Endpoint Encryption for Files and Folders 4.0 User Guide - McAfee

McAfee Endpoint Encryption for Files and Folders 

4.0.0 

User Guide

COPYRIGHT 

Copyright © 2011 McAfee, Inc. All Rights Reserved. 

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form 

or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. 

TRADEMARK ATTRIBUTIONS 

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE 

EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, 

WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in 

connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property 

of their respective owners. 

LICENSE INFORMATION 

License Agreement 

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, 

WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH 

TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS 

THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, 

A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU 

DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN 

THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 

2 

McAfee Endpoint Encryption for Files and Folders software version 4.0.0 User Guide

Contents 

Introducing McAfee Endpoint Encryption for Files and Folders. . . . . . . . . . . . . . . . . . . . . . . 4 

Why EEFF?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

How EEFF 4.0 works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 

EEFF Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 

About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 

Using the Context menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

Encrypting a file or a folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

Decrypting a file or a folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Searching for encrypted files or folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Creating a Self-Extractor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

Reading a Self-Extractor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

Attaching a file or a folder as Self-Extractor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

Attaching an encrypted file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 

Launching McAfee Endpoint Encryption for Files and Folders Console. . . . . . . . . . . . . 11 

Managing User Local keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Creating a User Local key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 

Deleting a User Local key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 

Renaming a User Local key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 

Exporting User Local keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 

Importing User Local keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 

Recovering User Local keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 

Changing User Local key authentication method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 

Managing Endpoint Encryption for Removable Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 

Initializing a Removable Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 

Recovering a Removable Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 

Changing EERM authentication method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 

McAfee Endpoint Encryption for Files and Folders software version 4.0.0 User Guide 

3

Introducing McAfee Endpoint Encryption for 

Files and Folders 

McAfee Endpoint Encryption for Files and Folders (EEFF) offers data protection in the form of 

powerful encryption technology so that only authorized users can access information. 

Contents 

Why EEFF? 

How EEFF 4.0 works 

EEFF Features 

System requirements 

About this guide 

Why EEFF? 

EEFF offers enhanced security to protect your data. EEFF depends on Microsoft Windows user 

accounts and works in real-time to authenticate user to access encryption keys and to retrieve 

the correct policy in EEFF. A smart card implementation based on Windows logon can be used 

for enhanced security. 

Endpoint Encryption for Files and Folders allows you to define and protect information in a way 

that only certain users can access it. This data is stored, managed, archived, and distributed 

as any other file is, however, it can be viewed only by those who have been granted access. 

Endpoint Encryption for Files and Folders is a Persistent Encryption engine: when a file has 

been encrypted and has been moved or copied to another place, it remains encrypted. If a file 

is moved out of an encrypted directory, it will also remain encrypted. Likewise, if an encrypted 

file is moved to a memory stick – the encryption will remain in place. 

EEFF integrates with McAfee ePolicy Orchestrator (ePO), which provides a single point of control 

over all the data on the systems. EEFF with ePO supports both user-based and system-based 

policies. Assigning these policies to users encrypts the data on the client as configured. 

EEFF depends on Microsoft Windows credentials therefore, both registered domain users and 

local system users can be assented encryption policies and associated keys. 

How EEFF 4.0 works 

EEFF encrypts folders and files according to policies assigned to the user. These policies are 

enforced by the ePO server. 

4 


Introducing McAfee Endpoint Encryption for Files and Folders 

EEFF Features 

The client software is installed on the client system. After the installation, the system synchronizes 

with the ePO server and acquires the user data. EEFF then assigns encryption policies and keys 

to the user as configured. 

EEFF client acts like a filter between the application creating or editing the files and the storage 

media. When a file is saved, EEFF filter executes the assigned encryption policies and encrypts 

the data, if applicable. If the user manages to kill the main EEFF process on the client system, 

EEFF encrypts folders and files according to policies assigned to the user. These policies are 

enforced by the ePO server. 

The client software is installed on the client system. After the installation, the system synchronizes 

with the ePO server and acquires the user data. EEFF then assigns encryption policies and keys 

to the user as configured. 

The EEFF client acts like a filter between the application creating or editing the files and the 

storage media. When a file is saved, the EEFF filter executes the assigned encryption policies 

and encrypts the data, if applicable. If the user manages to kill the main EEFF process 

(MfeffCore.exe) on the client system, attempting to deviate from the assigned encryption policy, 

the process will be automatically regenerated. The automatic restart cannot be disabled. 

