Jump to content

Windows 11 and ESET Full Disk Encryption // EEE


tmuster2k

Recommended Posts

With the release of Windows 11 slated for October 5th, will a full decrypt of ESET Full Disk Encryption be needed before doing this upgrade? 

Also same question with ESET Endpoint Encryption with FDE applied? 

Link to comment
Share on other sites

  • ESET Staff

Hi @tmuster2k,

We will be looking to make a full announcement as to what affect if any Windows 11 will have on EFDE And EEE customers as soon as we possibly can in order to clear this up.

Thank you.

Kieran Stainton

Link to comment
Share on other sites

  • 4 weeks later...

With a release date of 5th of October (one week away). Is there any news on this compatibility?

We are a distributor with several customers who have FDE enabled and have experienced problems with Feature Updates on Windows 10, more than once . Can we have some assurance that the customer clicking Update to Windows 11 won't kill the workstation's boot sequence? We're all aware that Windows 11 is being very particular about UEFI, SecureBoot, plus the TPM requirement.

How is Windows 11 compatibility testing going?

Link to comment
Share on other sites

  • Administrators

We are testing Windows 11 and EEE/EFDE currently.

 

So far there are no major problems at all. Upgrades from Windows 10 while encrypted work just like any other Windows 10 Feature Update. It’s seamless when performed through the Windows Update setting. In the event where you need to use the Win 11 ISO to perform the upgrade, then our updater utility works too.

Link to comment
Share on other sites

  • ESET Staff

Hi All,

I work in the team testing EEE/EFDE's compatibility with Windows 11 and may I just add that although we have not come across any major issues whilst upgrading and testing Encrypted Workstations that everyone take precautionary steps while updating to Windows 11. The last thing we want is any of you to run into issues we have been unable to predict because some systems could behave differently to the ones we have tested, and although we have tested a wide variety I would rather everyone take these precautions where possible to protect their data.

This could be by taking backups of all important data from systems before doing the update and if having to update a large amount of systems, starting with a few beforehand then move on to doing more.

Thank you,

Kieran

Edited by Kstainton
Link to comment
Share on other sites

  • 3 weeks later...

2 Windows 10 Systems with ESET Protect / ESET Endpoint Encryption with and w/o authentication fail Windows 11 setup from the setup media (Running Setup using mounted ISO image from Microsoft). A previous post mentions an "updater utility" - is there any more information or KB on this?

 

Description/Observation of Problem:

During the first reboot, after EEE validates the password, a Safe Boot/WinRE startup occurs (Windows pre-boot kernel asks for Keyboard layout and which OS to start/Troubleshooting Options). One OS is labeled "Windows 10" and the other has no name. Tried both with no success - Windows will continue when you select a boot option via reboot and setup reverts the changes back into a pre-windows 11 state stating a SAFE_OS phase error during BOOT.

On one system, fully decrypting the system and then performing the upgrade worked. I will be testing another system later this week.

All ESET Protect products were using the latest available public versions and once EEE was uninstalled (post decrypt), it was re-installed and everything appears to be working normally in Windows 11.

Link to comment
Share on other sites

  • ESET Staff

Hi @secured2k,

Thank you for getting in touch, here is the KB that you requested regarding the ESET Windows Updater Utility: https://support.eset.com/en/kb7148-manually-install-windows-10-feature-updates-on-a-full-disk-encrypted-fde-system

The error you are running into is due to the disk not being accessible during the update as it is Encrypted and Windows has not been told to use the Encryption Drivers in order to access the disk, this utility solves that problem by passing the required switches to allow Windows to use the Encryption Drivers and thus be able to access the disk.

Thanks,

Kieran 

Link to comment
Share on other sites

Thank you for providing the KB Article. I confirmed the recovery environment could not read the system drive on reboot; likely due to the driver issue mentioned. I reviewed the KB and see it just says run the tool. Is there any documentation on what the tool is actually doing? If the problem is just a missing driver, could we make the changes manually by adding the drivers to the image or to the EFI partition?

Link to comment
Share on other sites

  • ESET Staff

Hi @secured2k,

Here is a KB with some more technical details about what the tool is doing: https://support.eset.com/en/kb7394-technical-details-regarding-eset-endpoint-encryption-and-windows-feature-updates it also explains how you can do this via the WSUS method, providing the relevant Microsoft articles required to do this.

The problem is that the driver is not available in the Windows installation image. Windows Feature updates contain a .wim image which uses windows RE (Recovery Environment).

During the update the system boots to this image to perform the upgrade of the OS. This environment does not automatically use any extra drivers.


What we do to perform the upgrade is use a feature of the setup to “reflect” the drivers through to the installation image:

  • Setup.exe command line switches - This is how the ESET Endpoint Encryption Windows Feature Updater Utility does it
  • SetupConfig.ini - This is supported by Windows Update or WSUS
Edited by Kstainton
Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...