WinTech and SafeTech Administration Guide

McAfee® WinTech and SafeTech
Administration Guide

McAfee, Inc.
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, USA
Tel: (+1) 888.847.8766
For more information regarding local McAfee representatives please contact your local McAfee office,
or visit:
www.mcafee.com

Document: WinTech and SafeTech Administration Guide
Last updated: Friday, 12 December 2008
Endpoint Encryption for PC Product Version:

Copyright (c) 1992‐2008 McAfee, Inc., and/or its affiliates. All rights reserved.
McAfee and/or other noted McAfee related products contained herein are registered trademarks or
trademarks of McAfee, Inc., and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. Any other non‐McAfee related
products, registered and/or unregistered trademarks contained herein is only by reference and are the
sole property of their respective owners.

Preface
Contents
Preface ........................................................................................... 4
Using this guide ............................................................................................. 4
Audience ................................................................................................. 4
Conventions ............................................................................................ 4
Welcome .........................................................................................5
Related Documentation............................................................................. 5
Contacting Technical Support .................................................................... 5
Introduction ...................................................................................6
Prior Knowledge ............................................................................................. 6
WinTech .......................................................................................... 7
Creating a BartPE Boot CD\DVD ................................................................. 8
Create the BartPE CD/DVD ........................................................................ 8
Boot from the BartPE Windows CD/DVD ...................................................... 9
Reset INT 13 .......................................................................................... 10
Avoiding the Reset of INT13 for a BIOS upgrade ......................................... 11
Encryption and Boot Sector Removal Procedure 1 ....................................... 11
Mount Drive ........................................................................................... 14
Restoring the MBR (Master Boot Record).................................................... 16
Restoring the EEPC MBR .......................................................................... 16
SafeTech ....................................................................................... 18

Creating a SafeTech Boot Disk .................................................................. 18
Creating the Endpoint Encryption Transfer Database ................................... 18
Emergency Boot ..................................................................................... 18
Reset INT 13 .......................................................................................... 20
Avoiding the Reset of INT13 for a BIOS upgrade ......................................... 20
Glossary ........................................................................................ 25
|3
Preface
Preface
Using this guide

This guide is designed to aid corporate security administrators to understand the
disaster recovery tools, WinTech and SafeTech. Included in this document are
procedures on how to recover data from problem machines. If you are unsure about
any procedure, and are concerned about your data, then you must contact McAfee
support before undertaking any of the procedures in this document.
Audience
This guide was designed to be used by qualified system administrators and security
managers. Knowledge of basic networking and routing concepts, and a general
understanding of the aims of centrally managed security is required.
McAfee can only contribute to information security within your organization as part of
a coherent and well-implemented organizational security policy.
Conventions
This guide uses the following conventions:
Bold Condensed All words from the interface, including options, menus, buttons, and dialog
box names.
Courier The path of a folder or program; text that represents something the user
types exactly (for example, a command at the system prompt).
Italic Emphasis or introduction of a new term; names of product manuals.
Blue A web address (URL); a live link.
Note Supplemental information; for example, an alternate method of executing
the same command.
Caution Important advice to protect your computer system, enterprise, software
installation, or data.

4|
Welcome
Welcome
The team at McAfee is dedicated to providing you with the best in security for
protecting data on personal computers. Applying the latest technology, deployment
and management of users is enhanced using simple and structured administration
controls.
Endpoint Encryption for PC (EEPC) incorporates functionality not found in earlier

versions. This new edition of the software features a new dimension in IT security
incorporating many new enterprise level options, including automated upgrades, file
deployment, flexible grouping of users and centralized user management. In addition,
user’s credentials can be imported and synchronized with other deployment systems.
WinTech and SafeTech are McAfee’s disaster recovery systems used in conjunction
with Endpoint Encryption for PC (EEPC).
Through the continued investment in technology and the inclusions of industry

standards we are confident that our goal of keeping Endpoint Encryption at the
forefront of data security will be achieved.
Related Documentation
• Endpoint Encryption for PC Administration Guide
• Endpoint Encryption for PC Quick Start Guide
• Endpoint Encryption Manager Administration Guide
Contacting Technical Support

