How To Reorder Cipher Suites On SQL Server Before Upgrade ePO Server

Posted Leave a commentPosted in ePO, SQL

After running McAfee ePolicy Orchestrator Pre-Installation tool on ePO server 5.3.1, I got the following error message that needed to be address prior to upgrade to ePO 5.9.1: Name Description Status Result SQL Server system RSA compatibility Check whether SQL Server is compatible with RSA BSAFE upgrade to 6.2.1 which will allow to make connection with McAfee ePO with new RSA 2048-bit keys support. This check might take a little time. Failed Cipher suite order is not correct. Use Group Policy Editor to change it.See McAfee KB87731 for more information. The solution to this issue is reordering the cipher suites […]

How To Test Connectivity To The Database Using UDL file

Posted Leave a commentPosted in ePO, SQL

As an administrator of ePolicy Orchestrator from time to time I need check connectivity to Microsoft SQL server to validate that my ePO server can connect to the database. An easy way to test the connectivity is by creating a Microsoft Data Link file (udl). Today I am going to show you how to create a udl file and how to test the connection from ePO server to SQL server. [adsense float=’center’] To create a .udl file right click on your desktop, select “New”, then select “Text Document”. Rename the file from .txt to test.udl. Windows will prompt if you […]

How To Remove Encryption With The Option Force Crypt Sector

Posted Leave a commentPosted in MDE

This option is mostly used when the Crypt List Count is set to 0 or other methods for recovery have failed. Force Crypt Sector should be the last option to be used to remove McAfee Drive Encryption.  This option if it fails or is interrupted, the disk will be partially encrypted and almost impossible to recover. Before attempting to ran this option, it is recommended to make sector-by-sector backup of the disk. Some tools to do this type of backup are Acronis or Ghost. The reason to have a sector by sector backup,  you’ll have the opportunity to try “Froce Crypt […]

How To Remove Encryption With The Option Remove DE

Posted 1 CommentPosted in MDE

On this guide, we are going to remove encryption from a disk that was encrypted with McAfee Drive Encryption. This option will only work if the Crypt List Region Count is 1, to check the Crypt List Region Count please see the guide on “How To Get Disk Information“. The Crypt List, contains the information of where the encryption starts and ends for each partition. If the Crypt List Region Count is 0, this procedure to remove encryption will fail. After we confirm that the Crypt List Region Count is set to 1, boot the systems using the EETech/DETech tool. […]

Verify Disk Information & XML File

Posted 2 CommentsPosted in MDE

Before decrypting a disk, per best practices is to check the state of the disk and verify that we have the correct recovery key. To achieve this, we need to get the Disk Information first. If you need help getting this information please click here. On the following image we can see under “Disk Partitions, Partition 0, the Start Sector is 2048 and the Sector count is 83881984. This is the information we  are going to use, to get the last sector and to verify if the first and last sector is encrypted.

How To Restore MBR With The EETech/DETech Tool

Posted Leave a commentPosted in MDE

When a drive is encrypted with Drive Encryption (MDE), MDE replaces the Windows MBR with PreBoot File System (PBFS). If PBFS is change by third party software or is corrupted, EETech/DETech has the option to restore the drive encryption MBR or the original Windows MBR. On this guide, I will be showing you how to restore the  Drive Encryption MBR, the same steps are done for restoring the Windows MBR. To be able to do this procedure you must first authorize and authenticate with EETech/DETech, check the following guides: Authenticate Authorize Note: To restore the Windows MBR the disk needs […]

Create A DLP Policy To Block A Word From Been Copied

Posted Leave a commentPosted in DLP

Today I will be showing you how to create a DLP policy to block a word from been copied to a txt document, warn the user with a pop-up message and report the incident to ePO. This rule can be useful to block from copping critical text onto another document. For this policy to work we are going to do the following: Create a classification for the word we want to block. Create a rule-set and assign the classification to DLP Policy Manager Test the rule/policy on a system Create a Classification First we are going to create a classification […]

How To Do An Emergency Boot With EETech/DETech

Posted 1 CommentPosted in MDE

The first recovery option to try, is to do an emergency boot on an encrypted systems that is having problems booting up. To be able to do an emergency boot, the Crypt List information should bee present. This option will bypass preboot (PBFS) and go straight into to the OS. Once the OS loads, Drive Encryption will go into recovery mode and fix any issue related to preboot. To check if the crypt list information is available, to authorize and authenticate check the following guides: Disk Information Authenticate Authorize Start your computer with the bootable EETech/DETech USB or CD, after authenticated […]

How To Get Disk Information Using EETech/DETech

Posted 16 CommentsPosted in MDE

To be able to decrypt a disk, is important to check the status of the disk drive. To be able to check if the disk is encrypted or not, or if you have the correct key, is important to get the disk information first. To get disk information you must boot the system to CD or USB using the EETech/DETech tool. The EETech/DETech tool can be download from McAfee Website , and by following the “Drive Encryption 7.1 DETech User Guide” on page 54. I also have couple of the ISO’s on my google drive, that can be downloaded here. […]

How To Open ma.db To View Repositories List Used By MA 5.x

Posted Leave a commentPosted in MA

On previews version of McAfee Agent 4.x, sitelist.xml and serversitelist.xml provided a list of repositories available to the client system. However, on McAfee Agent version 5.x this has change. The sitelist.xml is only used the first time McAfee Agent is installed. After the first connection to ePO, MA will get the new sitelist and store it on a file name “ma.db”. This file can only be view with a MER tool, that is only available to support or using DB Browser for SQLite. The following tutorial, will show you how to open the ma.db file, using DB Browser for SQLite. […]