search cancel

Symantec Endpoint Encryption FileVault Client Personal Recovery Key Screens

book

Article ID: 150976

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Symantec Endpoint Encryption for File Vault can manage the recovery keys for all your users using macOS.  The nice thing about the SEE File Vault client is it will force the users to enter their passphrase and send up the recovery key.  This article is a historical article and these screens have changed in SEE File Vault 11.3.0.

This article shows the **old** screens.  For the new screens, see the following article:

213002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management Server

 

Resolution

MacOS systems includes a native Drive Encryption solution called FileVault, which ensures the machine is fully encrypted.

The Symantec Endpoint Encryption FileVault client (SEE FileVault client) will manage the Recovery Keys for Mac users in case a passphrase is forgotten.  If a passphrase is forgotten, the Symantec Endpoint Encryption Administrator will be able to recover the keys and allow access back into the machine.

There are a few scenarios where Recovery Key windows will pop up to save your Recovery Key data to the server.  It is important to enter your Mac OS FileVault passphrase at these recovery screens to ensure if a passphrase is forgotten, the Recovery Key will allow access back in.

 

The following screens are for SEE FileVault 11.2.x.  Symantec Endpoint Encryption for FileVault 11.3.0 and beyond have new screens and improved functionality.  For more information on the 11.3 versions (Recommended), see the following articles:

 

213010 - How to create a SEE Client and Institutional Recovery Key for Symantec Endpoint Encryption FileVault Recovery (client creation)

213002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management Server

213004 - Using a Personal Recovery Key to unlock a machine managed by the Symantec Endpoint Encryption FileVault Client

213006 - Using the SEE Helpdesk Web Portal to obtain the Personal Recovery Key for SEE FileVault clients

 


Scenario 1: Migrate Recovery Key Screen - This screen is what registers the users on the machines and sends up the Recovery Key to the Encryption Server.  It is critical you enter your passphrase on this screen to manage your Personal Recovery Key from the Encryption Server:



Scenario 2: Update Recovery Key Screen - When your FileVault Recovery Key changes, the SEE FileVault client must send up the new key to the server, Examples:

  1. After every MacOS upgrade with SEE For FileVault client, when a user logs-in to the macOS user will see the 'Update PRK' prompt once. For more information take a look at the note on this document about a personal recovery key.
  2. With the combination of SEE server 11.4.0 and clients having older SEE for Filevault versions , MacOS users will see the "Update PRK" prompt, once they check-in to the SEE 11.4 server and this will appear only once.

 

Enter the passphrase here to send the new Recovery Key to the server:

As the Warning message mentioned above, if this prompt comes up, it is important for the user to enter their passphrase.  If they do not, then their recovery key will not be managed by the server and the user could lose their data if the passphrase is forgotten. 



Scenario 3: Add User Screen - This screen is to add more FileVault users who login to the machine.  Only authorized users should be added here.

If this pops up for your own user, enter the details here:

TIP: For information on how to troubleshoot the "Add current user" screen that will not accept credentials, see article TECH254704.

Additional Information

213002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management Server

Attachments