When a file that is encrypted with key A is moved to a folder where files are encrypted with 

key B, the file encrypted with key A will immediately be re-encrypted with key B. This behavior 

is known as follow-target-encryption and requires that the user or process transferring the file 

has access to both key A and key B. This operation takes place instantly when the file is placed 

in the folder encrypted with key B. 

EEFF Features 

• Centralized management — Provides support for deploying and managing McAfee Endpoint 

Encryption for Files and Folders using ePO 4.5 and 4.6. 

• Windows authentication based policy enforcement — Assigns encryption policies and 

keys to Windows user accounts. 

• Integration with the McAfee Tray icon - Consolidates the tray icons to one common 

McAfee icon. 

• User Personal Keys - Allow users to have individual keys, generated centrally and possible 

to assign in policies for encryption. 

• Protect data on Removable media — Provides support for removable media encryption. 

• Migration from EEFF v3.x to EEFF v4 - Provides support for migrating keys from EEFF 

v3.x to EEFF v4 by importing them into ePO. 

• File Extension exclusion - Excludes the listed file types from encryption. For example, 

MP3 and WAV files. 



Systems 

ePO Server Systems 

Requirements 

See McAfee ePolicy Orchestrator 4.5 and 4.6 - Installation Guide 


5

Introducing McAfee Endpoint Encryption for Files and Folders 


Software requirements 

Software (or package name) 

Requirements 

McAfee management software • ePO 4.5 (minimum patch 4) and 4.6 

• McAfee Agent for Windows 4.5 (minimum Patch 2) and 4.6 

Endpoint Encryption for Files and Folders • EEFF Extension 

• EEFF_4.0.0_xxx.ZIP 

• help_eeff_400.ZIP 

• MfeEEFF_Client_4.0.0.x.ZIP 

Microsoft “Windows Installer 3.0 

Redistributable” package ( for ePO) 

Microsoft “.NET Framework 2.0 

Redistributable” package ( for ePO) 

Microsoft MSXML 6 ( for ePO) 




Operating system requirements 

Systems 

ePO Server Systems 

Software 


Client Systems • Microsoft Windows Vista (32-bit) SP 2 

• Microsoft Windows XP (32-bit) SP 3 

• Microsoft Windows 7 (32-bit and 64-bit) SP 0 and SP 1 


This guide provides information on detailed instructions for managing the McAfee Endpoint 

Encryption for Files and Folders 4.0 client. 

Target audience 

This guide is mainly intended for McAfee Endpoint Encryption for Files and Folders users. 

6 


Using the Context menu 

The options available when you right-click a file or a folder are referred as context menu options. 

The context menu options for files and folders are identical and are explained in general. The 

context menu options are subjected to policy control and can be made unavailable to you by 

the administrator. When you right-click a file or a folder the McAfee Endpoint Encryption submenu 

with the options the administrator has enabled for you appears. 

Tasks 

Encrypting a file or a folder 

Decrypting a file or a folder 

Searching for encrypted files or folders 

Creating a Self-Extractor 

Attaching a file or a folder as Self-Extractor 

Attaching an encrypted file 

Encrypting a file or a folder 

The Encrypt option on the context menu allows you to manually encrypt a file or a folder. This 

option is unavailable to the users if the file or the folder has been encrypted by policy. 

Before you begin 

Ensure that the file you want to encrypt is not being used by any application. 

Task 

1 Right click on the file or the folder to be encrypted, then select McAfee Endpoint 

Encryption | Encrypt. The Select key dialog box appears. 

2 Select the key with which you want to encrypt the file, then click OK. 

NOTE: Click Details to view additional information about the selected key. 

Depending on the policy settings, a padlock appears on the file indicating that the file is encrypted 

with the selected key. 

Alternatively, right click on the file or the folder to be encrypted, then select Properties. On 

the Encryption tab select the key with which you want to encrypt then click Apply. 


7




The Decrypt option on the context menu allows you to manually decrypt a file or folder. This 

option is unavailable to the users if the folder has been encrypted by policy. 

Before you begin 

Ensure that the file you want to decrypt is not being used by any application. 

To decrypt a file or a folder, right click on the file or the folder then select McAfee Endpoint 

Encryption | Decrypt. 

NOTE: For both file decryption and folder decryption you might require authentication if the 

encryption key needed for the decryption is not available. 

Alternatively, right click on the file or the folder to be encrypted, then select Properties. On 

the Encryption tab select as Key name, then click Apply. 

Searching for encrypted files or folders 

Use this task to search for encrypted files and folders in the specified location. This option is 

available only when you right click on a folder. 

Task 

1 Right click on the folder, then select McAfee Endpoint Encryption | Search encrypted.... 

The Search: encrypted files and folders dialog box appears. 

