How To Remove Encryption With The Option Force Crypt Sector

Posted Leave a commentPosted in MDE

This option is mostly used when the Crypt List Count is set to 0 or other methods for recovery have failed. Force Crypt Sector should be the last option to be used to remove McAfee Drive Encryption.  This option if it fails or is interrupted, the disk will be partially encrypted and almost impossible to recover. Before attempting to ran this option, it is recommended to make sector-by-sector backup of the disk. Some tools to do this type of backup are Acronis or Ghost. The reason to have a sector by sector backup,  you’ll have the opportunity to try “Froce Crypt […]

How To Remove Encryption With The Option Remove DE

Posted Leave a commentPosted in MDE

On this guide, we are going to remove encryption from a disk that was encrypted with McAfee Drive Encryption. This option will only work if the Crypt List Region Count is 1, to check the Crypt List Region Count please see the guide on “How To Get Disk Information“. The Crypt List, contains the information of where the encryption starts and ends for each partition. If the Crypt List Region Count is 0, this procedure to remove encryption will fail. After we confirm that the Crypt List Region Count is set to 1, boot the systems using the EETech/DETech tool. […]

Verify Disk Information & XML File

Posted Leave a commentPosted in MDE

Before decrypting a disk, per best practices is to check the state of the disk and verify that we have the correct recovery key. To achieve this, we need to get the Disk Information first. If you need help getting this information please click here. On the following image we can see under “Disk Partitions, Partition 0, the Start Sector is 2048 and the Sector count is 83881984. This is the information we  are going to use, to get the last sector and to verify if the first and last sector is encrypted.

How To Restore MBR With The EETech/DETech Tool

Posted Leave a commentPosted in MDE

When a drive is encrypted with Drive Encryption (MDE), MDE replaces the Windows MBR with PreBoot File System (PBFS). If PBFS is change by third party software or is corrupted, EETech/DETech has the option to restore the drive encryption MBR or the original Windows MBR. On this guide, I will be showing you how to restore the  Drive Encryption MBR, the same steps are done for restoring the Windows MBR. To be able to do this procedure you must first authorize and authenticate with EETech/DETech, check the following guides: Authenticate Authorize Note: To restore the Windows MBR the disk needs […]

Create A DLP Policy To Block A Word From Been Copied

Posted Leave a commentPosted in DLP

Today I will be showing you how to create a DLP policy to block a word from been copied to a txt document, warn the user with a pop-up message and report the incident to ePO. This rule can be useful to block from copping critical text onto another document. For this policy to work we are going to do the following: Create a classification for the word we want to block. Create a rule-set and assign the classification to DLP Policy Manager Test the rule/policy on a system Create a Classification First we are going to create a classification […]

How To Do An Emergency Boot With EETech/DETech

Posted 1 CommentPosted in MDE

The first recovery option to try, is to do an emergency boot on an encrypted systems that is having problems booting up. To be able to do an emergency boot, the Crypt List information should bee present. This option will bypass preboot (PBFS) and go straight into to the OS. Once the OS loads, Drive Encryption will go into recovery mode and fix any issue related to preboot. To check if the crypt list information is available, to authorize and authenticate check the following guides: Disk Information Authenticate Authorize Start your computer with the bootable EETech/DETech USB or CD, after authenticated […]

How To Get Disk Information Using EETech/DETech

Posted 9 CommentsPosted in MDE

To be able to decrypt a disk, is important to check the status of the disk drive. To be able to check if the disk is encrypted or not, or if you have the correct key, is important to get the disk information first. To get disk information you must boot the system to CD or USB using the EETech/DETech tool. The EETech/DETech tool can be download from McAfee Website , and by following the “Drive Encryption 7.1 DETech User Guide” on page 54. I also have couple of the ISO’s on my google drive, that can be downloaded here. […]

How To Open ma.db To View Repositories List Used By MA 5.x

Posted Leave a commentPosted in MA

On previews version of McAfee Agent 4.x, sitelist.xml and serversitelist.xml provided a list of repositories available to the client system. However, on McAfee Agent version 5.x this has change. The sitelist.xml is only used the first time McAfee Agent is installed. After the first connection to ePO, MA will get the new sitelist and store it on a file name “ma.db”. This file can only be view with a MER tool, that is only available to support or using DB Browser for SQLite. The following tutorial, will show you how to open the ma.db file, using DB Browser for SQLite. […]

How to Install & Troubleshoot MA on a MAC

Posted Leave a commentPosted in MA

Installing McAfee Agent on a MAC can be a bit challenging,  if the agent deployment is failing to install via ePO, the next option is to install it manually.  This option helps eliminate the issue with permission, and will help troubleshoot the if there is an installation issue. On this guide will show you how to do the following: How to Install MA on MAC How to verify MA services are running How to check MA logs for communication issues How to install McAfee Agent on a MAC (Steps taking from PD26439 page 36) From ePO download the “agentpackage”.zip for […]

McAfee Agent Deployment Failed via Agent Deployment

Posted Leave a commentPosted in MA

KB56386 shows the permission that need to be enable on the client side, to be able to deploy McAfee Agent successfully. However, the KB don’t show you exactly how to check this permission. On the next guide I will show you how to check each permission setting. Windows Firewall sometime may cause MA deployment to fail. Make sure Windows Firewall is disable, or proper communication ports are open for agent to server communication. For the default ports needed, check KB66797. Verify Network Protocols and ports required for machine resolution. For this option we need to make sure we can resolve […]