Please refer to www.mcafee.com for further information.
|5
Introduction
Introduction
This guide discusses how to use the McAfee Endpoint Encryption disaster recovery
tools, WinTech and SafeTech.
SafeTech is a disaster recovery tool that allows the administrator to perform everyday
recovery functions. WinTech performs the same functions under a Windows-like
environment and includes greater features such as drive mounting, booting from
BartPe and easier access to encrypted USB drives and memory sticks.
Included in this guide are instructions on how to recover data from problem machines.
If you are unsure about any procedure, and are concerned about your data, then you
must contact McAfee support before undertaking any of the instructions in this
document.
Extreme care must be taken when using WinTech and SafeTech. If they are used
without diligence this may result in the loss of data. McAfee cannot be held responsible
for loss of data.
Prior Knowledge
This guide was written for security administrators. It assumes the reader has some
knowledge of security concepts, data encryption, Endpoint Encryption for PC and the
Endpoint Encryption Manager. It is preferable that administrators (readers) attend
some form of McAfee training to understand the basic concepts before following the
procedures in this guide.
6|
WinTech
WinTech
This chapter explains some of the common tasks that can be undertaken using
McAfee’s Windows based disaster recovery tool, WinTech.
Please exercise caution for all WinTech procedures. McAfee is not responsible for the
loss of data. Please contact McAfee if you are unsure about attempting any of these
procedures.
WinTech contains the same functions as its sister application, SafeTech. WinTech,
however, contains the following features:
• Boot from a BartPE CD/DVD: This provides administrators with the ability
to utilize the same recovery environment for disaster recovery and repair.
• Mount Drive: The Mount Drive feature allows quick access to data on an
encrypted drive. This is only possible if the administrator has been properly
authorized using the correct key. There is no need to completely decrypt the
drive first to get at important files. Data is decrypted on-the-fly from the
encrypted disk and this allows full access to the contents.
• Easier access to encrypted USB drives and memory sticks: WinTech

provides access to USB drives and memory sticks that have been encrypted
using 5.x DE optional USB removable drive support.
• An encrypted USB flash memory stick or external USB drive is generally only
accessible from the machine it was encrypted from, however, WinTech allows
these encrypted drives to be mounted and viewed, or the contents removed,
without requiring access to the original working machine. However, for this to
work the machine key must still be available in the master Object Directory of
the Endpoint Encryption Manager.
You can access a machine using the WinTech plug-in providing you also have the
following:
• As with all McAfee data security products, at all times, a valid user
authentication or machine key is needed to access the data on the encrypted
hard drive or USB stick.
• The daily access code to allow access to the functions and use of WinTech.
This is usually obtained from McAfee Support by customers with a valid
support contract.
|7
WinTech
The Daily access code does NOT provide access to encrypted data. Although WinTech
is a convenient recovery tool, it is NOT a ‘back door’ to data. The daily access code
ONLY enables advanced WinTech menu functions.
Authentication is still required to access the encrypted data. The other way is to
provide the machine’s unique encryption key exported from the administration
database (this requires administration rights to export).
Creating a BartPE Boot CD\DVD

Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable
Windows CD-Rom or DVD from the original Windows XP.
Before you create the BartPE CD\DVD you will need the Windows XP \i386 folder. The
\i386 folder holds the files used to install, repair, modify, update and rebuild Windows.
This can be found on the root directory of a Windows XP Pro/Home installation CD.
You will also need the contents of the \Recovery\Making a Rescue CD\BartPE Plug-in
and the \SafeBoot\SBWinTech_AES-FIPS folders which can be found on the installation
CD. If you have downloaded Endpoint Encryption you can find these paths on the
computer where the Endpoint Encryption Manager resides.
Create the BartPE CD/DVD

1. Download the latest BartPe install file. See the http://www.nu2.nu/pebuilder/
website for information and download links.
2. Install BartPe using the default install locations.
3. Open Windows Explorer and navigate to the \pebuilderxxxxx\plugin folder.

Note: xxxxx = denotes the version number of BartPE.
4. Create a subfolder called safeboot. This folder will be the source for the
Endpoint Encryption recovery files.
5. Copy the files from the \Recovery\Making a Rescue CD\BartPe Plugin

folder to the \pebuilderxxxxx\plugin\EEPC folder.
6. Launch BartPe.
8|
WinTech
Figure 1 ‐ The BartPE CD/DVD Builder window
1. The Source box should contain the path to the Windows installation files, i.e.
the \i386 folder. See Creating a BartPE Boot CD\DVD for further info.
2. The Custom folder should contain any other local or remote files and folders
you may wish to include. Note: Do not include the Windows directory or any
other folder that has files in use. Also, bear in mind that the files you add must
fit your target CD or DVD. If you are unsure what to enter in this field, then
leave it empty.
3. In the Output Directory field enter a directory name to store the files PE
Builder copies. Please note that the location you enter is relative to your
\pebuilder directory.
4. If you need to specify an absolute path, you must change the Output path
absolute in the Builder Æ Options dialog.
5. Use the Media Output section to specify whether you want to create a
CD/DVD or an ISO image.
NOTE: you can click the Plugins button to add, edit, enable/disable, configure or remove plugins from the
list.
6. Click the Build button to start writing the CD/DVD or build the ISO image.
Boot from the BartPE Windows CD/DVD