2 Select if you want to search for files and/or folders and the key with which the files or 

folders are encrypted. 

3 Browse to specify the folder path and select Include sub-folders to search for encrypted 

files or folders in sub-folders. 

4 Click Search. As the search progresses, matching objects found will be displayed in a list. 

After the search is complete, right click the objects found then perform any action on them 

Creating a Self-Extractor 

Self-Extractors are password-encrypted executable files that can also be decrypted on non-EEFF 

client systems. The password used to create the Self-Extractor is required to read it. 

You can change the name of the Self-Extractor. By default, it is named as its source file/folder 

with the *.exe extension. 

Task 

1 Right click on the file or the folder for which you want to create a self-extractor, then select 

McAfee Endpoint Encryption | Create Self-Extractor (.exe). The 

Package and encrypt dialog box appears. 

2 Type the password with which you want to encrypt the self-extractor, then click OK. 

NOTE: 

8 




• The source file/folder will remain intact on disk, only a copy of the file/folder is converted 

into a Self-Extractor. 

• You can also specify where to save the Self-Extractor. The default location is the same 

as the location of the source file/folder. 

Reading a Self-Extractor 

Double-click the Self-Extractor and provide the password used to create the file. The creator 

of this file must share the password to the recipient of the file in a secure manner. 

By default, after typing the correct password the content of the Self-Extractor will open up 

automatically in the associated application. However, the content will not be automatically saved 

to disk. When the user closes the application that opened up the unpacked Self-Extractor 

content, the unpacked content will be wiped from the disk. 

To save the Self-Extractor content to disk, click Advanced, then select Extract and specify 

the location. 

Self-Extractors can be read on any client system running Windows 2000 and later. Self-Extractors 

can also be read on a non-EEFF client and requires rights to run an executable file. 


Use this task to attach a file or a folder as Self-Extractor to an email. The self-extractor is 

packaged into a *.cab file which can be attached with an email. Any email program can be used 

for attaching a file or a folder as Self-Extractor. 

The emails sent with a *.cab Self-Extractor attachment might be blocked by the recipients 

anti-virus program. 

Task 

1 Right click on the file or the folder which you want to create a self-extractor, then select 

McAfee Endpoint Encryption | Attach Self-Extractor to E-mail. The Package and 

encrypt dialog box appears. 

2 Type the password with which you want to encrypt the self-extractor, then click OK. 

The source file/folder will remain intact on disk, only a copy of the file/folder is converted 

into a Self-Extractor and attached to an email. 


Use this task to send a file (plaintext or encrypted) in a protected way. The recipient must have 

EEFF 4.0 installed and also have access to the encryption key. 

NOTE: If you attach an encrypted file to an email without using Attach encrypted to E-mail..., 

the file will be attached as plaintext even if the file is encrypted on disk. The source file will 

still be encrypted, but the copy attached with the email will be in plaintext and the recipient 

will receive it in plaintext. 


9



Task 

1 Right click on the file, then select McAfee Endpoint Encryption | Attach encrypted 

to E-mail. The Select protection keys dialog box appears. 

2 Select the key with which you want to encrypt the file, then click OK. A *.sba file is attached 

to the email. 

10 


Launching McAfee Endpoint Encryption for Files 

and Folders Console 

Click the McAfee menulet on your status bar, then click Manage Features | Endpoint 

Encryption for Files and Folders. 

From the left pane of the console, you view status report, create and manage User Local keys, 

and initialize, recover, and change authentication method for Removable Media. 

Status Report 

Status Report is the default screen that appears when you launch McAfee Endpoint Encryption 

for Files and Folders console. 

EEFF client Status Report displays the following: 

• Operating System running on the client system 

• EEFF installation files 

• Encryption keys available to the user or the system 

• General policies enforced on the system or the user 

• Folder policies enforced on the system or the user 

• File extension policies enforced on the system or the user 

• List of exempted devices 

• List of blocked processes 

• List of file extensions excluded from encryption 

• List of excluded keys 

On the right pane of the console, click Write to File to export the status report to an xml file. 

Local Keys 

The User Local keys creation and management option available on the console is subject to 

policy control and can be made unavailable to you by the administrator. 

Refer to the Managing User Local Keys chapter for more details. 

Removable Media 

McAfee Endpoint Encryption for Removable Media (EERM) is a software solution that encrypts 

removable devices to protect data stored in the device. The option available on the console is 

subject to policy control and can be made unavailable to you by the administrator. 

Refer to the Managing Endpoint Encryption for Removable Media chapter for more details. 


