Transcription
EETech User GuideMcAfee Endpoint Encryption for PC 6.2For use with ePolicy Orchestrator 4.5, 4.6 Software
COPYRIGHTCopyright 2012 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.2McAfee Endpoint Encryption for PC 6.2EETech User Guide
Contents1Introduction5Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Understanding the daily authorization code . . . . . . . . . . . . . . . . . . . . . . . . 62EETech (WinPE V1 and V3)7Create EETech WinPE V1 Recovery CD/DVD using BartPE . . . . . . . . . . . . . . . . . . 7Create EETech WinPE V3 32-bit Recovery CD/DVD . . . . . . . . . . . . . . . . . . . . . 9Create EEOpalTech WinPE V3 32-bit Recovery CD/DVD . . . . . . . . . . . . . . . . . . 14Create EETech WinPE V3 64-bit Recovery CD/DVD . . . . . . . . . . . . . . . . . . . . 19Authorize with daily authorization code . . . . . . . . . . . . . . . . . . . . . . . . . 23Authenticate with token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Export the recovery information file from McAfee ePO . . . . . . . . . . . . . . . . . . . 25Authenticate with recovery file . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Remove encryption and boot sector with token authentication . . . . . . . . . . . . . . . . 26Remove encryption and boot sector with file authentication . . . . . . . . . . . . . . . . . 27View the workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Encrypt or decrypt sectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Restore the Master Boot Record (MBR) . . . . . . . . . . . . . . . . . . . . . . . . . 313EETech (Standalone)Create EETech (Standalone) bootable disk . . . . . . . . .Create EEOpalTech (Standalone) bootable disk . . . . . . .Boot from EETech and EEOpalTech (Standalone) boot disks . .Authorize with daily authorization code . . . . . . . . . .Authenticate with token . . . . . . . . . . . . . . . .Export the recovery information file from McAfee ePO . . . .Authenticate with recovery file . . . . . . . . . . . . .Perform emergency boot . . . . . . . . . . . . . . . .Remove encryption and boot sector with token authentication .Remove encryption and boot sector with file authentication . .View the workspace . . . . . . . . . . . . . . . . . .Encrypt or decrypt sectors . . . . . . . . . . . . . . .Restore the Master Boot Record (MBR) . . . . . . . . . Afee Endpoint Encryption for PC 6.2EETech User Guide3
Contents4McAfee Endpoint Encryption for PC 6.2EETech User Guide
1IntroductionMcAfee Endpoint Encryption for PC (EEPC) delivers powerful encryption that protects data fromunauthorized access, loss, and exposure. With data breaches on the rise, it is important to protectinformation assets and comply with privacy regulations.EETech (WinPE Version 1 and 3), EEOpalTech (WinPE Version 3), EETech (Standalone), and EEOpalTech(Standalone) are McAfee’s disaster recovery systems used in conjunction with EEPC.EETech now displays the Disk Crypt List and Edit Disk Crypt State information in decimal instead ofhexadecimal.EETech (Standalone) and EEOpalTech (Standalone) are disaster recovery tools that allow theadministrator to perform normal recovery functions. EETech (WinPE V1 and V3) and EEOpalTech(WinPE V3) perform the same functions under a Windows-like environment and include greaterfeatures such as booting from BartPE and easier access to USB drives.For EEPC, the Opal systems are supported only in the Advanced Host Controller Interface (AHCI) mode.ContentsAudienceUsing this guideUnderstanding the daily authorization codeAudienceThis guide is mainly intended for qualified system administrators and security managers. Knowledge ofbasic networking and routing concepts, and a general understanding of the aims of centrally managedsecurity is required.Using this guideThis guide helps corporate security administrators to understand the disaster recovery tools, EETech(Standalone) and EETech (WinPE). This document includes procedures to recover data from systemsthat are unrecoverable using self-recovery and administrator recovery.McAfee Endpoint Encryption for PC 6.2EETech User Guide5
