mcafee eetech

McAfee EETechUser Guide

COPYRIGHT

Copyright © 2010 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any formor by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCEEXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red inconnection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole propertyof their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICHTYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTSTHAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOUDO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURNTHE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

McAfee EETech User Guide2

ContentsIntroducing McAfee EETech. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Using this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

EETech (WinPE V1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Creating EETech WinPE V1 Recovery CD/DVD using BartPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Booting from EETech WinPE V1 Recovery CD/DVD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Authorizing with daily authorization code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Authenticating with token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Exporting the recovery information file from ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Authenticating with recovery file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Performing self recovery with token authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Removing encryption and boot sector with token authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Removing encryption and boot sector with file authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Viewing the workspace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Encrypting or Decrypting sectors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Restoring the MBR (Master Boot Record). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

EETech (Standalone). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Creating EETech (Standalone) boot disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Booting from the EETech (Standalone) boot disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Authorizing with daily authorization code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Authenticating with token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Exporting the recovery information file from ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Authenticating with recovery file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Performing self recovery with token authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Performing emergency boot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Removing encryption and boot sector with token authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Removing encryption and boot sector with file authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Viewing the workspace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Encrypting or Decrypting sectors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Restoring the MBR (Master Boot Record). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3McAfee EETech User Guide

Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30


Contents

Introducing McAfee EETechWith data breaches on the rise, it is important to protect information assets and comply withprivacy regulations. McAfee Endpoint Encryption for PC delivers powerful encryption that protectsdata from unauthorized access, loss, and exposure. EETech (WinPE Version 1) and EETech(Standalone) are McAfee’s disaster recovery systems used in conjunction with Endpoint Encryptionfor PC (EEPC).

EETech (Standalone) is a disaster recovery tool that allows the administrator to perform normalrecovery functions. EETech (WinPE V1) performs the same functions under a Windows-likeenvironment and includes greater features such as booting from BartPE and easier access toUSB drives.

Audience

Using this guide

AudienceThis guide is mainly intended for qualified system administrators and security managers.Knowledge of basic networking and routing concepts, and a general understanding of the aimsof centrally managed security is required.

Using this guideThis guide helps corporate security administrators to understand the disaster recovery tools,EETech (Standalone) and EETech (WinPE). This document includes procedures to recover datafrom systems that are unrecoverable.


EETech (WinPE V1)EETech (WinPE V1) is a disaster recovery tool that allows the administrator to perform recoveryfunctions. EETech (WinPE V1) performs these functions under a Windows-like environment andincludes greater features such as booting from BartPE and easier access to USB drives.

CAUTION: It is entirely the responsibility of the qualified system administrators and securitymanagers to take appropriate precautions while using EETech (WinPE V1) recovery tool. Theuser needs to handle the EETech Recovery tool with maximum care, otherwise, it may causethe system to become corrupt and that might result in the loss of data.

Contents

Creating EETech WinPE V1 Recovery CD/DVD using BartPE

Booting from EETech WinPE V1 Recovery CD/DVD

Authorizing with daily authorization code

Authenticating with token

Exporting the recovery information file from ePO

Authenticating with recovery file

Performing self recovery with token authentication

Removing encryption and boot sector with token authentication

Removing encryption and boot sector with file authentication

Viewing the workspace

Encrypting or Decrypting sectors

Restoring the MBR (Master Boot Record)

Creating EETechWinPE V1Recovery CD/DVDusingBartPE

Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable WindowsCD/DVD from the original Windows XP Operating System.

Before you create the BartPE CD/DVD, you need to have the Windows XP \i386 folder. The i386folder holds the files used to install, repair, modify, update, and rebuild Windows. This can befound on the root directory of a Windows XP Pro/Home installation CD.

Task

1 Download the latest BartPe install file.

NOTE: Refer to http://www.nu2.nu/pebuilder/ website for the required information anddownload links.


2 Install BartPe to the default install locations of your local system.

3 Open Microsoft Windows Explorer and navigate to the \pebuilderxxxxx\plugin folder.

NOTE: xxxxx denotes the version number of BartPE.

