Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Common issues in Full Disk Encryption (FDE) 3.0

    • Updated:
    • 2 Mar 2015
    • Product/Version:
    • Endpoint Encryption 3.0 Full Disk Encrypti
    • Platform:
    • Windows 7 32-bit
Summary

Resolve the known issues in FDE.

Details
Public
The issue happens because printers are using a parallel port to connect and FDE does not support parallel-attached printers due to risk of buffer overflow attacks.

The Recovery Console for FDE 3.0.7 shows the following error:

FDE Recovery Console has detected that an invalid key has been received from the PolicyServer. Please verify that the correct PolicyServer address has been specified. If this error still persists, please contact your system administrator.

This issue is due to the Recovery Console having problems with dual core processors. Version 3.0.7.1 of FDE will not allow the machine in black screen state. If a bad disk diagnostic occurs, it warns the user and stops the Recovery Console from continuing. At this point Administrators or Authenticators are instructed to use the FDE Utility CD.

As a workaround, the Administrator or Authenticator may enter the BIOS and change the processor to single instead of dual. This will allows the Recovery Console to function properly.

This issue occurs because the functionality to support make/model X has not yet been added to the FDE pre-boot.

To resolve the issue, upgrade to the current production build of FDE. If the issue still persists, contact Trend Micro Technical Support.

Once the user has authenticated to the device, initial encryption begins. A typical machine (Pentium 4, 60GB HD, 1GB RAM) encrypts in approximately two (2) hours. The user notices some system degradation during the initial encryption process. However, the degradation does not prevent the user from performing normal tasks.

When encryption is complete, the user notices no performance impact. The on-the-fly encryption/decryption process takes less than 100 milliseconds to complete. Therefore, the user does not notice any delay in decrypting or encrypting a file during normal use.

Currently, FDE encrypts the primary drive only. Slave or secondary drives are not encrypted. FDE encrypts all partitions of a drive and there is no limit to the number of partitions that can be created.

If unallocated space is allocated after the initial encryption is completed, FDE automatically encrypts the newly allocated space after the next reboot.

The following instructions will assist you in setting up FDE-equipped machine designated as a shared resource in a company.

  1. Ensure that the CanOnlyBeInOneGroup policy is set to "No" for all users.
  2. Create a Top Group and name it. e.g. Shared Resource.
  3. Set the following policy within the group: Login > DomainAuthentication = No.
  4. Create a user at the Enterprise level.
  5. Add the new user to the Shared Resource group and make it as a Group Administrator or Authenticator.
  6. Install FDE for Windows on the device that is to be shared as a group Administrator or Authenticator.
  7. Add all users intended to access this device to the "Shared Resource" group.
  8. Assign the users a group One-Time Password.

Users can now log in to the shared resource using the assigned One-Time Password. Users must log in to FDE at least once while connected to the network to use this shared resource. If a user does not, then that user will not be able to access the shared resource.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install; Migrate
Solution Id:
1059728
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.