search cancel

Using the 32-bit and 16-bit utilities for data recovery issues with Symantec Endpoint Encryption - Full Disk (SEE-FD)

book

Article ID: 151442

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

How to use the 32-bit and 16-bit utilities for data recovery with SEE-FD.

Resolution

Instructions for using the 32-bit utility (SEE 7.x only):
  1. Run the 32-bit SEE-FD Access utility first instead of the SEE-FD Recover program. The purpose is to focus on quickly gaining access to the data so that it can be stored on a backup. Recover /d initiates decryption of the hard drive while Access loads decryption drivers only , enabling access to the data after authenticating as a client administrator. (See below for download information and instructions for use.)
  2. Make a backup of all data
  3. Either reimage or replace the HDD and restore the data from backup, or run Recover /a as it may resolve the problem (if Encryption Plus Operating System (EPOS) Error Log)
  4. If the problem is not resolved by Recover /a, then run Recover /d to decrypt the drive
  5. Uninstall the SEE-FD and Framework User Program in that order.
  6. If the original problem was a sector error and you are not able to replace the drive, run a low level Surface Scan (to mark the bad sectors). The preferred practice is to replace the hard disk since hard disk sector errors do not "heal" and the damage to the HDD will progress over time eventually making the system unstable.
  7. Restore data from the backup and reinstall the SEE-FD User Program and encrypt the HDD.

Access.exe Information: The 32-bit SEE-FD Access Program for 7.0 is available from Technical Support only. If you do not have a copy, request it from either your SEE-FD Administrator or from Symantec support. This utility utilizes Windows PE making it possible to access NTFS partitions without need for an NTFS-DOS Reader, and enabling you to map to network drives and mount USB devices to do data backups to network servers or USB disks before performing your usual systems repairs.

Using the SEE Access CD, it would be possible to run an imaging software such as Symantec Ghost (not provided) once SEE access has successfully authenticated and you can see the drive contents. You could then create an unencrypted backup image of an encrypted system.

Instructions for using the 16-bit utility (SEE 6.x only):
  1. Create a bootable floppy diskette.
  2. Copy the ephdxlat.ovl and the ACCESS.EXE file to the floppy diskette.
  3. Boot from the floppy diskette.
  4. At the prompt run "A:\>access.exe"
  5. Enter the Client Administrator password.
  6. Remove the floppy diskette.
  7. Insert another floppy with a third party tool to access NTFS (e.g. NTFSDOS or NTFSDOSPro)
  8. Run "A:\>ntfsdos" OR [ NTFS DOS (freeware) http://www.ntfs.com/products.htm ]
  9. The user should be able to see the content of the encrypted drive.

KNOWN ISSUES: The drive letters assigned to each drive might be different from what was in the original settings. For example: drive H: can be marked as "G:"

The 16-bit SEE-FD Access Program comes bundled in the SEE-FD Administrator Program install package and can be used for recovery and forensics purposes while a hard disk is encrypted. It is included in the installation files downloaded for the SEE-FD Server Program. To access NTFS partitions you must use an NTFS-DOS reader in conjunction with the 16-bit Access utility.


References
For further information about data recovery, please see "Best Practices for Data Recovery using Symantec Endpoint Encryption - Full Disk (SEE-FD)" at http://service1.symantec.com/support/ent-security.nsf/docid/2008022909242448