4 Extract EETech.zip to the desired location. Copy WinPE folder from EETech folder tothe \pebuilderxxxxx\plugin folder.

5 Create a subfolder EEPC inside the \pebuilderxxxxx folder. This acts as a source folderfor the Endpoint Encryption recovery files.

6 Copy the i386 folder to the root drive C:\

7 Launch BartPe. The BartPE CD/DVD Builder page appears.

Figure 1: The BartPE CD/DVD Builder window

8 Type or browse to the path for the Windows installation files in the Source field.

9 Type or browse to the path to include other files and folders from this directory in theCustom field.

10 Type a directory name in the Output field to store the files that PE Builder copies. Ensurethat the location you type is relative to your \pebuilder directory.

NOTE: If you need to specify an absolute path, you must change the Output path absolutein the Builder | Options dialog.

11 Use the Media output pane to specify whether you want to create a CD/DVD or an ISOimage.

NOTE: You can click the Plugins button to add, edit, enable/disable, configure or removeplugins from the list.

EETech (WinPE V1)Creating EETech WinPE V1 Recovery CD/DVD using BartPE


12 Click Build to start writing the CD/DVD or build the ISO image.

Booting from EETech WinPE V1 Recovery CD/DVDEETech (WinPE) is accessed through the BartPE plug-in boot CD/DVD. When the user bootsthe unrecoverable system with the BartPE Windows CD/DVD, the first page that appears is theEndpoint Encryption interface. This is followed by a dialogue that prompts the user to startnetwork services. You can start the network services if you have added the drivers for yourEthernet card to the CD/DVD build, otherwise click No.

Task

1 Boot the unrecoverable system with the EETech WinPE V1 Recovery CD/DVD. TheEndpoint Encryption interface appears.

2 Click Go | Programs | McAfee EETech. The McAfee EETech page appears.

Figure 2: McAfee EETech (WinPE) interface

Authorizing with daily authorization codeUse this task to authorize the recovery tasks using the daily authorization code.

Before you begin

Ensure that the system’s main power supply is plugged in for this task. Do not attempt toperform this task on battery only. Before proceeding with this task, you must have the following:

• The EETech WinPE V1 Recovery CD/DVD boot disk.

EETech (WinPE V1)Booting from EETech WinPE V1 Recovery CD/DVD


• The daily Authorization/Access code.

NOTE: Users with a valid support contract with McAfee can obtain the daily Authorizationcode from McAfee Support.

Task

1 Boot the system with the EETechWinPE V1 Recovery CD/DVD. This loads the EndpointEncryption interface.


3 Click Authorize under Authorization. The Authorize dialogue appears.

4 Type the daily Authorization/Access Code and click OK. On typing the correctauthorization code for the day, the Authorization status changes to Authorized.

Authenticating with tokenUse this task to authenticate the recovery tasks using the Endpoint Encryption credentials forthe system.

Before you begin

Before proceeding with this task, ensure that you have the EETech WinPE V1 Recovery CD/DVDboot disk

Task

1 Ensure that the system’s main power supply is plugged in for this task. Do not attempt toperform this task on battery only.



EETech (WinPE V1)Authenticating with token


4 Click Token under Authentication. The Endpoint Encryption Logon page appearsand prompts for the Endpoint Encryption credentials for the system.

Figure 3: Authenticate with token

5 Type the Username and Password for the client system and click Logon. On providingthe correct credential, the Authentication status changes to Authenticatedwith Token.

Exporting the recovery information file from ePOUse this task to export the recovery information file (.xml) for the desired system from ePO.Every system that is encrypted through ePO has a recovery information file in ePO. Any usertrying to authenticate the recovery procedures on the client systems should get the file fromthe ePO administrator for EEPC.

Before you begin

You must have appropriate permissions to perform this task.

Task

1 Insert your choice of removable media, such as floppy disk or USB drive, to the systemwhere ePO server is present.

2 Click Menu | Systems | System Tree in ePO server. The Systems page appears. Selectthe desired group under System Tree pane on the left.

