search cancel

Windows automatic repair feature disabled during installation of Encryption Desktop

book

Article ID: 229590

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption File Share Encryption

Issue/Introduction

As part of the installation of Encryption Desktop, the Windows automatic repair feature is disabled because an encrypted disk cannot be automatically repaired.

Encryption Desktop can be installed with drive encryption disabled. The msiexec switch PGP_INSTALL_WDE=0 is used to do this. Please see article 171110 for further information. If drive encryption is disabled using this switch, the Windows automatic repair feature is disabled and then enabled during the installation. This may trigger security alerts from third party monitoring tools.

Environment

Symantec Encryption Desktop 10.5 and above.

Resolution

A scheduled task named runBCDEDIT is used to update the Windows automatic repair feature. The scheduled task uses this command to disable Windows automatic repair:

bcdedit.exe /set recoveryenabled No

It uses this command to enable Windows automatic repair:

bcdedit.exe /set recoveryenabled Yes

The scheduled task is deleted as part of the installation.