WinTech is accessed via the BartPE plug-in boot CD/DVD. When the problem machine
is booted with this CD/DVD, the first screen you will see is the Endpoint Encryption
|9
WinTech
interface (see below). This will be followed by a pop up dialogue that will prompt you
to start network services. You may start the network services if you have added the
drivers for your Ethernet card to the CD/DVD build; otherwise click No.
1. Boot the machine with the BartPE CD/DVD. This will load the Endpoint
Encryption interface.
Figure 2 ‐ Accessing Endpoint Encryption WinTech
Figure 3 ‐ The WinTech application
Reset INT 13
INT 13 is an interrupt vector that stores a machine’s bios information. If the hardware
of a machine changes (the motherboard, for example) or a virus has affected the bios,
this will have an impact on the pre-boot environment and Endpoint Encryption will not
work. In this situation you will need to boot from the BartPE CD/DVD to access
WinTech and reset the INT 13 to reflect the correct bios.
Before proceeding you must have the following:
• The BartPE Boot CD/DVD boot disk.
10 |
WinTech
• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.
• The daily access (authorization) code. This can be obtained directly from
McAfee Support or from your internal Help Desk (Note: availability from your
Help Desk is dependent on your contract with McAfee).
3. Click the Go Æ Programs Æ EEPC WinTech.
4. Enter the authorization/access code when prompted and click Ok.
5. From the top toolbar select EEPCÆAuthenticate from SBFS. This will prompt
you for the Endpoint Encryption credentials for this machine.
6. Enter the username and password for the client machine.
7. Click the EEPC Æ RESET INT13 Vector from the menu. A message
containing INT13 has been successfully reset should appear.
8. Click OK.
Avoiding the Reset of INT13 for a BIOS upgrade

If you wish to avoid the Reset INT 13 condition while updating the BIOS, then you can
temporarily turn off Virus Protection before the BIOS upgrade.
1. Locate the machine in the Endpoint Encryption Manager, Devices tab.
2. Right-click on it and select Properties.
3. Select the General icon.
4. Under Options, scroll down until you find Virus Protection.
5. Deselect the Enable MBR virus protection option.
6. Click Apply.
When the BIOS has been upgraded, the Enable MBR virus protection option should
be re-enabled and the machine synchronized. This will again protect the machine’s
boot sector.
Encryption and Boot Sector Removal Procedure 1

Use the following procedure in the event that:
• Windows becomes corrupt.
• You cannot access the data of an encrypted machine.
| 11
WinTech
• Encryption or decryption fails.
CAUTION: Make sure the machine’s main power supply is plugged in for this procedure. Do not attempt to
perform on battery only.
Note: any sticks and drives required to access the machine must be plugged
in before WinTech starts.
• The daily access/authorization code. This can be obtained directly from McAfee
Support or from your internal Help Desk. Note: availability from your Help
Desk is dependent on your contract with SafeBoot.
3. Enter the access code when prompted and click Ok.
4. From the top menu click the EEPC option.
5. Select the Authenticate from SBFS option from the EEPC menu.
6. Enter the machine’s username and password.
7. Select Remove SafeBoot.
This will decrypt the drive and remove the boot sector. It may take some hours
depending on the machine performance and the storage capacity of the drive or
partition.
8. Next, when Endpoint Encryption has been removed, delete its record from the
Endpoint Encryption Manager (the central record will no longer have the
correct parameters for the machine). See the Endpoint Encryption for PC
Administration Guide for further information, or, contact your Endpoint
Encryption Database Administrator.
NOTE: If you had a problem with Windows and the operating system is repaired, Endpoint Encryption will
automatically reactivate itself if the installed files are still intact. It will also connect to the Endpoint
Encryption Server. The machine may encrypt at this point too depending on its settings in the database.
12 |
WinTech
This can be prevented by disconnecting from the network prior to booting the machine (or disable wireless
networking). After Windows has loaded, open Dos CMD prompt. Change to the EEPC folder on the machine
and enter: “sbsetup –Uninstall”. This command can only be used if the drive is completely unencrypted.
CAUTION: Make sure you check where the \SBADMIN (administration system files) and the \SBDATA
(database folder) have been installed. If your installation is not in the recommended locations, then make
sure you check where they have been installed before proceeding.
Also, disconnecting from the network will prevent re‐activation only if this machine was originally an Online
install. If it was an Offline install, then boot to Windows Safe Mode first. See the Endpoint Encryption for PC
Administration Guide for further information regarding online and offline installation.

If Endpoint Encryption does not work and the previous Encryption and Boot Sector
Removal Procedure 1 cannot be used, then follow this procedure. Note: this procedure
should only be attempted under the guidance of McAfee Support. For this method the
machine’s configuration should be exported from the database.
Note: any sticks and drives required to access the machine must be plugged
in before WinTech starts.
• The daily access/authorization code. This can be obtained directly from McAfee
Support or from your internal Help Desk Note: availability from your Help
Desk is dependent on your contract with McAfee.
Export machine configuration to a floppy disk or a USB stick.
1. Insert your choice of removable media, i.e. floppy disk or USB drive.
2. Select the Devices tab from the Endpoint Encryption Manager.
3. Right-click on the machine name.
4. Select Export Configuration and browse to the floppy disk or USB drive.
5. Enter a name the database.
6. Click Save.
Boot the machine with the BartPE CD/DVD. This will load the Endpoint
| 13
WinTech
4. Select the Authenticate from Database option from the EEPC menu.
5. Next, select the machine SDB file and click Ok.
6. Select the correct machine name from the Select Machine window.
7. Select Remove EEPC from the EEPC drop down menu. This will decrypt the
drive and remove the boot sector. It may take some hours depending on the
machine performance and the storage capacity of the drive or partition.
8. Remember to delete the machine’s record from the Endpoint Encryption