3 Select the desired System, then click Actions | Endpoint Encryption | Export RecoveryInformation. The Export Recovery Information confirmation page appears.

4 Click Yes to export the recovery information file. The Export Recovery Informationpage appears with the Export information (.xml) file.

EETech (WinPE V1)Exporting the recovery information file from ePO


5 Right-click the .xml file and save it to the inserted removable media, such as floppy diskor USB drive.

NOTE: The Recovery Information File has a general format of client systemname.xml.

Authenticating with recovery fileUse this task to authenticate the recovery procedures using the Recovery Information File(.xml). The administrator needs to export the Recovery Information File for the desiredsystem from ePO server.

Before you begin

Before proceeding with this task, you must have the following:


• The floppy drive or USB containing the Recovery Information File (.xml).



Task




EETech (WinPE V1)Authenticating with recovery file


4 Click File under Authentication, then browse and select the Recovery InformationFile (.xml) from the floppy disk or USB drive, then click OK. On selecting the right file, theAuthentication status changes to Authenticated with File.

NOTE: After the authorization and authentication, the McAfee EETech interface appearsas shown in this figure.

Figure 4: McAfee EETech (WinPE) interface after authorization and authentication

Performing self recovery with token authenticationUse this option in the client computer, if the user's password or the logon token have been lost,to recover the user.

Before you begin

The user must have successfully enrolled for self recovery on the client system to perform thistask. This task should be performed by the client user on the client computer. Before proceedingwith this task, you must have the following:


Task




4 Click Token under Authentication. The Endpoint Encryption Logon page appearsand prompts for the Endpoint Encryption credentials for the user.

EETech (WinPE V1)Performing self recovery with token authentication


5 Click Options | Recovery. The Recovery dialog box appears with option Self-Recoveryselected by default.

Figure 5: Self Recovery with token authentication

6 Type the Username and click OK. The Recovery dialog box appears with the questionsthat the user answered while enrolling for the self recovery.

7 Type the answers for the prompted questions and click Finish. The Change Passworddialog box appears.

8 Type and confirm the New Password and click OK. The Logon page appears and promptsfor the Endpoint Encryption credentials for the user. The user can now type the newlyset password and log in to the system.

Removing encryption and boot sector with tokenauthentication

Use this task in the following situations when:

• Windows becomes corrupt.

• You cannot access the data of an encrypted system.

• Encryption or decryption fails.

Before you begin



EETech (WinPE V1)Removing encryption and boot sector with token authentication




Task




4 Authorize with daily Authorization code and confirm the authorization status.

5 Authenticate with Token and confirm the authentication status.

6 Click Remove EE under Actions. The Remove EE page appears.

Figure 6: Remove Encryption

7 Click Remove to begin the removal. This removes encryption and boot sector from theclient system, however, this does not remove Endpoint Encryption client files. It might takea few hours depending on the system performance and the storage capacity of the driveor partition.

EETech (WinPE V1)Removing encryption and boot sector with token authentication


Removing encryption and boot sector with fileauthentication

If Endpoint Encryption does not work and the previous Encryption and Boot Sector Removalwith token authentication cannot be used, then follow this task.

CAUTION: This procedure should only be attempted under the guidance of McAfee Support.For this method, the recovery information file (.xml) should be exported from ePO.

Before you begin






Task

1 Insert the removable media that has the Recovery Information File (.xml) exportedfrom ePO server.




5 Authenticate with Recovery Information File (.xml) and confirm the authenticationstatus.



NOTE: Remove the client system from ePO server after removing Endpoint Encryption fromthe client system.

Viewing the workspaceThe workspace contains the bytes loaded from the sectors on the disk or from a file. This optionopens the Workspace window which allows the users to read sector ranges from the disk andto view the contents.

