Windows Laptop Encryption

HSPH McAfee Endpoint Encryption FAQ 

What is McAfee Endpoint Encryption?

McAfee Endpoint Encryption (formerly called SafeBoot Encryption) is a tool that provides Full-Disk Encryption (FDE) on Microsoft Windows computers.

back to top

 

Is McAfee Endpoint Encryption available for Apple Mac Systems?

No, but we anticipate McAfee Endpoint Encryption will support Apple Mac systems 1st Quarter 2010.

back to top

 

Will McAfee Endpoint Encryption hurt my system performance?

For current HSPH supported model systems, the performance impact will be small. Older non-supported systems may have a more noticeable impact.

back to top

 

What change will I see after McAfee Endpoint Encryption is installed?

You will have a McAfee Endpoint Encryption (pre-boot) login prompt and a new icon on your System Tray.

back to top

 

Do I have to remember a separate password for McAfee Endpoint Encryption?

No. Your McAfee Endpoint Encryption and Novell passwords will sync whenever you change your Novell password.

back to top

 

Since my passwords are synched, do l have to enter the password a second time in order to log into Windows?

Your machine is set up for Single Sign-On (SSO), which will automatically provide your credentials to Windows.

back to top

 

My password does not work on the pre-boot screen. What should I do?

If you have recently changed your Novell password, try entering your previous password. There are some instances where your McAfee Endpoint Encryption password becomes out of synch with your Novell password. If entering your old password works, you will want right-mouse click on the McAfee Endpoint Encryption icon in the System Tray, and select “Synchronize”. This will synchronize your McAfee Endpoint Encryption password with your Novell password. If this still does not work, please contact Help Desk.

back to top

 

My password still does not work?

During the McAfee Endpoint Encryption installation, you had selected three out of five questions for your MEE Local Recovery. See below:

Performing a Local Recovery

These are the steps to perform a local self recovery.

1. At the pre-boot screen, cancel the Endpoint Encryption Logon.

2. Click the Options button on the pre-boot screen.

3. Click Recovery from the menu followed by Local Recovery.

4. Enter your username into the User name field and click Next.

5. Enter the answer to each question in turn, clicking the Next.

6. Enter a new password and confirm it.

7. Click the OK button to complete the process.

8. Select the Password Only Token option from the pre-boot screen.

9. Enter your username and new password to logon.

Will my network drives be encrypted?

No. McAfee Endpoint Encryption will not encrypt network share and private drives

back to top

 

Are files that I store on my USB thumb drive/external hard drive encrypted?

No, only files on your local machine’s hard drive are encrypted.

Note: All external drives or active drives should be unplugged or made ‘not ready’ during installation and during the initial McAfee Endpoint Encryption synchronization to the server. This will prevent the drives from being encrypted.

back to top

 

Are files that I save on network shares encrypted as well?

No, only files on your local machine’s hard drive are encrypted.

back to top

 

Will McAfee Endpoint Encryption have any effect on existing applications?

McAfee Endpoint Encryption is transparent to the Windows operating system. Existing applications will continue to work.

back to top

 

If I send a file to a colleague in email, is it encrypted?

No, only files on your local machine’s hard drive are encrypted.

back to top

 

Can I work on my machine while it is performing the initial encryption?

Yes. You may notice a slight decrease in performance while this process is executing, but this decreased performance will cease when the encryption has completed (usually 4-5 hours).

back to top

 

Can I shut my machine down while it is encrypting?

Yes, but it is not recommended that you do so. If possible, wait for the encryption process to complete before shutting your machine down. If you have to shut it down, it will resume where it left off on the next startup.

NOTE: Do not use the power button on your machine to shut down your machine during the encryption process.

back to top

 

 

How do I know when my machine has finished encrypting my hard drive?

You can display the status of the hard drive encryption by looking at the McAfee Endpoint Encryption Status from the System Tray.

back to top

 

How do I know if my machine is still encrypted?

You can display the status of the hard drive encryption by looking at the McAfee Endpoint Encryption Status.

back to top

 

Is my machine protected if I put it into “Standby” mode?

Not completely. Since you machine will not require you to re-authenticate to Endpoint Encryption when bringing it out of Standby, it is recommended that you turn off your machine when traveling with it or when leaving for the day. See Shutdown Process.

back to top

 

Now that I have encryption on my machine, do I still have to be wary of the files that I store on it?

Yes. Encryption is only one piece of the security puzzle. It is best to have only data on your machine that has an immediate business need. It is recommended that any critical data be stored on a network drive/share. This will also address the need to back up this data. (Think of if your machine is lost or stolen-if your data is on a network share, you will still have access to it.)

back to top

 

How come my keyboard doesn’t work correctly in the pre-boot environment?

Wireless keyboards do not work correctly in the pre-boot environment. You will need to use a standard USB keyboard.

back to top

 

What type of encryption is used?

The entire contents of the hard drive are encrypted using the government standard AES-256 encryption algorithm.

back to top

 

Is McAfee Endpoint Encryption available for personal laptops?

No.  Our licensing covers Harvard-owned machines only.

back to top

 

My laptop is leased.  Will encryption effect returning the laptops?

No.  However, the IT Department needs to be notified when laptops are being returned in order to remove the laptop from the Safeboot database.

back to top