Versions Compared

Version Old Version 10 New Version 11
Changes made by

George Moore

George Moore

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Once the McAfee agent is installed, the McAfee agent will automatically download and install the Drive Encryption application and the user will be prompted to reboot.
  2. MDE (McAfee Drive Encryption) will then run some compatibility checks including looking for incompatible products (bitlocker or other encryption products), hard drive SMART status, and connection to the McAfee server.
  3. If all the checks pass, MDE will start the process of encrypting the hard drive. It may take up to 20 minutes before the encryption process starts. You can check the status of the encryption by clicking on the McAfee icon in the system tray and selecting Quick Settings->Show Drive Encryption Status. The steps are listed below and are listed in the Show Drive Encryption Status window below the Volume Status.
    1. Creating Event to request data for local domain users (~5 min)
    2. Creating Event to request data for assigned users (~5 min)
    3. Detecting incompatible products
    4. Creating preboot file system (pbfs)
    5. Sent recovery key to Key Server
    6. Committing activation
    7. Updating Drive Encryption Users
    8. Policy Enforcement is complete
  4. Once the encryption has started, preboot authentication (the McAfee login screen) is enabled.

Technical Overview from McAfee

Note

The below information is taken from the Drive Encryption activation sequence section of the MDE 7.1 Best Practices Guide

Drive Encryption activation sequence

When the DEAgent and Drive Encryption packages are successfully deployed, the user is prompted to
restart the system.
The restart is essential for activation of Drive Encryption on the client to proceed. The restart can be
canceled, however, Drive Encryption will not become active on the client until the restart has occurred.
In addition, hibernation and the use of new USB devices will be impaired until a restart is issued.

Drive Encryption Status

System restarts as initiated. You don't yet see the PBA page as the Drive Encryption software is not
yet active on the client. However, you should now be able to see the new option:

  • Quick Settings

...

  • |Show Drive Encryption Status

...

  • in McAfee Agent System Tray on the client system (DE:

...

  • Windows)
DEAgent synchronization with the McAfee ePO server

The status in the
Show Drive Encryption Status
window is
Inactive
until DEAgent synchronizes with the McAfee
ePO server and gets all the users assigned to it. This is referred to as an ASCI event.
It can be manually triggered on the client by opening the
McAfee Agent Status Monitor
, then clicking
Collect
and Send Props
. It can also be triggered from the McAfee ePO server by an agent wake-up call,
otherwise, you need to wait for the scheduled agent-server communication interval to occur (the
default is 60 minutes). After two agent-server communication intervals, Drive Encryption activation
Deployment and activation
Drive Encryption activation sequence
4
McAfee Drive Encryption 7.1.0 Software Best Practices Guide
37