Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Overview

The McAfee agent can be found at \\titan\software$\FSP\Disk Encryption\McAfee_Agent_SSVMEPOTEST.exe or in LANDesk as a public distribution package (Tufts->McAfee Drive Encryption>McAfee Agent 4.8 (EPOTEST).

Encryption Process

  1. Once the McAfee agent is installed, the McAfee agent will automatically download and install the Drive Encryption application and the user will be prompted to reboot.
  2. MDE (McAfee Drive Encryption) will then run some compatibility checks including looking for incompatible products (bitlocker or other encryption products), hard drive SMART status, and connection to the McAfee server.
  3. If all the checks pass, MDE will start the process of encrypting the hard drive. It may take up to 20 minutes before the encryption process starts. You can check the status of the encryption by clicking on the McAfee icon in the system tray and selecting Quick Settings->Show Drive Encryption Status. The steps are listed below and are listed in the Show Drive Encryption Status window below the Volume Status.
    1. Creating Event to request data for local domain users (~5 min)
    2. Creating Event to request data for assigned users (~5 min)
    3. Detecting incompatible products
    4. Creating preboot file system (pbfs)
    5. Sent recovery key to Key Server
    6. Committing activation
    7. Updating Drive Encryption Users
    8. Policy Enforcement is complete
  4. Once the encryption has started, preboot authentication (the McAfee login screen) is enabled.

Technical Overview from McAfee

The below information is taken from the Drive Encryption activation sequence section of the MDE 7.1 Best Practices Guide

Drive Encryption activation sequence

When the DEAgent and Drive Encryption packages are successfully deployed, the user is prompted to restart the system. The restart is essential for activation of Drive Encryption on the client to proceed. The restart can be
canceled, however, Drive Encryption will not become active on the client until the restart has occurred. In addition, hibernation and the use of new USB devices will be impaired until a restart is issued.

Drive Encryption Status

System restarts as initiated. You don't yet see the PBA page as the Drive Encryption software is not yet active on the client. However, you should now be able to see the new option:

  • Quick Settings|Show Drive Encryption Status in McAfee Agent System Tray on the client system (DE:Windows)
DEAgent synchronization with the McAfee ePO server

The status in the Show Drive Encryption Status window is Inactive until DEAgent synchronizes with the McAfee ePO server and gets all the users assigned to it. This is referred to as an ASCI event. It can be manually triggered on the client by opening the McAfee Agent Status Monitor, then clicking Collect and Send Props. It can also be triggered from the McAfee ePO server by an agent wake-up call, otherwise, you need to wait for the scheduled agent-server communication interval to occur (the default is 60 minutes). After two agent-server communication intervals, Drive Encryption activation begins. The activation process requires a number of McAfee ePO events to be sent, and this can take some minutes to occur. Once the client-server communication has completed, the Drive Encryption Status switches to Active and encryption starts based on the policy defined.

When Drive Encryption activation is complete, it should be restarted once before hibernation takes
place. For this reason, we recommend that hibernation be disabled from the Control Panel on Window
clients.

  • No labels

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.