By default, there is nothing loaded into the workspace. The workspace is not a view of the disk,rather it is only a view of what the user loads into it. The user can choose to load the contents

EETech (WinPE V1)Removing encryption and boot sector with file authentication


of sectors or the contents of a file. Once the user loads any of these, it is displayed in theworkspace.

CAUTION: It is entirely the responsibility of the qualified system administrators and securitymanagers to take appropriate precautions before performing this task. The user needs to takemaximum care while performing this task, otherwise, it may cause the system to become corruptand that might result in the loss of data. Contact McAfee support for assistance on how to usethe EETech Workspace.

Before you begin





• Recovery Information File (.xml) or Authentication Token

Task




4 Authenticate with Token or Recovery Information File (.xml) and confirm theauthentication status.

5 Click Workspace under Actions. The Workspace page appears with following options:

• Load From File -It just loads the bytes from the file and displays them.

• Save To File - This option saves the current values of the bytes to the file.

• Load From Disk - This loads the bytes from the sectors on the disk.

• Save To Disk - This option saves the current values of the bytes to the disk.

• Zero Workspace - This option files the workspace with zeros.

• Encrypt Workspace - This option encrypts the entire contents of the workspace.

• Decrypt Workspace - This option decrypts the entire contents of the workspace.

• Set workspace Alg - Use this option to select and set the desired workspace algorithm.

6 Click First Sector to view the first sector of the workspace.

7 Click Previous Sector to view the previous sector of the current sector of the workspace.

8 Click Next Sector to view the next sector of the current sector of the workspace.

9 Click Last Sector to view the last sector of the workspace.

Encrypting or Decrypting sectorsThis option allows you to safely manipulate which sectors are encrypted on the disk. This optionfollows the crypt list to validate the ranges you submit, so that it does not encrypt sectors which

EETech (WinPE V1)Encrypting or Decrypting sectors


are currently encrypted, and does not decrypt sectors which are currently not encrypted. Thisoption supports power fail protection.

Crypt Sector option cannot be used if Endpoint Encryption has become corrupt on the disk,or the crypt state has been corrupted, however, the Force Crypt Sectors option can be usedin such cases.

While changing the encryption state with this option, it effects with appropriate modificationsto the disk Crypt List. For example, while you encrypt a new range, it creates a new Regiondefinition. While you decrypt within an existing Region, the existing region is split into two, ifyou completely decrypt a region, it removes the Region from the crypt list.

CAUTION: It is entirely the responsibility of the qualified system administrators and securitymanagers to take appropriate precautions before performing this task. The user needs to takemaximum care while performing this task, otherwise, it may cause the system to become corruptand that might result in the loss of data.

Before you begin






Task





5 Click Set Boot Disk and select the relevant boot disk from the Set Boot Disk page.

6 Click Set Algorithm and select the desired algorithm from the Select Algorithm page.

7 Click Crypt Sectors and select the disk from the Select Disk list, then type the StartSector and the Number of Sectors.

8 Click Encrypt/Decrypt to encrypt/decrypt a range of sectors.

Restoring the MBR (Master Boot Record)The MBR is the first sector of the boot disk. It is that part of the hard drive which tells theoperating system what to boot and from where to boot. The MBR loads the boot sector whichin turn will load the operating system. The MBR of a EEPC installed system is stored in ePOduring the EEPC deployment and can therefore be exported as part of the RecoveryInformation file (.xml).

NOTE: If you have performed a manual (forced) decrypt, then you must follow this procedureto restore the original MBR.

EETech (WinPE V1)Restoring the MBR (Master Boot Record)


Before you begin



• The floppy drive or USB containing the recovery information file (.xml) and this must beplugged in before booting from The BartPE Boot CD/DVD boot CD/DVD.

Task





5 Click Restore MBR under Disk Operations. The confirmation page appears.

6 Click Yes to confirm that you want to overwrite the Master Boot Record.

NOTE: While you authenticate through file or token and use this option, it replaces thecode portion of the MBR with the one that was present prior to installing EndpointEncryption.

CAUTION: Restoring MBR should be performed on a system where the boot disk is notencrypted, else an error message Missing Operating System is displayed.