Manager after Endpoint Encryption has been removed. The central record will
no longer have the correct parameters for the machine.
NOTE: When the operating system is repaired, Endpoint Encryption will automatically reactivate itself if the
installed files are still intact and it connects to the Endpoint Encryption Server. The machine may encrypt at
this point too depending on its settings in the database.
networking). After Windows has loaded, open Dos CMD prompt. Change to the EEPC folder on the machine
and enter: sbsetup –Uninstall. This command can only be used if the drive is completely
unencrypted.
WARNING: Disconnecting from the network will prevent re‐activation only if this machine was originally an
‘online’ install of SafeBoot. If it was an ‘offline’ install boot to Windows Safe Mode first. See the Endpoint
Encryption for PC Administration Guide PDF document for further information regarding online and offline
installation.
Mount Drive
The Mount Drive feature allows quick access to data on an encrypted drive. This is
only possible if the administrator has been properly authorized using the correct key.
There is no need to completely decrypt the drive first to get at important files. Data is
decrypted on-the-fly from the encrypted disk and this allows full access to the
contents. This includes access to data stored on removable media.
14 |
WinTech
• The daily access (authorization) code. This can be obtained directly from
McAfee Support or from your internal Help Desk (Note: availability from your
Help Desk is dependent on your contract with McAfee).
1. Export the machine configuration to a floppy disk or a USB stick. Insert your
choice of removable media, i.e. floppy disk or USB drive.
(Note: There are two options you can select: the Include all users in the
configuration option will add all users that can access the machine, into the
machine configuration; the Include all files in the configuration option will
add all the files assigned to the machine’s groups into the machine
configuration).
5. Enter a name for the database file.
6. Click Save.
NOTE: Any USB sticks or drives you need to access later will need to be plugged in before Windows PE starts
to load. This includes any encrypted disks you wish to access, or, any disk containing the machine export
database.
8. Click the GoÆ Programs Æ EEPC WinTech.
9. Enter the authorization/access code when prompted and click Ok.
NOTE: The Info bar at the bottom of the tool reports Not Authorized until the code has been correctly
entered. After the code has been entered, this changes to Authorized.
The Not Authenticated message still shows. User authentication or an encryption key to decrypt any data is
still required!
10. Now enter the machine’s key retrieved earlier from the exported database.
From the EEPC menu select Authenticate from Database.
11. Browse to the location of the exported machine configuration, i.e. floppy or
USB stick.
| 15
WinTech
12. Click the SDB file you created earlier.
13. From the Disk menu, choose Mount Drive.
14. From the Go menu run the file management tool (BartPE default is A43 File
Utility Manager).
Restoring the MBR (Master Boot Record)

The MBR loads the boot sector which in turn will load the operating system. The MBR
of a machine is stored in the central administration database during the
synchronization and can therefore be exported as part of the Endpoint Encryption
Transfer Database (.SDB) file. Note: if you have performed a manual (forced) decrypt
then you must follow this procedure to restore the original MBR.
Authenticate from the database using the .SDB file on the floppy disk or USB. This
must be plugged in before booting from the BartPE CD/DVD.
1. Click the EEPC menu followed by the Authenticate from Database option.
NOTE: There is a known problem with BartPE at present: if you select the Authenticate from Database
option from the EEPC menu, the dialog box may not immediately display the .SDB file(s). To view the
contents of the floppy disk/USB stick, then type in the drive letter containing the media, e.g. a:\, f:\, etc.
2. Next, select the machine SDB file from the floppy disk or USB drive.
3. Click Open.
5. Click Ok to confirm the authentication.
Restore the MBR:
1. Click the Disk menu followed by Restore MBR.
2. Click Yes to confirm that you want to overwrite the Master Boot Record.
Restoring the EEPC MBR

The EEPC MBR loads the EEPC pre-boot environment. This MBR is stored in the central
administration database during the synchronization. You can restore the EEPC MBR in
the event.
16 |
WinTech
Authenticate from the database using the .SDB file on the floppy disk or USB. Note:
this must be plugged in before booting from the BartPE CD/DVD:
1. Click the EEPC menu followed by the Authenticate from Database option.
NOTE: There is a known problem with BartPE at present: if you select the “Authenticate from Database”
option from the EEPC menu, the dialog box may not immediately display the .SDB file(s). To view the
contents of the floppy disk/USB stick, then type in the drive letter containing the media, e.g. a:\, f:\, etc.
2. Next, select the machine SDB file from the floppy disk or USB drive.
3. Click Open.
5. Click Ok to confirm the authentication.
Restore the EEPC MBR:
1. Click the Disk menu followed by Restore MBR.
2. Click Yes to confirm that you want to overwrite the Master Boot Record.
| 17
SafeTech
SafeTech
This chapter explains some of the common tasks that can be undertaken using
McAfee’s disaster recovery tool, SafeTech.
Please exercise caution for all SafeTech procedures. McAfee is not responsible for the
loss of data. Please contact McAfee if you are unsure about attempting any of these
procedures.
Creating a SafeTech Boot Disk