11

Managing User Local keys 

The keys created by users on the client system are referred to as User Local keys. The User 

Local keys creation and management is subject to policy control and can be made unavailable 

to you by the administrator. User Local keys are individual to the user and the system on which 

they are created. 

Contents 

Creating a User Local key 

Deleting a User Local key 

Renaming a User Local key 

Exporting User Local keys 

Importing User Local keys 

Recovering User Local keys 

Changing User Local key authentication method 

Creating a User Local key 

The encryption keys are stored in Key Stores. Each Key Store is protected with either a password 

that you select (password token), or with your digital certificate (PKI token). You will select the 

proper token when you create the key store. Your Key Store may be stored either on your 

computer's hard disk, or on a removable storage media, typically a USB memory stick. It is 

possible to have one Key Store on the hard disk and another on removable storage, where each 

Key Store holds different keys. 

Use this task to create a new user local key. 

Task 

1 

Click the McAfee menulet on your status bar, then select Manage Features | 

Endpoint Encryption for Files and Folders. The Endpoint Encryption for Files and 

Folders client console appears. 

2 On the left pane, click Create new key. The Welcome to Create Local Key wizard appears. 

3 Click Next. The Volume page appears. 

4 Select the location where you want to save the local key from the drop-down menu then 

click Next. The Data page appears. 

NOTE: If you want to save the local key on a USB memory stick, ensure the drive is inserted 

before you start the wizard. 

12 




5 Type a name for the local key, then select the inactivity timeout for the key from the 

drop-down menu. The inactivity timeout defines how long a key can remain unused in 

memory. When the timeout is reached, you need to authenticate before you can access 

encrypted files or folders. 

NOTE: Ensure that you provide unique names for the encryption keys, ideally reflecting 

the purpose of the key. 

6 Click Next. The Tasks page appears summarizing the key details configured in the wizard. 

7 Click Next. You might be prompted to authenticate to Endpoint Encryption before completing 

the wizard to ensure access to the corporate recovery key that will be used when you 

create your key store. 

8 Click Finish 


You may delete encryption keys that are not used. A deleted encryption key cannot be recovered. 

Consequently, documents encrypted with a deleted key cannot be opened. 

NOTE: Ensure that search the files encrypted with the key you intend to delete. 

Use this task to delete a User Local key. 

Task 

1 




2 On the left pane, click Delete key. The Welcome to the Delete Key wizard appears. 

3 Click Next. The Select Key page appears. 

4 Select the required key from the Key name drop-down list, then click Next. The Tasks 

page appears summarizing the key details configured in the wizard. 


the wizard to ensure access to the key store. 


Renaming a User Local key 

Use this task to rename a User Local key. 

Task 

1 




2 On the left pane, click Rename key. The Welcome to the Rename Key wizard appears. 

3 Click Next. The Select Key page appears. 


13



4 Select the required key from the Key name drop-down list, then click Next. The Data 

page appears. 

5 Type a new name for the key, then click Next. The Tasks page appears summarizing the 

key details configured in the wizard. 





To share encrypted files with other users you must share the encryption keys with they are 

encrypted. When exported, the encryption key is packaged into a file with SKS as extension. 

To import the file, the users must know the key store password. The SKS file may be sent as 

an e-mail attachment. 

Use this task to export User Local key to a .sks file. 

Task 

1 




2 On the left pane, click Export keys. The Welcome to the Export Key wizard appears. 

3 Click Next. The Select key page appears. 

4 Select the required key from the Key name drop-down list, then click Next. The Tasks 





Importing User Local keys 

To import an encryption key, you need to create a key store where you can save the imported 

key. 

Use this task to import encryption keys. 

Task 

1 




2 On the left pane, click Import keys. The Welcome to the Import Key wizard appears. 

3 Click Next. The Path page appears. 

4 Browse and select the exported keys (*.sks file), then click Next. The Select key store 

page appears. 

14 




5 Select the key store to which you want to import the keys, then click Next. The Tasks 






Use this task to recover a User Local key. The recovery involves the use of the central recovery 

key. You may be prompted for Endpoint Encryption central password to access the recovery 

key. 

Task 

1 




2 On the left pane, click Recover keys. The Welcome to the Recover Key wizard appears. 


4 Select the location where you saved the recovery key from the drop-down menu then click 

Next. The Password page appears. 

5 Type and confirm new password for the key store, then click Next. The Tasks page appears 

summarizing the key details configured in the wizard. 





Use this task to change the protection mechanism for key stores. 

Task 

1 




2 On the left pane, under Local Keys section click Change authentication. The Welcome 

to the Change Token wizard appears. 


