FEATURE REQUEST: Method to remotely remove PGPMBR using SCCM, and WinPE loaded with PGP filter drivers.


Article ID: 157803


Updated On:


Symantec Products


This Feature Request only applies to the following Process:

1) Use remote deploy solution, such as SCCM to copy WinPE to local HDD with PGP tools
2) Boot remote machine with WinPE with PGP tools from the HDD itself
3) Reformat/zero the drive including Bootguard/MBR
4) Reimage HDD with clean install, no encryption

Once this process is completed a reboot will be required.  At which point you will be asked to authenticate to Bootguard.  However the authentication information was removed at Format and there is no way to authenticate.  You will be forced to reformat using a CD appliance such as Boot 'n Nuke, or via Windows Live CD.  Slaving the drive to another machine and formatting will also work.


This process requires the PGP filter driver to be added to the WinPE boot as it is the only way to read the Encrypted drive.  The PGP Filter Driver is intended to protect the PGP MBR files from being written, moved, destroyed or modified by anything other than PGP.   When loaded on the drive you are trying to perform the format operation on, it will prevent windows from being able to remove the PGP MBR, but will continue with the rest of the process.


Symantec Corporation is committed to product quality and satisfied customers.  This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product. 

Technical Support filed a Feature Request to add this product feature. Note that an feature request is exactly that, a request. There is no committed date for this request from the Endpoint Encryption Product Management team, nor from the Endpoint Encryption Engineering team at this time.

Please be sure to refer back to this document periodically as any changes to the status of the request will be reflected here.