Symantec Endpoint Encryption FileVault Client Personal Recovery Key Screens


Article ID: 150976


Updated On:


Endpoint Encryption


Symantec Endpoint Encryption for File Vault can manage the recovery keys for all your users using macOS.  The nice thing about the SEE File Vault client is it will force the users to enter their passphrase and send up the recovery key.  This article is a historical article and these screens have changed in SEE File Vault 11.3.0.

This article shows the **old** screens.  For the new screens, see the following article:

213002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management Server



MacOS systems includes a native Drive Encryption solution called FileVault, which ensures the machine is fully encrypted.

The Symantec Endpoint Encryption FileVault client (SEE FileVault client) will manage the Recovery Keys for Mac users in case a passphrase is forgotten.  If a passphrase is forgotten, the Symantec Endpoint Encryption Administrator will be able to recover the keys and allow access back into the machine.

There are a few scenarios where Recovery Key windows will pop up to save your Recovery Key data to the server.  It is important to enter your Mac OS FileVault passphrase at these recovery screens to ensure if a passphrase is forgotten, the Recovery Key will allow access back in.


The following screens are for SEE FileVault 11.2.x.  Symantec Endpoint Encryption for FileVault 11.3.0 and beyond have new screens and improved functionality.  For more information on the 11.3 versions (Recommended), see the following articles:


213010 - How to create a SEE Client and Institutional Recovery Key for Symantec Endpoint Encryption FileVault Recovery (client creation)

213002 - How to install and use the SEE FileVault client to enable encryption and manage Recovery Keys with the SEE Management Server

213004 - Using a Personal Recovery Key to unlock a machine managed by the Symantec Endpoint Encryption FileVault Client

213006 - Using the SEE Helpdesk Web Portal to obtain the Personal Recovery Key for SEE FileVault clients


Scenario 1: Migrate Recovery Key Screen - This screen is what registers the users on the machines and sends up the Recovery Key to the Encryption Server.  It is critical you enter your passphrase on this screen to manage your Personal Recovery Key from the Encryption Server:

Scenario 2: Update Recovery Key Screen - When your FileVault Recovery Key changes, the SEE FileVault client must send up the new key to the server.

Enter the passphrase here to send the new Recovery Key to the server:

Scenario 3: Add User Screen - This screen is to add more FileVault users who login to the machine.  Only authorized users should be added here.

If this pops up for your own user, enter the details here:

TIP: For information on how to troubleshoot the "Add current user" screen that will not accept credentials, see article TECH254704.