1IntroductionUnderstanding the daily authorization codeUnderstanding the daily authorization codeSome recovery operations in EETech require administrative access. The user can get this access bytyping a four-digit code into the authorization screen.This code changes everyday and can only be retrieved by contacting McAfee support(mysupport.mcafee.com).All EETech operations require authentication. However, only the administrative operations requireauthorization with the 4-digit daily authorization code.The following operations do not require the daily authorization code: Using the workspace utility to view sectors on the disk Using the disk information utility to identify encrypted regions on the disk Setting the encryption algorithm used by EETech Setting the boot disk on which EETech performs its operations Viewing and retrieving data from the disk (EETech BartPE only or EETech WinPE V1 only)The following operations do require the daily authorization code:6 Removing endpoint encryption that includes decrypting the disk and restoring the MBR Repairing disk information Using the crypt sectors and force crypt sectors utilities to manually encrypt or decrypt specific sectors Editing the disk crypt state Restoring the MBR Performing an emergency boot (EETech Standalone only)McAfee Endpoint Encryption for PC 6.2EETech User Guide
2EETech (WinPE V1 and V3)EETech (WinPE V1 and V3) is a disaster recovery tool that allows the administrator to performrecovery functions. EETech (WinPE V1 and V3) performs these functions under a Windows-likeenvironment and includes greater features such as booting from BartPE and easier access to USB drives.It is entirely the responsibility of the qualified system administrators and security managers to takeappropriate precautions while using EETech (WinPE V1 and V3) recovery tool. The user needs to handlethe EETech Recovery tool with maximum care, otherwise, it may cause the system to become corruptand that might result in the loss of data.Make sure that you do not restart the client system with WinPE V3 bootable CD/DVD whendecryption is in progress. For more information, refer to this KnowledgeBase article https://kc.mcafee.com/corporate/index?page content&id KB74056.ContentsCreate EETech WinPE V1 Recovery CD/DVD using BartPECreate EETech WinPE V3 32-bit Recovery CD/DVDCreate EEOpalTech WinPE V3 32-bit Recovery CD/DVDCreate EETech WinPE V3 64-bit Recovery CD/DVDAuthorize with daily authorization codeAuthenticate with tokenExport the recovery information file from McAfee ePOAuthenticate with recovery fileRemove encryption and boot sector with token authenticationRemove encryption and boot sector with file authenticationView the workspaceEncrypt or decrypt sectorsRestore the Master Boot Record (MBR)Create EETech WinPE V1 Recovery CD/DVD using BartPEBart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable Windows CD/DVD from the original Windows XP Operating System.Before you create the BartPE CD/DVD, you need to have the Windows XP \i386 folder. The i386 folderholds the files used to install, repair, modify, update, and rebuild Windows. This can be found on theroot directory of a Windows XP Professional installation CD.EETech (WinPE) is accessed through the BartPE plug-in boot CD/DVD. When the user boots theunrecoverable system with the BartPE Windows CD/DVD, the first page that appears is the EndpointEncryption interface.This is followed by a dialog box that prompts the user to start network services. You can start thenetwork services if you have added the drivers for your Ethernet card to the CD/DVD build, otherwiseclick No.McAfee Endpoint Encryption for PC 6.2EETech User Guide7
2EETech (WinPE V1 and V3)Create EETech WinPE V1 Recovery CD/DVD using BartPETask1Download the latest BartPe install file.Refer to http://www.nu2.nu/pebuilder/ website for the required information and download links.2Install BartPe to the default install locations of your local system.3Open Microsoft Windows Explorer and navigate to the \pebuilderxxxxx\plugin folder.xxxxx denotes the version number of BartPE.4Extract EETech.zip to the desired location. Copy Win32 folder from EETech\WinPE folder to the\pebuilderxxxxx\plugin folder.5Create a subfolder called EEPC inside the \pebuilderxxxxx folder.6Copy the i386 folder to the root drive C:\7Launch BartPe. The BartPE CD/DVD Builder page appears.8Type or browse to the path for the Windows installation files (i386 folder) in the C:\ drive.9Type or browse to the path to include other files and folders from this directory in the Custom field.10 Type a folder name, for instance, EEPC in the Output field to store the files that PE Builder copies.Make sure that the location you type is