You can create a boot disk from the Endpoint Encryption Manager by using the
Recovery menu option.
1. Select the Recovery option on the top toolbar of the Endpoint Encryption
Manager.
2. Select Create SafeTech Boot Disk.
3. Enter a floppy disk into the a:\ drive and select Ok. This will create the boot
disk.
Creating the Endpoint Encryption Transfer Database

The Endpoint Encryption Transfer Database is the machine configuration file (.SDB).
This file contains the machine key that will provide access to the problem machine.
1. Enter the media into the drive you wish to export the database to, e.g. floppy
disk or USB drive.
5. Enter a name for the database.
6. Click Save.
Emergency Boot
The Emergency boot is performed in the event of Endpoint Encryption failing to boot or
the logon screen is corrupt.
• The SafeTech boot disk.
18 |
SafeTech
• The daily access code. This can be obtained directly from McAfee Support or
from your internal Help Desk (Note: availability from your Help Desk is
dependent on your contract with McAfee).
1. Create a SafeTech boot disk. See the Creating a SafeTech Boot Disk procedure
at the beginning of this chapter.
2. Reboot the problem machine using the SafeTech boot disk.
3. Enter the authentication code.
4. Click Ok.
Authenticate from the database file (.SDB)
1. Enter the media containing the machine configuration file (.SDB).
2. From the top toolbar click SafeBoot.
3. Select Authenticate from Database.
4. Select the machine configuration file (filename.SDB) from the disk or USB
drive.
5. Click Ok. The machine name will be shown in the open window. This will be
the machine exported from the Endpoint Encryption Manager. The correct
machine name is listed.
6. Click Use Selected Machine. The panel at the bottom of the SafeTech screen
should display an Authorized and Ready status.
Perform the Emergency Boot.
1. From the top toolbar click SafeBoot.
2. Click the Emergency Boot option. This will prompt you to confirm the
operating system.
3. Click Yes if you are using Windows XP (or earlier), or, click No if you are using
Windows 2003, Vista and higher.
4. Click Ok to confirm the Emergency boot.
When the machine boots into Windows, if there is a network connection to the
Endpoint Encryption server, then the machine will synchronize with the Endpoint
Encryption Object Directory and fully repair itself. Check this by right-clicking on the
Endpoint Encryption icon in the system tray, followed by “Show Status”.
| 19
SafeTech
If Endpoint Encryption is unable to establish connection to the master directory at this

time, continue to use the SafeTech Emergency Repair boot disk to boot the machine
until a connection to the server is made.
Reset INT 13
INT 13 is an interrupt vector that stores a machine’s bios information. If the hardware
of a machine changes (the motherboard, for example) or a virus has affected the bios,
this will have an impact on the pre-boot environment and Endpoint Encryption will not
work. In this situation you will need to use a boot disk to access SafeTech and reset
the Int 13 to reflect the correct bios.
1. Create a SafeTech boot disk. See the Creating a SafeTech Boot Disk procedure
at the beginning of this chapter. Note: The machine configuration is not
required.
2. Reboot the problem machine using the SafeTech boot disk.
4. From the top toolbar select EEPC followed by Authenticate from SBFS. This
will prompt you for the Endpoint Encryption credentials for this machine.
If you get a message that indicates a failure to read the values from the disk, contact
McAfee Support – otherwise, click Login With Selected Token.
5. Enter the username and password for the client machine.
6. Click the EEPC option from the toolbar and select the RESET INT13 Vector
from the menu. The INT13 has been successfully reset message should
appear.
7. Click OK.
Avoiding the Reset of INT13 for a BIOS upgrade

If you wish to avoid the Reset INT 13 condition while updating the BIOS, then you can
temporarily turn off Virus Protection before the BIOS upgrade.
20 |
SafeTech
1. Locate the machine in the Endpoint Encryption Manager, Devices tab.
2. Right-click on it and select Properties.
3. Select the General icon.
4. Under Options, scroll down until you find Virus Protection.
5. Deselect the Enable MBR virus protection option.
6. Click Apply.
When the BIOS has been upgraded, the Enable MBR virus protection option should
be re-enabled and the machine synchronized. This will again protect the machine’s
boot sector.

