As part of the installation of Encryption Desktop, the Windows automatic repair feature is disabled because an encrypted disk cannot be automatically repaired.
Encryption Desktop can be installed with drive encryption disabled. The msiexec switch PGP_INSTALL_WDE=0 is used to do this. Please see article 171110 for further information. If drive encryption is disabled using this switch, the Windows automatic repair feature is disabled and then enabled during the installation. This may trigger security alerts from third party monitoring tools.
Symantec Encryption Desktop 10.5 and above.
A scheduled task named runBCDEDIT is used to update the Windows automatic repair feature. The scheduled task uses this command to disable Windows automatic repair:
bcdedit.exe /set recoveryenabled No
It uses this command to enable Windows automatic repair:
bcdedit.exe /set recoveryenabled Yes
The scheduled task is deleted as part of the installation.