PGP Whole Disk Encryption Pause Behavior

book

Article ID: 156806

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Symantec Drive Encryption (previously PGP Whole Disk Encryption) Encryption and Decryption processes can be paused. In certain cases, pausing the encryption or decryption process may not be desired. Pausing during encryption or decryption processes is controlled via the Consumer Policy in PGP Universal Server under Disk Encryption section.

Resolution

In the Disk Encryption section of Consumer Policy on Universal Server, if the box "Allow Encryption" is checked for PGP Whole Disk Encryption, then it will be possible to pause during encryption process. 

 
If the box to "Allow Decryption" is checked, then you can pause during decryption process.
 
What this means is in order to fully prevent a system from being paused during encryption or decryption, "Allow Encryption" and "Allow Decryption" must be unchecked.
 
If an organization wants to ensure systems are encrypted, but prevent pausing, it is still possible to accomplish this. The option "Automatically Encrypt disk at installation” must be checked, and Allow Encryption and Allow Decryption must be unchecked.
 
If the policy “Automatically Encrypt disk at installation" has been enabled on an existing system that has not been encrypted, a popup will be displayed for the user indicating the user must encrypt the drive so that this operation will be done per policy.
 
For external drives that are plugged into the system, the policy "Auto encryption or locking of removable devices" can be enabled to ensure removable disks are secured.

*Note: There were some issues with systems inadvertently pausing when it wasn't allowed in versions PGP WDE 10.2 through 10.2.1.  This issue has been resolved in 3.2.1 MP1/10.2.1 MP1 and above (etrack 2586361).