relative to your \pebuilder directory.If you need to specify an absolute path, you must change the EEPC path absolute in the Builder Options dialog.11 Use the Media output pane to specify whether you want to create a CD/DVD or an ISO image.You can click the Plugins button to add, edit, enable/disable, configure or remove plugins from the list.12 Click Build to write the ISO image to a CD/DVD.When you select the Burn to CD/DVD option, it directly writes the ISO image to the inserted CD/DVD. You can also create the ISO image and burn it to a CD/DVD later.13 Boot the system from the EETech WinPE V1 Recovery CD/DVD. The Endpoint Encryption interface appears.14 Click Go Programs McAfee EETech. The McAfee EETech page appears.8McAfee Endpoint Encryption for PC 6.2EETech User Guide
EETech (WinPE V1 and V3)Create EETech WinPE V3 32-bit Recovery CD/DVD2Create EETech WinPE V3 32-bit Recovery CD/DVDUse this task to create a bootable WinPE recovery CD/DVD from the Windows 7 Operating System. Todo this, you need to configure a WinPE 3.0 to include the plug-in for EEPC, which supports the x86(32-bit) architecture.Before you beginThe following information is intended for System Administrators when modifying theregistry details: Registry modifications are irreversible and if done incorrectly can cause system failure. We recommend that you back up your registry and understand the restore process,before you proceed with the registry modification. For more information, see http://support.microsoft.com/kb/256986. Make sure that you do not run a .REG file, which is not considered to be a genuineregistry import file. Make sure not to combine the 32-bit and 64-bit architectures.Task1Download Windows Automated Installation Kit (AIK) for Windows 7 from the Microsoft website.2Install AIK on Windows 7 (32-bit) Operating System either by burning it to a CD/DVD or extractingit using WinRAR. The WinPE 3.0 is setup.3Click Windows All programs Microsoft Windows AIK Deployment Tools and run Deployment Tools asAdministrator to open the Deployment Tools command prompt.4Run the copype.cmd command.Syntax: copype.cmd architecture destination Where architecture can be x86, amd64, or ia64 destination is a path to the local directoryOpen this path C:\Program Files\Windows AIK\Tools\PEToolsand enter this command copype.cmd x86 C:\winpe x86This command creates the required directory structure and copies all the necessary files for thatarchitecture.5Open the command prompt and mount the Windows PE image (Winpe.wim) base to the Mountdirectory to access the WinPE 3.0 image.Open this path C:\Program Files\Windows AIK\Tools\x86\Servicingand enter this command Dism.exe /Mount-Wim /WimFile:C:\winpe x86\winpe.wim /index:1 /MountDir:C:\winpe x86\mount6Edit the WinPE 3.0 environment as follows:aOpen regedit and load the system hive under [HKEY LOCAL MACHINE].bClick HKEY LOCAL MACHINE, File, and Load Hive. The Load Hive pop-up appears.cFrom the mounted WinPE image, navigate to this system file C:\winpe x86\mount\ Windows\System32\Config\SYSTEM.McAfee Endpoint Encryption for PC 6.2EETech User Guide9
2EETech (WinPE V1 and V3)Create EETech WinPE V3 32-bit Recovery CD/DVDdName the WinPE hive; for instance pe3.eAccess this Registry entry [HKEY LOCAL E325-11CE-BFC1-08002BE10318}].fEdit the multi-string upper filters with values:MfeEpePCPartMgrgRight click HKEY LOCAL MACHINE\pe3\ControlSet001\services and create the MfeEpePC and MfeEEAlgkeys.hModify the values of the created keys as follows: [HKEY LOCAL MACHINE\pe3\ControlSet001\services\MfeEpePC]"Type" dword:00000001"Start" dword:00000000"ErrorControl" dword:00000003 [HKEY LOCAL MACHINE\pe3\ControlSet001\services\MfeEEAlg]"Type" dword:00000001"Start" dword:00000000"ErrorControl" dword:00000003"Group" string:Primary DiskiClick pe3, then click File Unload hive to unload the WinPE mounted hive.jClose the Registry Directory.kAdd the EEPC files to appropriate locations in the mounted WinPE image as mentioned in thefollowing tables.Before you copy the files, you need to create folders as follows:Table 2-1 Folders to be createdLocationFolder to be createdC:\Winpe x86\mount\Program Files\Endpoint Encryption for PC v6C:\Winpe x86\mount\Program Files\Endpoint Encryption for PC EpeReadersv6\C:\Winpe x86\mount\Program Files\Endpoint Encryption for PC EpeTokensv6\10McAfee Endpoint Encryption for PC 6.2EETech User Guide
