Endpoint Encryption

 View Only
  • 1.  What version of Symantec Disk Encryption do I have?

    Posted Jan 27, 2014 11:06 PM

    I have a virus that prevents me from starting in Safe Mode or any other option. I created a boot disk to scan the C: drive, but because I have Symantec Disk Encryption, the entire harddive is encrypted and will not mount. The scan cannot access the C: drive.

    My last option is to decrypt the harddrive using a Symantec Recovery Disk. BUT, I must be sure to use the correct version, otherwise I will corrupt all of the information on the harddrive.

    Because I cannot access the C: drive, I have no way of knowing what version I have. And I'm not sure if I was on auto-update.

    Is it possible to verify which version of Symantec Disk Encryption I have from the log-in screen? I have provided some pictures (sorry, screenshots not available, of course) below.

    I greatly appreciate any help or clues!

    This is the screen I see after I turn on the computer:

    photo 1.JPG

    This is the "Help" screen that comes up when I press F1:

    photo 2.JPG

    And this is the "Help" screen after I scroll down all the way to the bottom:

    photo 3.JPG

    Thank you!



  • 2.  RE: What version of Symantec Disk Encryption do I have?

    Broadcom Employee
    Posted Jan 28, 2014 04:05 AM

    You posted this in the Backup and Recovery section. You should do that in PGP section as this is encryption software. Please post it there so the right people can see it and help you



  • 3.  RE: What version of Symantec Disk Encryption do I have?

    Posted Jan 28, 2014 12:59 PM

    Sorry for the confusion, and thank you for the correction. I have re-posted the comment in "PGP Desktop (Email and Netshare)". There were a few different options for "PGP", but I think this one is correct. Let me if I'm mistaken. Thank you!



  • 4.  RE: What version of Symantec Disk Encryption do I have?

    Broadcom Employee
    Posted Jan 28, 2014 03:31 PM
    Hi johne279, It is not possible to say which is the version and build number based on the screen shots. However, since it's SED it is for sure 10.3.0.x or 10.3.1.x. The easiest way would be to slave that hard drive into a machine with the latest version installed and authenticate to the disk. This would basically unlock the disk. Then you can backup your data and run the virus scanner. Not sure if works (didn't test it yet), but you can build a WinPe with WDE tools and attempt to add the virus scanner engine (with the latest definitions). Then you could boot from this CD, authenticate to the disk and rub the virus scanner. HTH, dcats


  • 5.  RE: What version of Symantec Disk Encryption do I have?

    Posted Jan 29, 2014 03:39 PM

    dcats,

    It is good to know that my version is either 10.3.0.x or 10.3.1.x. I was pretty sure my version was one of these because the log-in screen says SED. It's nice to have confirmation.

    Unfortunately, I do not have access to another machine running SED.

    I had also thought about building a WinPE with Hiren's (good idea!), but alas, again, I can't copy the files necessary to unlock the harddrive with a boot disk because I do not have those files.

    So my next question is: how does automatic update work for SED?

    I remember running PGP Desktop (presumably version 9) before my computer updated to SED. And! I remember the moment my system updated form PGP Desktop (9.x?) to SED (10.x). I remember because when I restarted and a different log-in screen appeared, I freaked out -- SED requires you to type your log-in name and password (not just password like PGP), and at first I couldn't remember my log-in name (luckily, I did). The upshot: The update happened a little over one year ago, which makes sense because it aligns with the publish dates on Symantec's release notification webpages for new versions of SED.

    What I'm trying to say is this: If auto-updates for PGP were on, were they also on for SED? And if that's the case, shouldn't I be running 10.3.1.x? (Not 10.3.0.x)

    Last question: If I use Symantec Recovery Disk to decrypt my harddrive, will my username and password be sufficient? I no longer have technical support from the organization that originally encrypted the disk, and I'm worried that only the original admin password might allow the decryption.

    Thank you so much for your help!

    John



  • 6.  RE: What version of Symantec Disk Encryption do I have?

    Broadcom Employee
    Posted Jan 30, 2014 04:39 AM

    Hi John,

    It is hard to say, because if I understand it well, this SED client is managed by a Symantec Encryption Management Server (SEMS).
    So the options available depend on how the company owning that SEMS has configured the network environment and the encryption policy.

    Regarding the updates, they may have, or not, given the possibility to external machines to connect to their server (this is not common, but not impossible).
    While for the hard drive decryption it depends on how they have configured the policy, if they have given or not permissions to decrypt, and if it is configured to store the policy in the disk - this last one could even invalidate the decryption by slaving the disk to another machine.

    Additionally, please be aware that version 10.3.2 was released this week on the 28th (January). Due to the timing of the events it is unlikely that you have received this update.


    If you have no other alternative, you can attempt to get the trialware version (http://www.symantec.com/products-solutions/families/trialware-popup.jsp?fid=encryption, with this you should get the files required) and create the WinPE CD with WDE tools. You need to follow exactly what is instructed in the PDF.
    Create the WinPE and boot from it, then you may be able to check the version of the SED client and also copy all your data out of the machine.

    Windows PE & BartPE Tools for Symantec Encryption Desktop 10.3.1 - TECH210436


    In case it is required to go "blind-folded", prefer to use the latest version (10.3.1.x) to decrypt the disk, there are higher chances to complete it without issues.
    Please note that you will need to ensure the process is NOT interrupted and take into consideration that decrypting with the CD is a quite slow process.