Use the following procedure in the event that:
• Windows becomes corrupt.
• You cannot access the data of an encrypted machine.
• Encryption or decryption fails.
CAUTION: Make sure the machine’s main power supply is plugged in for this procedure. Do not attempt to
perform it on battery only.
1. Create a SafeTech Boot Disk. See the Creating a SafeTech Boot Disk procedure
2. Boot the problem machine with the SafeTech Boot disk.
3. Enter the authorization code.
5. Select the Authenticate from SBFS option from the EEPC menu. SafeTech
reads values from the drive and returns a message. If the message indicates a
failure to read the values from the disk then contact McAfee Support,
otherwise, choose the right token and click Logon with Selected Token.
6. Enter the machine’s username and password.
| 21
SafeTech
7. Select Remove SafeBoot.
8. This will decrypt the drive and remove the boot sector. It may take some
hours depending on the machine performance and the storage capacity of the
drive or partition.
9. Next, when Endpoint Encryption has been removed, delete its record from the
Endpoint Encryption Manager (the central record no longer has the correct
parameters for the machine). See the Endpoint Encryption for PC
Administration Guide for further information, or, contact your Endpoint
Encryption Database Administrator.
NOTE: If you had a problem with Windows and the operating system is repaired, Endpoint Encryption will
automatically reactivate itself if the installed files are still intact. It will also connect to the Endpoint
Encryption Server. The machine may encrypt at this point too depending on its settings in the database.
networking). After Windows has loaded, open Dos CMD prompt. Change to the Endpoint Encryption folder
on the machine and enter: “sbsetup –Uninstall”. This command can only be used if the drive is completely
unencrypted.
CAUTION: Make sure you check where the \SBADMIN (administration system files) and the \SBDATA
(database folder) have been installed. If your installation is not in the recommended locations, then make
sure you check where they have been installed before proceeding.
Also, disconnecting from the network will prevent re‐activation only if this machine was originally a
Endpoint Encryption ‘online’ install. If it was an ‘offline’ install, then boot to Windows Safe Mode first. See
the Endpoint Encryption for PC Administration Guide for further information regarding online and offline
installation.

If Endpoint Encryption does not work and the previous Encryption and Boot Sector
Removal Procedure 1 cannot be used, then follow this procedure. Note: this procedure
should only be attempted under the guidance of McAfee Support. For this method the
machine’s configuration should be exported from the database.
22 |
SafeTech
1. Create a SafeTech Boot Disk. See the Creating a SafeTech Boot Disk procedure
2. Export machine configuration file (.SDB) to a floppy disk or a USB stick. See
the Creating the Endpoint Encryption Transfer Database procedure earlier in
the chapter.
3. Boot the problem machine with the SafeTech boot disk.
4. Enter the authorization code when prompted.
Use SafeTech to authenticate from the database:
2. Select the Authenticate from Database option from the EEPC menu.
3. Next, select the machine SDB file and click Ok.
5. Select Remove EEPC from the EEPC drop down menu. This will decrypt the
drive and remove the boot sector. It may take some hours depending on the
machine performance and the storage capacity of the drive or partition.
6. Remember to delete the machine’s record from the Endpoint Encryption

Manager after Endpoint Encryption has been removed. The central record will
no longer have the correct parameters for the machine.
NOTE: When the operating system is repaired, Endpoint Encryption will automatically reactivate itself if the
installed files are still intact and it connects to the Endpoint Encryption Server. The machine may encrypt at
this point too depending on its settings in the database.
networking). After Windows has loaded, open Dos CMD prompt. Change to the Endpoint Encryption folder
on the machine and enter: sbsetup –Uninstall. This command can only be used if the drive is
completely unencrypted.
WARNING: Disconnecting from the network will prevent re‐activation only if this machine was originally an
‘online’ install of SafeBoot. If it was an ‘offline’ install boot to Windows Safe Mode first. See the Endpoint
Encryption for PC Administration Guide PDF document for further information regarding online and offline
installation.
| 23
SafeTech
24 |
Glossary
Glossary
Topic Description
Algorithms An option on the main menu for setting the correct algorithm on
a machine.
Authorize Enter the daily access/authorization code in this dialog box. The
code can be obtained directly from McAfee Support or from your
internal Help Desk. Note: availability from your Help Desk is
dependent on your contract with McAfee.
Authenticate from Database This function allows the user to authenticate using the machine
key obtained via the Select Transfer Database (SDB file) exported

from the master object directory.
Authenticate from SBFS This authentication is through entering the correct userid and
password.
Authenticate from HP Recovery This option is applicable to users of HP computers only. HP users
File can create a recovery file containing the machine key and
recovery key. This menu option allows the user to authenticate
onto a problem HP machine using the saved recovery file.
Contact Displays a list of current world telephone support numbers.
Crypt/Decrypt Sectors The Crypt/Decrypt option allows you to safely manipulate which
sectors are encrypted on the disk. This option follows the crypt
list (see “Get Disk Information”) to validate the ranges you
submit, so it will not encrypt sectors which are currently
encrypted, and will not decrypt sectors which are currently not
encrypted. This option supports power fail protection.
You can only use the Crypt/Decrypt Sectors option if the disk
crypt state is still valid. If Endpoint Encryption has become
corrupt on the disk, or the crypt state has been corrupted, you
will need to use the Force Crypt/Decrypt Sectors option.
If you change the encryption state with the Crypt/Decrypt
Sectors option, appropriate modifications will be made to the
disk Crypt List. For example, if you encrypt a new range, a new
Region definition will be created. If you decrypt within an
existing Region, then the existing region will be split into two, if
you completely decrypt a region, it will be removed from the
crypt list.
Disk Menu containing the options: Get Disk information; Repair Disk
Information; Crypt Sectors; Force Crypt Sectors; Edit Crypt State;
Restore MBR; Restore EEPC MBR; Mount Drive.
| 25
Glossary
Topic Description
Disk Information GUID – The unique GUID of the machine’s disk (a Endpoint
Encryption for PC construct).

