Endpoint Encryption

Hello.

I have been contacted by a client who has installed a trial of Syamtnec Encryption Desktop Corporate.

The client has been using the trial well, and has recently decided to decrypt all data that was encrypted. However, after decrypting most of the data, there are 2 folders which wont decrypt due to the passphrase being incorrect apparntly.

There is an option with Symantec Encyrption Desktop to locate a KRB file, this i believe has not been setup a KRB file cannot be located on the Laptop.

What is the procedure, if any to decrypt the data if the passphrase is not known and a KRB file cannot be located?

Many Thanks,

Liam

Just to confirm, does the user have any access to the data (can they open files in the share)?  I would assume not, or decrypting shouldn't be an issue.

In the Symantec Encryption Desktop (SED) GUI, when the user selects the folder, what is shown in the access list?  Is it the same as other folders that they do have access to?  It may simply be that they used a different key for those shares, which would have a different passphrase.

If it only shows "Unknown Key" in the access list, then the key used for encryption was deleted or removed from the system.  In this case there may be no way to recover the data unless they have a backup of the key.  I wouldn't expect this to be the case in this instance, since it is saying the passphrase is invalid.  That usually means you do have the key, but have forgotten the passphrase.

In a standalone environment, it is important to remember that the passphrase for the key is independent of anything else, so if it was set originally to the same passphrase as the user's Windows account, if they have changed the Windows account password, the passphrase for the key would not change.  This is a common misconception, as the keys are not tied to a Windows account.  Have the user try any old passwords they remember.

Hi Mike,

Thanks for the reply. Please see below response:

Within the share (folder location) 2/10 folders are in accessible. The other 8 folders are accessible after being decrypted using the passphrase that seems to be incorrect. The decryption has been carried out by the client, and not myself so cannot be 100% sure.

In the access list, there are only 2 folders listed which are encrypted and we cannot access. The name is correct, user type = admin and there is a green tick for verified.

I have attempted different variations of the password in question and other passwords that may have been used, still no joy.

In this instance, the data is backed up on Box, so I may be able to create a backup from Box and perhaps totally uninstall Symantec for now. How would I go about removing the files from the Laptop that have been encrypted?

If you are going to restore from backup you could simply delete the existing folders.  You may just want to rename them for now, though, until you get the backup folders restored.