EETech (WinPE V1)Restoring the MBR (Master Boot Record)


EETech (Standalone)This chapter explains some of the common tasks that can be undertaken using McAfee’s disasterrecovery tool, the standalone version of the EETech. Ensure that you exercise caution for allEETech procedures.

Contents

Creating EETech (Standalone) boot disk

Booting from the EETech (Standalone) boot disk

Authorizing with daily authorization code

Authenticating with token

Exporting the recovery information file from ePO

Authenticating with recovery file

Performing self recovery with token authentication

Performing emergency boot

Removing encryption and boot sector with token authentication

Removing encryption and boot sector with file authentication

Viewing the workspace

Encrypting or Decrypting sectors

Restoring the MBR (Master Boot Record)

Creating EETech (Standalone) boot diskMcAfee EETech (Standalone) enhances the user experience with a simplified process of creatingthe EETech boot disk. You can create the boot disk just by running a simple command fromthe command prompt.

Before you begin


• A: drive in your computer

• A floppy disk

Task

1 Extract EETech.zip and place the Standalone folder in the desired location.

2 Insert the floppy disk.

3 Point to the Standalone folder from the command prompt.


4 Run the command Bootdisk.exe EETech.RTB a: from the command prompt. This createsthe bootable floppy.

5 Create a boot disk CD/DVD using this bootable floppy.

Booting from the EETech (Standalone) boot diskEETech (Standalone) is accessed through the EETech Standalone boot CD/DVD. When the userboots the unrecoverable system with the EETech Standalone boot disk, the first page thatappears is the McAfee EETech interface.

Task

1 Boot the unrecoverable system with the EETech (Standalone) boot CD/DVD. TheMcAfee EETech interface appears.

Figure 7: McAfee EETech (Standalone) interface

Authorizing with daily authorization codeUse this task to authorize the recovery tasks using the daily authorization code.

Before you begin


• The EETech (Standalone) boot disk.



EETech (Standalone)Booting from the EETech (Standalone) boot disk


Task


2 Restart the unrecoverable system using the EETech (Standalone) boot disk. This loads theMcAfee EETech interface.

3 Click Authorize under Authorization. The Authorize dialogue appears.

4 Type the daily Authorization/Access Code and click OK. On typing the correctauthorization code for the day, the Authorization status changes to Authorized.

Authenticating with tokenUse this task to authenticate the recovery tasks using the Endpoint Encryption credentials forthe system.

Before you begin




Task



3 Click Token under Authentication. The Endpoint Encryption Logon page appearsand prompts for the Endpoint Encryption credentials for the system.

4 Type the Username and Password for the client system and click Logon. On typing thecorrect credential, the Authentication status changes to Authenticated with Token.

Exporting the recovery information file from ePOUse this task to export the recovery information file (.xml) for the desired system from ePO.Every system that is encrypted through ePO has a recovery information file in ePO. Any usertrying to authenticate the recovery procedures on the client systems should get the file fromthe ePO administrator for EEPC.

Before you begin

You must have appropriate permissions to perform this task.

Task

1 Insert your choice of removable media, such as floppy disk or USB drive, to the systemwhere ePO server is present.

2 Click Menu | Systems | System Tree in ePO server. The Systems page appears. Selectthe desired group under System Tree pane on the left.

EETech (Standalone)Authenticating with token


3 Select the desired System, then click Actions | Endpoint Encryption | Export RecoveryInformation. The Export Recovery Information confirmation page appears.

4 Click Yes to export the recovery information file. The Export Recovery Informationpage appears with the Export information (.xml) file.

5 Right-click the .xml file and save it to the inserted removable media, such as floppy diskor USB drive.

NOTE: The Recovery Information File has a general format of client systemname.xml.

Authenticating with recovery fileUse this task to authenticate the recovery tasks using the Recovery Information File (.xml).The administrator needs to export the Recovery Information File for the desired systemfrom ePO server.

