrypting drives as managed. Since those hard drive are already encrypted by their brands, we only manage it through the SEE manager console. So if you see that the message, 'Partition is not managed by SEE', this simply means that we did not encrypt the drive, but you can manage it through our SEE console.

Hi M_Marcos, how would you manage the drive once it said "Partition is not managed by SEE" ? In my case the drive had not yet been encrypted in bios or anywhere else. Your answer is different than the one SEE Support told me when I reached out, Please provide more detail, Thank you!

I understand, if you install SEFD on a self-encrypting drive, the encryption option will be greyed out. This is why I said that SEFD will not be able to encrypt this drive again. This drive must be already encrypted. So as management point of view, like pulling up reports about this drive can be done from SEE manager. But as a encryption point of view, we cannot encrypt the drive, thus it says it is not managed by SEE.

Is there a way you can put the manufacturing details of the HDD. I would like to confirm if this is a self encrypting drive.

Let me know.

I'm afraid it looks like you might be in a bit of a pickle.

I've noticed that the old article (below) that lists all of the supported OPAL compliant self-encrypting drives has been removed for some reason.

http://www.symantec.com/docs/TECH165854

IIRC, this article only ever listed Hitachi self-encrypting drives as supported anyway (no Samsung drive support).  This is supported by the really old Symantec response below:

https://www-secure.symantec.com/connect/forums/see-82-opal-drive-slowness#comment-6162431

The only results coming back when searching for OPAL in the SEE KB are feature requests.  All this seems to suggest bad news for your SSD I'm afraid.

Hi,

I was having the exact same issue with a Dell Latitude E7240 (SEE 8.2.1MP5 installed).

I updated the Intel storage driver to this

https://downloadcenter.intel.com/confirm.aspx?httpDown=http://downloadmirror.intel.com/23496/eng/f6flpy-x64.zip&lang=eng&Dwnldid=23496&DownloadType=Drivers&OSFullname=Windows+7+*&ProductID=2101

SSD reinstalled and laptop started to encrypt. It took less than 40 minutes to encrypt a 128GB drive.

 

thanks,

Joe