SEE Recovery Utility Options


Article ID: 156557


Updated On:


Endpoint Encryption


 Using Recovery CD utility in a No Boot situation.



Recovery options are described below :

1) recover /A - attempts a repair of the SEE/GE volume files

2) recover /D - decrypts the drive using a Client Administrator credential

3) recover /B - decrypts the drive using a .dat file taken from the SEE/GE Management Server

4) recover /O - this command restores the drive to the OEM state, keeping user data intact

5) recover /S - this command restores the drive to the OEM state after performing a secure erase of user data

6) recover /F - Safe Mode Reboot

Note that options 4&5 only apply to managed OPAL compliant drives. These commands will have no effect on non-OPAL drives.

The last option simply restarts the machine, displaying the option to press F8 for Safe Mode.

This is used in situations where USB attached devices are non-responsive or other issues exist preventing us from entering Safe Mode normally.

Note : In case of OPAL drives, Encryption and Decryption of drives is done by OPAL itself, not SEE.

How to Export DAT File :

While running recovery media with /B, it asks for a recovery password which you create while exporting a recovery DAT file. This file is generated for individual client's from the Manager console. Every client will have a SID in Manager (SEMS/GEMS). With this SID we extract the WEK (DAT) file.

Open SEE/GE Manager - Symantec Endpoint Encryption Reports - Computer Status Report - On the right pane you enter the Computer Name and click on 'Run'. Once the report status is pulled up, highlight the computer name and click on 'Recover' It asks for Management password. Now It would also prompt you to put a new password which is your Recovery password and you save the WEK (DAT) file on a safe location. This DAT file along with the Recover Password is required at the time of using Recover disk on Client machines, in case No Boot situations.

Note : ** Exporting this file from Manager, we require Manager password.

Note : ** Client should have been checked in at least once onto the Manager.

Supporting article on How to use Recover /B to decrypt hard-disk :


Applies To

SEE 8.2.0 version onwards