Before you begin




Task



EETech (Standalone)Authenticating with recovery file


3 Click File under Authentication, then browse and select the Recovery InformationFile (.xml) from the floppy disk or USB drive, then click OK. On selecting the right file,the Authentication status changes to Authenticated with File.

NOTE: After the authorization and authentication, the McAfee EETech interface appearsas shown in this figure.

Figure 8: McAfee EETech (Standalone) interface after authorization and authentication

Performing self recovery with token authenticationUse this option in the client computer, if the user's password or the logon token have been lost,to recover the user.

Before you begin

The user must have successfully enrolled for self recovery on the client system to perform thistask. This task should be performed by the client user on the client computer. Before proceedingwith this task, you must have the following:


Task



3 Click Token under Authentication. The Endpoint Encryption Logon page appearsand prompts for the Endpoint Encryption credentials for the user.

4 Click Options | Recovery. The Recovery dialog box appears with Self-Recovery as adefault option.

5 Type the Username and click OK. The Recovery dialog box appears with the questionsthat the user answered while enrolling for the self recovery.

EETech (Standalone)Performing self recovery with token authentication


6 Type the answers for the prompted questions and click Finish. The Change Passworddialog box appears.

7 Type and confirm the New Password and click OK. The Logon page appears and promptsfor the Endpoint Encryption credentials for the user. The user can now type the newlyset password and log in to the system.

Performing emergency bootYou can perform the emergency boot when an EEPC installed system fails to boot or when theEndpoint Encryption logon page is corrupt.

Before you begin






Task



3 Click Enable USB under Actions. The McAfee EETech dialogue appears with the USBenabled message.

4 Click OK to close the dialogue.

5 Click File under Authentication, then browse and select the Recovery InformationFile (.xml) from the floppy disk or USB drive, then click OK. On selecting the right file,the Authentication status changes to Authenticated with File.

6 Click Emergency Boot under Actions. The EETech will now emergency boot intothe operating system message appears.

7 Click OK to confirm the emergency boot.

NOTE: This may modify the MBR. When the system boots into Windows, if there is anetwork connection to the ePO server, then the system synchronizes with ePO and fullyrepairs itself. You can confirm this by right-clicking McAfee Agent Tray, then clickingQuick Settings | Endpoint Encryption status.

NOTE: If the McAfee Agent is unable to establish connection with the ePO Server, continueto use the EETech Emergency Boot option to boot the system until a connection to theserver is made.

EETech (Standalone)Performing emergency boot


Removing encryption and boot sector with tokenauthentication

Use this task in the following situations when:

• Windows becomes corrupt.

• You cannot access the data of an encrypted system.

• Encryption or decryption fails.

Before you begin





Task




4 Authenticate with Token and confirm the authentication status.


Figure 9: Remove Encryption

EETech (Standalone)Removing encryption and boot sector with token authentication



Removing encryption and boot sector with fileauthentication

If Endpoint Encryption does not work and the previous Encryption and Boot Sector Removalwith token authentication cannot be used, then follow this task.

CAUTION: This procedure should only be attempted under the guidance of McAfee Support.For this method, the system's recovery information file should be exported from the ePO server.

Before you begin



• The floppy drive or USB containing the Recovery Information File (.xml)



Task



3 Authenticate with Recovery Information File (.xml) and confirm the authenticationstatus.



Viewing the workspaceThe workspace contains the bytes loaded from the sectors on the disk or from a file. This optionopens the Workspace window which allows the users to read sector ranges from the disk andto view the contents.

By default, there is nothing loaded into the workspace. The workspace is not a view of the disk,rather it is only a view of what the user loads into it. The user can choose to load the contents

EETech (Standalone)Removing encryption and boot sector with file authentication


of sectors or the contents of a file. Once the user loads any of these, it is displayed in theworkspace.

CAUTION: It is entirely the responsibility of the qualified system administrators and securitymanagers to take appropriate precautions before performing this task. The user needs to takemaximum care while performing this task, otherwise, it may cause the system to become corruptand that might result in the loss of data. Contact McAfee support for assistance on how to usethe EETech workspace.