    Symantec Drive Encryption 10.3.1 for Windows Recovery Disk Images - TECH210465

    HOWTO Use the Symantec Drive Encryption Windows Recovery Disk Image - HOWTO92296


    HTH,
    dcats



  • 7.  RE: What version of Symantec Disk Encryption do I have?

    Posted Jan 31, 2014 01:05 PM

    dcats,

    Ok, it sounds like I have a plan. Two more things to try. I'll give the WinPE with trialware files first. If that doesn't work, I think you're right about trying 10.3.1. I was leaning in that direction already. But it's good to have a professional opinion, and especially good to have one more thing to try before the "blind-folded" option.

    Thanks! I'll let you (and the forum) know how it turns out.

    John



  • 8.  RE: What version of Symantec Disk Encryption do I have?

    Posted Jan 31, 2014 01:49 PM

    Reading the "Symantec Encryption Desktop Version 10.3 for Windows Release Notes", I found:

     

    • Upgrading: The PGP BootGuard screen is not updated immediately after you upgrade to Symantec Encryption Desktop 10.3. To display the updated PGP BootGuard screen (containing new login and keyboard options), reboot your system a second time. [NBN]

    and

    • Compatibility of older-version recovery disks: Symantec Drive Encryption recovery disks are compatible only with the version of Symantec Encryption Desktop that created the recovery CD. For example, if you attempt to use a 9.10 recovery disk to decrypt a disk protected with Symantec Drive Encryption version 10.3 or later, it will render the Symantec Drive Encryption disk inoperable. [10556/2455738]

     

    Nothing new here, but it provides a little more detail. That might be a help for other users. It also makes me a little less tense about the blind-fold option because it sounds as if 10.3.1 Recovery Disk might be backwards compatible with 10.3.0. Just no guarantee.



  • 9.  RE: What version of Symantec Disk Encryption do I have?

    Posted Feb 07, 2014 05:45 AM

    Ok! I think I did it.

    To be honest, I'm not exactly sure how it worked, but I'll list the steps I took.

    I downloaded the trialware version of Symantec Encryption Desktop Corporate (https://www4.symantec.com/Vrt/offer?a_id=109355), which gave me the WDE tools mentioned above.

    I also downloaded the latest version of PE Builder (v. 3.1.1.0a) from http://www.nu2.nu/pebuilder/#download.

    I built a BartPE boot disk and installed the WDE drivers using pgppe.exe from the Windows PE & BartPE Tools for Symantec Encryption Desktop 10.3.1 instructions (http://www.symantec.com/business/support/index?page=content&id=TECH210436) as mentioned above. The pgppe.exe must be run from command prompt. You must be in the directory where pgppe.exe resides when you run the command. The command in the pgppe.exe program is "/winpe". The next field is the location of the BartPE folder you create. The last field is the location of the WDE files (in my case, from the trialware version).

    There's no obvious confirmation that the drivers are installed successfully (at least I didn't see it). I believe I installed the drivers correctly because command prompt flashed some new text quickly and then closed. Even though I'm pretty sure the drivers were installed, the first BartPE disk I made didn't work. My mistake was that I had also included the Symantec PGP software files in a folder (the /WDE folder). So I made another BartPE without the folder.

    I downloaded a program to turn a folder into an .iso file. I used Folder2ISO, and I downloaded it from Softpedia http://www.softpedia.com/get/CD-DVD-Tools/CD-DVD-Images-Utils/Folder2ISO.shtml

    I made an .iso file from the BartPE folder and burned the .iso image onto a CD.

    I popped the CD in, and the virus screen came up again. I didn't think it was working, but I restarted and tried again just to make sure the CD was booting first. Computer started up normally...the background was mine, but nothing else popped up. No icons, no start bar, no virus screen. Nothing but the background. I was expecting the BartPE to bring up a different screen. How could it access my background if it's a preinstallment environment?

    I used ctr-alt-del to bring up task manager, and from task manager I clicked "File" and then "New Task (Run)". I ran "cmd" to bring up command prompt.

    I used the system restore command (for XP it is C:\windows\system32\restore\rstrui.exe). I chose an earlier restore point and restarted.

    On start up, I got a message that said no changes had been made. It seemed like it didn't mean "no recent files have been deleted" but rather that the restore was unsuccessful. So I tried another restore point. Same error message. So I took a chance and let it start up. No virus screen. I downloaded Malwarebytes and scanned. Found 52 bad objects. I couldn't confirm if any of them were the virus, but my computer is working. I also ran Microsoft Forefront Client Security, Spybot, and Adaware, and found no other virus-type threats. So I think I'm ok.

    Mine was a rare case, but I hope it helps someone!

    dcats, thank you for your help! I think the next step is to decrypt the harddrive so I don't have this problem ever again.



  • 10.  RE: What version of Symantec Disk Encryption do I have?

    Broadcom Employee
    Posted Feb 07, 2014 12:35 PM
    Hi John, I'm glad my suggestions were useful. The next step should be to copy your data out of that disk. After, you may attempt to decrypt the disk if you have permissions to do so. Rgs, dcats