Symantec Endpoint Encryption Removable Media Encryption and Decrypting
Article ID: 220843
Updated On:
Products
Issue/Introduction
Symantec Endpoint Encryption Removable Media Encryption allows users to encrypt files so that nobody else can view the files without proper access.
Policies can be configured on the SEE Management Server so that every file is encrypted when copied to the drive, or allow users to make the decision to encrypt. There are many scenarios to offer flexibility for any environment.
If you need to decrypt files, there are a few options available.
Decrypting drives is never security as it puts the systems at risk, especially if you do not know the status of the system you are decrypting or the location of the system.
Once decrypted, the data can be accessed in the clear.
Although not recommended, for security reasons, the SEE Management Server offers a way to decrypt drives via the server. This article will show how this is done.
Resolution
Important Note: It is not usually recommended to decrypt drives. Decrypting drives could leave the system in a vulnerable state and should be done only with special considerations such as the following:
*Where the machine is located (inside of a secured location our out in the wild).
*What the reason for decrypting is? Is it a troubleshooting step?
Typically, decrypting is not necessary for most troubleshooting and may be more risky than it's worth.
*Are you decrypting to upgrade Windows? This is not needed as our software has functionality to accommodate this seamlessly.
179265 - Automatically upgrade Windows 10/11 systems encrypted with Symantec Endpoint Encryption (SEE)
*Are you trying to upgrade the SEE Client? Decrypting is not necessary in order to upgrade the SEE Client.
252118 - Installing and Upgrading the Symantec Endpoint Encryption Client (Deployment of SEE Client)
*Decrypting systems remotely has inherent risks associated to it, and it is better to decrypt while working on the system in front of you to ensure security.
153530 - Best Practices: Symantec Endpoint Encryption and Symantec Drive Encryption
If you are thinking about decrypting systems remotely, it is best to reach out to Symantec Encryption Support for further guidance.
If you are trying to decrypt via server commands, you may encounter the following.
Step 1: Right-click the machine you want to decrypt:
Step 2: Select Decrypt All Drives and the following screen pops up
If the following error message pops up, this means you are attempted to decrypt a machine that does not have SEE Drive Encryption (SEE Native Drive Encryption) installed:
As mentioned, the above error message will happen if "SEE RME Only" is installed, if "SEE RME + SEE Bitlocker" is installed, or if a machine has only "SEE Bitlocker" installed. The remote decryption command works only for Drive Encryption so when this is issued on the server for SEE Drive Encryption, only DE will decrypt the drive, but RME devices will not decrypt.
Due to the nature of USB drives and how fluid their use is from one machine to the other, and not always being plugged in, etc., it is not possible to decrypt RME drives from the server. As a result, decrypting data on RME drives is done manually.
To decrypt USB drives that are encrypted with SEE RME, perform the following:
Step 1: First make sure the policy on SEE Management Server allows users to decrypt their data:
Step 2: Once the policy has been updated, the user can right-click the content they wish to decrypt and decrypt it on the USB device:
Step 3: The user will possibly be prompted to enter a password:
Enter the passphrase and the files will decrypt.
If the user is not sure about the passphrase, decrypting with a recovery certificate is available.
See our Help File for more information on Server commands.
See our Help File for more information on the Recovery Certificate.
222689 - Symantec Endpoint Encryption Removable Media Encryption FAQs - General Information
Feedback