Before you begin






Task

1 Boot the system with the EETech (Standalone) boot disk. This loads the McAfeeEETech interface.



4 Click Workspace under Actions. The Workspace page appears with following options:

• Load From File - It loads a previously saved workspace that was not encrypted andreplaces the encrypted workspace. It just loads the bytes and displays them.

• Save To File - This option saves the current values of the bytes to the file.

• Load From Disk - This loads the bytes from the sectors on the disk.

• Save To Disk - This option saves the current values of the bytes to the disk.

• Zero Workspace - This option files the workspace with zeros.

• Encrypt Workspace - This option encrypts the entire contents of the workspace.

• Decrypt Workspace - This option decrypts the entire contents of the workspace.

• Set workspace Alg - Use this option to select and set the desired workspace algorithm

5 Click First Sector to view the first sector from the disk.

6 Click Previous Sector to view the previous sector of the current sector from the disk.

7 Click Next Sector to view the next sector of the current sector from the disk.

8 Click Last Sector to view the last sector from the disk.

Encrypting or Decrypting sectorsThis option allows you to safely manipulate which sectors are encrypted on the disk. This optionfollows the crypt list to validate the ranges you submit, so it does not encrypt sectors whichare currently encrypted, and will not decrypt sectors which are currently not encrypted. Thisoption supports power fail protection.

EETech (Standalone)Encrypting or Decrypting sectors


Crypt Sector option cannot be used if Endpoint Encryption has become corrupt on the disk,or the crypt state has been corrupted, however, the Force Crypt Sectors option can be usedin such cases.

While changing the encryption state with this option, it effects with appropriate modificationsto the disk Crypt List. For example, while you encrypt a new range, it creates a new Regiondefinition. While you decrypt within an existing Region, the existing region is split into two, ifyou completely decrypt a region, it removes the Region from the crypt list.

CAUTION: It is entirely the responsibility of the qualified system administrators and securitymanagers to take appropriate precautions before performing this task. The user needs to takemaximum care while performing this task, otherwise, it may cause the system to become corruptand that might result in the loss of data.

Before you begin






Task




4 Select the disk from the Select Disk list, then type the Start Sector and the Numberof Sectors.

5 Click Set Boot Disk and select the relevant boot disk from the Set Boot Disk page.

6 Click Set Algorithm and select the desired algorithm from the Select Algorithm page.

7 Click Crypt Sectors and select the disk from the Select Disk list, then type the StartSector and the Number of Sectors.

8 Click Encrypt/Decrypt to encrypt/decrypt a range of sectors.

Restoring the MBR (Master Boot Record)The MBR is the first sector of the boot disk. It is that part of the hard drive which tells theoperating system what to boot and from where to boot. The MBR loads the boot sector whichin turn will load the operating system. The MBR of a EEPC installed system is stored in ePOduring the EEPC deployment and can therefore be exported as part of the RecoveryInformation file (.xml).

Before you begin


EETech (Standalone)Restoring the MBR (Master Boot Record)



• The floppy drive or USB containing the recovery information file (.xml) and this must beplugged in before booting from the EETech (Standalone) boot disk.

Task




4 Click Restore MBR under Disk Operations. The confirmation page appears.

5 Click Yes to confirm that you want to overwrite the Master Boot Record.

NOTE: While you authenticate through file or token and use this option, it replaces thecode portion of the MBR with the one that was present prior to installing EndpointEncryption.

CAUTION: Restoring MBR should be performed on a system where the boot disk is notencrypted, else an error message Missing Operating System is displayed.

EETech (Standalone)Restoring the MBR (Master Boot Record)


GlossaryThere are a number of options that are common to both EETech (WinPE V1) and EETech(Standalone). These options have the similar functionalities in both recovery methods. Optionsor topics common to EETech (WinPE V1) and EETech (Standalone) are listed in the table below.

DescriptionTopic

Disk Information • Disk Power Fail Status - Endpoint Encryption forPC tracks the progress of encryption on the drive toensure that if power is lost during encryption, theprocess is recoverable.