Alg ID ‐ The ID of the Endpoint Encryption Algorithm used to
encrypt the disk.
Database ID – The Endpoint Encryption Database ID
(hexadecimal) of the host Endpoint Encryption Database that
this machine has registered its keys to, and is accepting policy
updates from. You can determine the Database ID through
Endpoint Encryption Manager by looking at the License
Information.
Machine ID – This is the machine unique object ID. You can find
the machines corresponding policy object by authenticating to
the correct Endpoint Encryption Database (using the Database ID
above to ensure you’re connected to the correct DB). Then click
the “Endpoint Encryption Machines Group” node in the Devices
tab, then click the “Groups” → “Find” and search for the
appropriate Object ID – in the example above it would be
00000003.
SBFS Sector Map – This is the sector location at the beginning of
the SBFS Sector map. The SBFS Sector map defines the ranges of
sectors on the users’ hard disk which contain the Endpoint
Encryption for PC pre‐boot environment.
SBFS Sector Map Count – This is the size of the sector map.
Key Check – A hash of the encryption key used to protect the
machine. This is used to verify keys are correct.
Crypt List
Region Count – The number of defined crypted areas of this
logical disk. This usually corresponds to the number of partitions
on the drive.
Region … ‐ Each region is defined as follows:
Start Sector – The physical start sector of the region
End Sector – The last physical sector included in the
region
Sector Count – The number of sectors included in this
region
PowerFail Status – Endpoint Encryption for PC tracks the
progress of encryption on the drive to ensure that if power is lost
during encryption, the process is recoverable.
Status – Determines whether the drive is currently in powerfail
state. A status of Inactive indicates that the current encryption
process has finished.
Partition – A section per Logical partition on this physical drive as
follows:
Partition Number – The unique partition number.
Partition Type – The file system detected on this partition.
26 |
Glossary
Topic Description
Partition Bootable – Whether the partition is bootable or not.
Partition Recognised – Whether the partition is recognized as
viable.
Partition Drive Letter – The detected drive letter of this partition.
Partition Start Sector – The physical start sector of the partition.
Partition End Sector – The physical end sector of the partition.
Partition Sector Count – The number of sectors in the partition.
Edit Disk Crypt State Before using this option call McAfee Technical support for
assistance.
This option will certainly cause irretrievable data loss if used
incorrectly.
Ensure when using this option that there is no possibility of
losing power while it is working – this option DOES NOT support
power fail protection.
Emergency Boot Repairs the Endpoint Encryption File system on the client
machine.
EEPC Endpoint Encryption for PC (formerly known as Endpoint
Encryption for PC).
Force Crypt/Decrypt Sectors Before using this option call McAfee Technical support for
assistance.

Unlike the Crypt/Decrypt sectors option, the Force
Crypt/Decrypt option does not pay attention to the disk crypt
state, it simply performs the operation blindly according to user
input. Force Crypt does not support power fail, nor does it apply
any logic or parameter validation on the input.
You should only use the Force Crypt/Decrypt sectors option
when all else fails, when the on‐disk structures are completely
corrupted for example.
This option will certainly cause irretrievable data loss if used
incorrectly. If you are forced to use this option, you should make
a recording of each operation you apply to aid in data recovery.
Ensure when using this option that there is no possibility of
losing power while it is working – this option DOES NOT support
power fail protection.
Get Disk Information This option displays information about the physical drives
detected by SafeTech. Each physical disk has a node in the disk
information tree which describes its LUN, partitions, size and
Endpoint Encryption information.
Mount Drive The Mount Drive feature allows quick access to data on an
encrypted drive. This is only possible if the administrator has
been properly authorized using the correct key. There is no need
to completely decrypt the drive first to get at important files.
Data is decrypted on‐the‐fly from the encrypted disk and this
| 27
Glossary
Topic Description
allows full access to the contents.

Mount SBFS as a drive This option provides quick and easy access to the Endpoint
Encryption File System by mounting it as a drive.
Open Workspace This option opens the Workspace window. For assistance on how
to use the SafeTech/WinTech workspace, please contact McAfee

support.
Note: The Open Workspace option appears in the Disk menu for
SafeTech only, however, with the WinTech application appears
as a main menu option.
Remove SafeBoot Removes the encryption and boot sector from a machine, but
does not remove the Endpoint Encryption client files. (See the

Endpoint Encryption for PC Administration Guide for details on
removing client files).
Repair Disk Information The Repair Disk Information option will fix problems with the
boot disk only. For this to work the crypt list portion must still be

valid and the power fail state must be inactive.
Reset INT13 vector When moving a hard disk between machines, updating the BIOS,
or after a virus attack, Endpoint Encryption will warn of a

possible virus at boot time and deny access to the machine.
Should there be a possibility of a virus, run a virus checker.
Restore MBR Restores the original MBR of the machine but does no validation
checking.