EETech (WinPE V1 and V3)Create EETech WinPE V3 32-bit Recovery CD/DVD2Table 2-1 Folders to be created (continued)LocationFolder to be createdC:\Winpe x86\mount\Program Files\Endpoint Encryption for PC Localev6\C:\Winpe x86\mount\Program Files\Endpoint Encryption for PC Themev6\Copy the following EEPC files into the image from the Win32 folder found in the build.Table 2-2 Files to be copiedLocationFiles to be copiedC:\Winpe Winpe x86\mount\Program Files\Endpoint Encryption for PC v6\EETech.exeC:\Winpe x86\mount\Program Files\Endpoint Encryption for PCv6\EpeReadersEpeReaderPcsc.dllC:\Winpe x86\mount\Program Files\Endpoint Encryption for okenSmartcard.dllC:\Winpe x86\mount\Program FilesLocale.xml\Endpoint Encryption for PC v6\LocaleMcAfee Endpoint Encryption for PC 6.2EETech User Guide11
2EETech (WinPE V1 and V3)Create EETech WinPE V3 32-bit Recovery CD/DVDTable 2-2 Files to be copied (continued)LocationFiles to be copiedC:\Winpe x86\mount\Program FilesPlease use the Language of your choice. e.g. English-US\Endpoint Encryption for PC v6\Locale Core-0409.xml\English-USTech-0409.xmlC:\Winpe x86\mount\Program FilesBackground.png\Endpoint Encryption for PC v6\ThemeBootManager.xmlCJK Tahoma12.pbfCJK Tahoma8.pbfCJK xmlLanguage.xmlLatinASCII Tahoma12B.pbfLatinASCII Tahoma18B.pbfLatinASCII Tahoma8.pbfLatinASCII QaEnrolWizardBanner.png12McAfee Endpoint Encryption for PC 6.2EETech User Guide
EETech (WinPE V1 and V3)Create EETech WinPE V3 32-bit Recovery CD/DVD2Table 2-2 Files to be copied (continued)LocationFiles to be Init.xmlTokenSelect.xml7Commit the changes in this path C:\Program Files\Windows AIK\Tools\x86\Servicing byperforming these steps:aTo commit changes to WIM, enter this command Dism.exe /Unmount-Wim /MountDir:C:\winpe x86\mount\ /CommitbTo copy the new WIM image to boot ISO, enter this command copy C:\winpe x86\winpe.wimC:\winpe x86\ISO\sources\boot.wim /YcTo create a bootable iso image, enter this command oscdimg -n -bc:\winpe x86\etfsboot.com C:\winpe x86\ISO C:\winpe x86\winpe x86.isoThe iso for WinPE3 32-bit for EETech can be found at C:\winpe x86\winpe x86.iso8Burn this iso to a CD/DVD and boot the system from the CD/DVD.Make sure that you do not boot the system from WinPE V3 CD/DVD when the decryption is in progress.9In the command prompt, enter these commands:cd\cd Program Files\Endpoint Encryption for PC v6EETech.exeThe EETech screen appears.McAfee Endpoint Encryption for PC 6.2EETech User Guide13
2EETech (WinPE V1 and V3)Create EEOpalTech WinPE V3 32-bit Recovery CD/DVDCreate EEOpalTech WinPE V3 32-bit Recovery CD/DVDUse this task to create a bootable EEOpalTech WinPE V3 32-bit recovery CD/DVD from the Windows 7Operating System. To do this, you need to configure WinPE 3.0 to include the Opal plug-in for EEPC,which supports only the x86 (32-bit) architecture.Before you beginThe following information is intended for System Administrators when modifying theregistry details: Registry modifications are irreversible and if done incorrectly can cause system failure. We recommend that you back up your registry and understand the restore process,before you proceed with the registry modification. For more information, see http://support.microsoft.com/kb/256986. Make sure that you do not run a .REG file, which is not considered to be a genuineregistry import file.Task1Download Windows Automated Installation Kit (AIK) for Windows 7 from the Microsoft website.2Install AIK on Windows 7 (32-bit) Operating System either by burning it to a CD/DVD or extractingit using WinRAR. The WinPE 3.0 is setup.3Click Windows All programs Microsoft Windows AIK Deployment Tools and run Deployment Tools asAdministrator to open the Deployment Tools command prompt.4Run the copype.cmd command.Syntax: copype.cmd architecture destination Where architecture can be x86, amd64, or ia64 and destination is a path to the local directory.Open this path C:\Program Files\Windows AIK\Tools\PEToolsand enter this command copype.cmd x86 C:\winpe x86This command creates the required directory structure and copies all t
McAfee Endpoint Encryption for PC (EEPC) delivers powerful encryption that protects data from unauthorized access, loss, and exposure. With data breaches on the rise, it is important to protect information assets and comply with privacy regulations. EETech (WinPE Version 1 and 3), EEOpalTech (WinPE Version 3), EETech (Standalone), and EEOpalTechFile Size: 469KB
