search cancel

Symantec Endpoint Encryption Client machines do not respond to remote decryption commands as expected


Article ID: 157140


Updated On:


Endpoint Encryption


It has been observed that clients may not respond to remote decryption commands issued by Server Commands or GPO if no user is logged onto the machine at the time of the policy application. Once a user logs into Windows the decryption process begins and completes normally however.



To workaround this behavior an executable has been added to the client installers that will load to:

Program FIles > Symantec Endpoint Encryption Clients > Client Console > EAFRCliSyncComputerPolicies.exe

This .exe can be run remotely to force the decryption process to start without the requirement for user logon. This executable must be run after application of the policy meaning that the GPO must be applied or the machine must check-in once to receive a Native Policy. One example of a tool that could be used to execute this is Microsoft's "psexec", described at the location below:

This behavior is under investigation at this time.




Remote Decryption .docx get_app