Endpoint Encryption Removable Media Encryption does not encrypt files written to CD/DVD

book

Article ID: 172030

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

When you insert a blank CD/DVD into a computer running Windows, the Windows built-in CD/DVD burner prompts you how you want to use the disc and gives two choices:

  1. Like a USB flash drive - Live File System.
  2. With a CD/DVD player - Mastered.

If you choose the Mastered option, Endpoint Encryption Removable Media Encryption does not encrypt files written to the disc.

Cause

With the Mastered option, Windows copies the files that you choose to be written to the disc to a temporary folder on the hard drive.

Only when you click the Finish Burning button does Windows write the files to disc.

The temporary folder is not removable media therefore Endpoint Encryption does not encrypt the files when they are copied to the temporary folder.

Clicking on the Finish Burning button causes Windows to create a disc image containing the files and it is this image which is written to disc in a single operation and not as individual files. Therefore Endpoint Encryption does not encrypt the data.

Environment

  • Endpoint Encryption Removable Media Encryption (SEE-RME) 11.0 and above.
  • Windows 10.

Resolution

There are two possible solutions to this issue:

  1. Disable the built-in Windows CD/DVD burner using Windows Group Policy and instead use the Symantec Removable Media Encryption Burner Application for burning discs.
  2.  Always use the Live File System method with the built-in Windows CD/DVD burner because Endpoint Encryption will encrypt the files written to disc using this method.