tmuster2k 22 Posted September 1, 2021 Share Posted September 1, 2021 With the release of Windows 11 slated for October 5th, will a full decrypt of ESET Full Disk Encryption be needed before doing this upgrade? Also same question with ESET Endpoint Encryption with FDE applied? Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 39 Posted September 2, 2021 ESET Staff Share Posted September 2, 2021 Hi @tmuster2k, We will be looking to make a full announcement as to what affect if any Windows 11 will have on EFDE And EEE customers as soon as we possibly can in order to clear this up. Thank you. Kieran Stainton Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted September 2, 2021 Author Share Posted September 2, 2021 @Kstainton Would there be some type of alert on the ESET Knowledgebase web page for Windows 11? Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 39 Posted September 3, 2021 ESET Staff Share Posted September 3, 2021 Hi @tmuster2k, Yes when we have more information an announcement will be put onto the ESET Knowledgebase. Thank you, Kieran Link to comment Share on other sites More sharing options...
Alan Risc IT Solutions Ltd 0 Posted September 28, 2021 Share Posted September 28, 2021 With a release date of 5th of October (one week away). Is there any news on this compatibility? We are a distributor with several customers who have FDE enabled and have experienced problems with Feature Updates on Windows 10, more than once . Can we have some assurance that the customer clicking Update to Windows 11 won't kill the workstation's boot sequence? We're all aware that Windows 11 is being very particular about UEFI, SecureBoot, plus the TPM requirement. How is Windows 11 compatibility testing going? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted September 28, 2021 Administrators Share Posted September 28, 2021 We are testing Windows 11 and EEE/EFDE currently. So far there are no major problems at all. Upgrades from Windows 10 while encrypted work just like any other Windows 10 Feature Update. It’s seamless when performed through the Windows Update setting. In the event where you need to use the Win 11 ISO to perform the upgrade, then our updater utility works too. Alan Risc IT Solutions Ltd and Aryeh Goretsky 2 Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 39 Posted September 29, 2021 ESET Staff Share Posted September 29, 2021 (edited) Hi All, I work in the team testing EEE/EFDE's compatibility with Windows 11 and may I just add that although we have not come across any major issues whilst upgrading and testing Encrypted Workstations that everyone take precautionary steps while updating to Windows 11. The last thing we want is any of you to run into issues we have been unable to predict because some systems could behave differently to the ones we have tested, and although we have tested a wide variety I would rather everyone take these precautions where possible to protect their data. This could be by taking backups of all important data from systems before doing the update and if having to update a large amount of systems, starting with a few beforehand then move on to doing more. Thank you, Kieran Edited September 29, 2021 by Kstainton Link to comment Share on other sites More sharing options...
secured2k 2 Posted October 17, 2021 Share Posted October 17, 2021 2 Windows 10 Systems with ESET Protect / ESET Endpoint Encryption with and w/o authentication fail Windows 11 setup from the setup media (Running Setup using mounted ISO image from Microsoft). A previous post mentions an "updater utility" - is there any more information or KB on this? Description/Observation of Problem: During the first reboot, after EEE validates the password, a Safe Boot/WinRE startup occurs (Windows pre-boot kernel asks for Keyboard layout and which OS to start/Troubleshooting Options). One OS is labeled "Windows 10" and the other has no name. Tried both with no success - Windows will continue when you select a boot option via reboot and setup reverts the changes back into a pre-windows 11 state stating a SAFE_OS phase error during BOOT. On one system, fully decrypting the system and then performing the upgrade worked. I will be testing another system later this week. All ESET Protect products were using the latest available public versions and once EEE was uninstalled (post decrypt), it was re-installed and everything appears to be working normally in Windows 11. Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 39 Posted October 18, 2021 ESET Staff Share Posted October 18, 2021 Hi @secured2k, Thank you for getting in touch, here is the KB that you requested regarding the ESET Windows Updater Utility: https://support.eset.com/en/kb7148-manually-install-windows-10-feature-updates-on-a-full-disk-encrypted-fde-system The error you are running into is due to the disk not being accessible during the update as it is Encrypted and Windows has not been told to use the Encryption Drivers in order to access the disk, this utility solves that problem by passing the required switches to allow Windows to use the Encryption Drivers and thus be able to access the disk. Thanks, Kieran Aryeh Goretsky and PinkConnectMark 2 Link to comment Share on other sites More sharing options...
secured2k 2 Posted October 18, 2021 Share Posted October 18, 2021 Thank you for providing the KB Article. I confirmed the recovery environment could not read the system drive on reboot; likely due to the driver issue mentioned. I reviewed the KB and see it just says run the tool. Is there any documentation on what the tool is actually doing? If the problem is just a missing driver, could we make the changes manually by adding the drivers to the image or to the EFI partition? Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 39 Posted October 19, 2021 ESET Staff Share Posted October 19, 2021 (edited) Hi @secured2k, Here is a KB with some more technical details about what the tool is doing: https://support.eset.com/en/kb7394-technical-details-regarding-eset-endpoint-encryption-and-windows-feature-updates it also explains how you can do this via the WSUS method, providing the relevant Microsoft articles required to do this. The problem is that the driver is not available in the Windows installation image. Windows Feature updates contain a .wim image which uses windows RE (Recovery Environment). During the update the system boots to this image to perform the upgrade of the OS. This environment does not automatically use any extra drivers. What we do to perform the upgrade is use a feature of the setup to “reflect” the drivers through to the installation image: Setup.exe command line switches - This is how the ESET Endpoint Encryption Windows Feature Updater Utility does it SetupConfig.ini - This is supported by Windows Update or WSUS Edited October 19, 2021 by Kstainton PinkConnectMark 1 Link to comment Share on other sites More sharing options...
secured2k 2 Posted November 2, 2021 Share Posted November 2, 2021 Thank you for the KB and links to the Microsoft documentation. ReflectDrivers is what I was looking for and seems to be working. Kstainton 1 Link to comment Share on other sites More sharing options...
Recommended Posts