4 Select the location where you saved the local key for which you want to change the 

authentication then click Next. The Type page appears. 

5 Select the token type with which you want to authenticate the device. Depending on the 

authentication method selected, the next dialog will differ. 


15



• If you selected Password Protection, the Password page appears. Type and confirm 

the new password, then click Next. The Tasks page appears summarizing the key 

details configured in the wizard. 

• If you selected Certificate Protection, the Certificate page appears. Select a certificate 

from the list of available certificates, then click Next. The Tasks page appears 

summarizing the key details configured in the wizard. 




16 


Managing Endpoint Encryption for Removable 

Media 

McAfee Endpoint Encryption for Removable Media (EERM) is a software solution that encrypts 

removable devices to protect data stored in the device. However, any attached removable 

storage can be protected with EERM, except for CDs/DVDs and floppy disks. 

Contents 

Initializing a Removable Media 

Recovering a Removable Media 

Changing EERM authentication method 

Initializing a Removable Media 

When you insert a non-protected removable device on a client with EEFF installed and the policy 

for removable media enabled, a notification dialog box appears prompting to initialize the device. 

Alternatively, you can initialize the removable media using McAfee Endpoint Encryption for 

Files and Folders client console. 

Use this task to initialize a removable media. 

Task 

1 




2 On the left pane, click Initialize device. The Initialize Removable Media window appears. 

3 In the Authentication section, select the required authentication method. 

• For the password method, type a password that conforms to the default complex 

password rules in your organization. These password rules may well be stricter than 

those rules in effect for your Windows logon password. 

• For the certification method, select a digital certificate from the drop-down menu. 

4 In the Recovery section, select the required recovery method. 

NOTE: The recovery methods available depends on the removable media encryption policy 

enforced on the system or the user. 


17

Managing Endpoint Encryption for Removable Media 


5 Click Initialize. The progress of the initialization is displayed in the progress bar at the 

bottom of the dialog. 

NOTE: We recommend you not to unplug the device during initialization or to cancel the 

initialization process. This may result in a device in an unknown state, which means it 

cannot be used on a machine with EEFF installed. 

Once the initialization is complete, an authentication dialog appears requesting the user to 

authenticate to the device. Provide the authentication information to use the device. 


Use this task to recover a removable media. 

Task 

1 




2 On the left pane, click Recover media. The Recover Authentication window appears. 

3 Select one of these required recovery methods: 

• Recovery key — This method uses a Recovery key from the central management 

system to configure the recovery of the device. You may be prompted to authenticate 

to EEFF to access this key and will not be able to change the Recovery key the 

administrator has selected. 

• Recovery password — This recovery method enables user to select a Master Password 

(Recovery password). With this password you can recover the encrypted device without 

any interaction with the Helpdesk. Also, you can perform this recovery from a non-EEFF 

client. 

NOTE: The Recovery password must conform to the same password quality rules as 

your authentication password. Since Password History is a part of the hard coded 

password rules, this means that the Recovery password cannot be set to the same 

password as the authentication password. 

• Recovery certificate — This option enables the user to select a digital certificate to 

use for recovery. 

With the recovery certificate, you can recover the device without any interaction with 

the Helpdesk. Also, you can perform this recovery from a non-EEFF client. 

• Recovery questions — This option enables you to enter five questions and answers 

that will be used in a recovery situation. That is, you will be able to recover the encrypted 

device by answering the selected questions without any interaction with Helpdesk. Also, 

you can perform this recovery from a non-EEFF client. 

4 Click Recover. 

18 


Managing Endpoint Encryption for Removable Media 



Use this task to change the protection mechanism for EERM. 

Task 

1 




2 On the left pane, under Removable Media section click Change authentication. The 

Change authentication window appears. 

3 Click Change. 

4 Select the token type with which you want to authenticate the device. 

• If the device is password protected, you will be prompted to authenticate the device 

using the existing password. After the device is successfully authenticated the Select 

new protection window appears. Type and confirm the new password, then click OK. 

A pop-up appears displaying that the authentication method has been changed. 

• If the device is protected by certificate, the device is authenticated using the certificate 

installed on the client system. Select the required certificate from the list of available 

certificates, then click OK. A pop-up appears displaying that the authentication method 

has been changed. 

5 Click OK | Close. 


19

Index 

E 

EEFF 4 

client 4 

Endpoint Encryption for Files and Folders 4 

R 

requirements, operating system 5 

requirements, software 5 

requirements, system 5 

P 

Persistent Encryption 4 

20

Endpoint Encryption for Files and Folders 4.0 User Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?