• Status - Determines whether the drive is currently inpowerfail state. A status of Inactive indicates thatthe current encryption process has finished.

• Disk Crypt List

• Crypt List Region Count - The number ofdefined crypted areas of this logical disk. Thisusually corresponds to the number of partitionson the drive.

• Region - Each region is defined as follows:

• Start Sector - The physical start sectorof the region

• End Sector - The last physical sectorincluded in the region

• Sector Count - The number of sectorsincluded in this region

• Disk Partitions - A section per Logical partition onthis physical drive as follows:

• Partition Count - The unique partition number.

• Partition Type - The file system detected on thispartition.

• Partition Bootable - Whether the partition isbootable or not.

• Partition Recognized - Whether the partition isrecognized as viable.

• Partition Drive Letter - The detected drive letterof this partition.

• Partition Start Sector - The physical start sectorof the partition.

• Partition End Sector - The physical end sectorof the partition.

• Partition Sector Count - The number of sectorsin the partition.

• Partition Bus Type - Bus type used in particularpartition.


DescriptionTopic

The Repair Disk Information option fixes problemswith any disk that is set as the boot disk. For this to work

Repair Disk Information

the crypt list portion must still be valid and the powerfail state must be inactive.

The disk information is stored in a chain of sectors. Ifthe chain of sectors breaks, then it not possible forEndpoint Encryption to figure out what parts of the diskare encrypted and hence the user gets errors. The RepairDisk Information option attempts to repair the brokenchain sectors.

CAUTION: This option is not supported with the currentMcAfee EETech version.

Before using this option call McAfee Technical supportfor assistance.

Force Crypt Sectors

Unlike the Crypt Sectors | Encrypt/Decrypt option,the Force Crypt Sectors option does not consider thedisk crypt state. It simply performs the operation blindlyaccording to user input. Force Crypt does not supportpower fail, nor does it apply any logic or parametervalidation on the input.

You should use the Force Crypt Sectors option onlywhen everything else fails. For example, when theon-disk structures are completely corrupted.

CAUTION: This option will cause irretrievable data lossif used incorrectly. If you are forced to use this option,you should make a recording of each operation you applyto support in data recovery.

CAUTION: Ensure that there is no possibility of losingpower while using this option as this option does notsupport power fail protection.

The disk crypt state contains information about whichrange of sectors are encrypted. This option allows youto change the ranges.

CAUTION: Call McAfee Technical support for assistancebefore using this option, because using this optioninappropriately will cause irretrievable data loss.

CAUTION: Ensure that there is no possibility of losingpower while using this option as this option does notsupport power fail protection.

Edit Disk Crypt State

This is an option present under Disk Operations onthe McAfee EETech page for setting the correct algorithmon a system.

Set Algorithm

This option displays a list of disks from which the usercan select a disk to use as the boot disk.

Set Boot Disk

Glossary


Index

AAuthenticate from file 15, 16, 17, 26, 27, 28Authenticate from token 13, 15, 16, 26, 27Authentication 9, 21Authentication Code 24Authorization 8, 20Authorization Code 8, 20

BBartPE CD/DVD 13BartPE CD\DVD 6BartPe install file 6

CCreate EETech Boot Disk 19Crypt Sectors 16, 27

DDecrypt 16, 26, 27Decrypt workspace 15

EEE credential 25EETech 5, 6, 24Emergency Boot 24Encrypt 16, 26, 27Encrypt workspace 15Endpoint Encryption for PC 5

Ffile authentication 26

File Authentication 15

IISO image 6

MMedia Output 6

Rrecovery

change password 12, 23self recovery 12, 23

Recovery 6, 19Recovery Information file 17, 26, 28Recovery Information File 15, 24Remove EE 13, 15, 25, 26Restore MBR 17, 28

SStandalone boot CD/DVD 20

Ttoken authentication 25Token Authentication 9, 21

WWinPE 6WinPE V1 Recovery CD/DVD 8Workspace 15, 26


mcafee eetech

Documents