Restore EEPC MBR Now that the disk information for the boot disk is stored in the
main partition, the only link to it is from the EEPC MBR. If the

EEPC MBR gets removed or corrupted, there is no way to find
the disk information. So the client now stores the EEPC MBR in
the database during sync, hence it will be exported to the
transfer database and can then be used by WinTech to restore
the EEPC MBR.
This allows administrators to have the ability to restore it in case
of a disaster recovery with WinTech.
This can be used to repair a corrupt logon screen, for example.
Set Background Colour This option allows the background colour of the screen to be set
(SafeTech only) to improve clarity on older monitors. You can choose from Black,
Red, Green, Blue, or White.
.SDB The file type of the select transfer database file. See below.
Select Transfer Database The Select Transfer Database is the machine configuration file
containing the encryption keys and MBR information for a
particular machine. This file is created (exported) from the main
28 |
Glossary
Topic Description
database using the Endpoint Encryption Manager.
Set Disk Algorithm This option allows you to specify an algorithm for the disk in the
event that it is not picked up automatically.

Set Workspace Algorithm This option allows you to specify an algorithm for the Workspace
in the event that it is not picked up automatically.

Set Algorithm This option allows you to select which algorithm to use in the
current SafeTech session. As the Endpoint Encryption for PC

algorithm is an enterprise‐wide setting, and can never be
changed, you should confirm the algorithm the Endpoint
Encryption Manager is using before setting it in SafeTech. You
can do this from the Help/About/Modules screen – check the
description of the SBAlg.DLL file.
Selecting the wrong algorithm here will prevent any manual
decryption functions (decrypt sectors, force decrypt sectors etc)
perform the wrong mathematical functions on the data. This
process is reversible, by for example re‐encrypting the sector
ranges but if the algorithm choice cannot be remembered, can
be extremely time consuming to recover from.
| 29

WinTech and SafeTech Administration Guide

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

WinTech and SafeTech Administration Guide

Transféré par

Droits d'auteur :

Formats disponibles

McAfee® WinTech and SafeTech

SafeTech ....................................................................................... 18

Glossary ........................................................................................ 25

Using this guide

Endpoint Encryption for PC (EEPC) incorporates functionality not found in earlier

Through the continued investment in technology and the inclusions of industry

• Endpoint Encryption for PC Quick Start Guide

• Endpoint Encryption Manager Administration Guide

Contacting Technical Support

• Easier access to encrypted USB drives and memory sticks: WinTech

Creating a BartPE Boot CD\DVD

Create the BartPE CD/DVD

2. Install BartPe using the default install locations.

3. Open Windows Explorer and navigate to the \pebuilderxxxxx\plugin folder.

5. Copy the files from the \Recovery\Making a Rescue CD\BartPe Plugin

Boot from the BartPE Windows CD/DVD

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

3. Click the Go Æ Programs Æ EEPC WinTech.

4. Enter the authorization/access code when prompted and click Ok.

6. Enter the username and password for the client machine.

Avoiding the Reset of INT13 for a BIOS upgrade

1. Locate the machine in the Endpoint Encryption Manager, Devices tab.

2. Right-click on it and select Properties.

3. Select the General icon.

4. Under Options, scroll down until you find Virus Protection.

5. Deselect the Enable MBR virus protection option.

Encryption and Boot Sector Removal Procedure 1

• Windows becomes corrupt.

• You cannot access the data of an encrypted machine.

• Encryption or decryption fails.

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

2. Click the Go Æ Programs Æ EEPC WinTech.

3. Enter the access code when prompted and click Ok.

4. From the top menu click the EEPC option.

6. Enter the machine’s username and password.

7. Select Remove SafeBoot.

Encryption and Boot Sector Removal Procedure 2

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

Export machine configuration to a floppy disk or a USB stick.

2. Select the Devices tab from the Endpoint Encryption Manager.

3. Right-click on the machine name.

5. Enter a name the database.

1. Click the Go Æ Programs Æ EEPC WinTech.

2. Enter the access code when prompted and click Ok.

3. From the top menu click the EEPC option.

5. Next, select the machine SDB file and click Ok.

8. Remember to delete the machine’s record from the Endpoint Encryption

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

2. Select the Devices tab from the Endpoint Encryption Manager.

3. Right-click on the machine name.

5. Enter a name for the database file.

8. Click the GoÆ Programs Æ EEPC WinTech.

9. Enter the authorization/access code when prompted and click Ok.

12. Click the SDB file you created earlier.

13. From the Disk menu, choose Mount Drive.

Restoring the MBR (Master Boot Record)

Before proceeding you must have the following:

5. Click Ok to confirm the authentication.

Restore the MBR: