Mr.Gains 4 Posted April 14, 2021 Share Posted April 14, 2021 (edited) We're using an installer that include both Endpoint Security (v8.0.2028.0) and Full Disk Encryption (v1.2.4.12). I included our custom EFDE policy in the installer but it's not applying to the machines, therefore I had to manually apply the policies after the machines get encrypted. Is there any issues in applying our encryption policy after the system gets encrypted? My thoughts is that the default policy will override my policy that I applied after the system gets encrypted, or will the policy change as long the system checks in? Thanks, Edited April 14, 2021 by Mr.Gains grammar Link to comment Share on other sites More sharing options...
ESET Staff JPritchard 11 Posted April 15, 2021 ESET Staff Share Posted April 15, 2021 Hello there! After reading through your post, it's unclear to me what the issue is exactly. When you say: 12 hours ago, Mr.Gains said: I included our custom EFDE policy in the installer but it's not applying to the machines, therefore I had to manually apply the policies after the machines get encrypted. If the computer started encryption after the installation, then an EFDE Policy was included in the installer. EFDE does NOT perform any kind of encryption unless the EFDE Policy specifically enables encryption. If the Policy included in your installer isn't encrypting in the way that you expect, then I suggest you amend the installer's settings and then generate a new MSI. Regarding this statement: 12 hours ago, Mr.Gains said: Is there any issues in applying our encryption policy after the system gets encrypted? It is not possible to change the FDE mode (TPM/OPAL/Software based encryption) without decrypting the computer first. After decrypting the computer, you can apply the desired EFDE Policy. It should be noted that the computer details shown in ESET Protect do not show the currently applied EFDE Policy if the Policy was established as part of the install. You may be able to request the computer details in order to update the computer details to show this information. If I have misunderstood the issue, then please may you provide more information on the problem. Thank you Link to comment Share on other sites More sharing options...
Mr.Gains 4 Posted April 15, 2021 Author Share Posted April 15, 2021 4 hours ago, JPritchard said: It should be noted that the computer details shown in ESET Protect do not show the currently applied EFDE Policy if the Policy was established as part of the install. You may be able to request the computer details in order to update the computer details to show this information. If I have misunderstood the issue, then please may you provide more information on the problem. Thank you Sorry for the confusion, basically I was trying to say that I set a policy in the installer but it doesn't show in computer details (configuration-applied policies) in ESET PROTECT. We have encrypted multiple computers in last couple of days, and none of them are showing any EFDE policy after installing/encrypting with our Endpoint+FDE package. Is there a way to force the computer to show it's EFDE policy in ESET PROTECT, just a bit confuse on why it wouldn't show the policy in the first place? Link to comment Share on other sites More sharing options...
ESET Staff Solution JPritchard 11 Posted April 15, 2021 ESET Staff Solution Share Posted April 15, 2021 (edited) Good afternoon! The behavior you describe is normal - Policies applied by the installer do not show in the console. However, where EFDE is concerned, you will see the encryption status information on the computer panel here: If you want to update the Policy details in the ESET Protect console, then you can press the "REQUEST CONFIGURATION" button. Once processed, you will see the currently applied policies. Here's an example: Before After It might be possible to automate this process, however I don't know enough about ESET Protect to assist you further with this. You may want to ask for further help in the ESET Protect forum or contact support. I hope this helps out! Edited April 15, 2021 by JPritchard Mr.Gains and Rendekovic 2 Link to comment Share on other sites More sharing options...
Mr.Gains 4 Posted April 16, 2021 Author Share Posted April 16, 2021 23 hours ago, JPritchard said: Good afternoon! The behavior you describe is normal - Policies applied by the installer do not show in the console. However, where EFDE is concerned, you will see the encryption status information on the computer panel here: If you want to update the Policy details in the ESET Protect console, then you can press the "REQUEST CONFIGURATION" button. Once processed, you will see the currently applied policies. Here's an example: Before After It might be possible to automate this process, however I don't know enough about ESET Protect to assist you further with this. You may want to ask for further help in the ESET Protect forum or contact support. I hope this helps out! Cheers, it doesn't tell me the policy name but it does give me some relief to see the configuration (same custom policy I applied in the installer). Learned something new today, thank you JPritchard JPritchard 1 Link to comment Share on other sites More sharing options...
Recommended Posts