Scribd
Upload
2K views29 pages

WinTech and SafeTech Administration Guide

McAfee, Inc. And / or its affiliates are registered trademarks or trademarks in the US and/or other countries. Any other non-mcafee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners.

Uploaded by

niwasgh
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
2K views29 pages

WinTech and SafeTech Administration Guide

McAfee, Inc. And / or its affiliates are registered trademarks or trademarks in the US and/or other countries. Any other non-mcafee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners.

Uploaded by

niwasgh
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 29

McAfee® WinTech and SafeTech

Administration Guide 
 

   
McAfee, Inc. 
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, USA 

Tel: (+1) 888.847.8766 

For more information regarding local McAfee representatives please contact your local McAfee office, 
or visit: 

www.mcafee.com 

 
Document: WinTech and SafeTech Administration Guide  
Last updated: Friday, 12 December 2008 
Endpoint Encryption for PC Product Version:  
 

Copyright (c) 1992‐2008 McAfee, Inc., and/or its affiliates. All rights reserved.  

McAfee and/or other noted McAfee related products contained herein are registered trademarks or 
trademarks of McAfee, Inc., and/or its affiliates in the US and/or other countries. McAfee Red in 
connection with security is distinctive of McAfee brand products.  Any other non‐McAfee related 
products, registered and/or unregistered trademarks contained herein is only by reference and are the 
sole property of their respective owners. 

 
Preface

Contents

Preface ........................................................................................... 4 
Using this guide ............................................................................................. 4 
Audience ................................................................................................. 4 
Conventions ............................................................................................ 4 

Welcome .........................................................................................5 
Related Documentation............................................................................. 5 
Contacting Technical Support .................................................................... 5 

Introduction ...................................................................................6 
Prior Knowledge ............................................................................................. 6 

WinTech .......................................................................................... 7 
Creating a BartPE Boot CD\DVD ................................................................. 8 
Create the BartPE CD/DVD ........................................................................ 8 
Boot from the BartPE Windows CD/DVD ...................................................... 9 
Reset INT 13 .......................................................................................... 10 
Avoiding the Reset of INT13 for a BIOS upgrade ......................................... 11 
Encryption and Boot Sector Removal Procedure 1 ....................................... 11 
Encryption and Boot Sector Removal Procedure 2 ....................................... 13 
Mount Drive ........................................................................................... 14 
Restoring the MBR (Master Boot Record).................................................... 16 
Restoring the EEPC MBR .......................................................................... 16 

SafeTech ....................................................................................... 18 


Creating a SafeTech Boot Disk .................................................................. 18 
Creating the Endpoint Encryption Transfer Database ................................... 18 
Emergency Boot ..................................................................................... 18 
Reset INT 13 .......................................................................................... 20 
Avoiding the Reset of INT13 for a BIOS upgrade ......................................... 20 
Encryption and Boot Sector Removal Procedure 1 ....................................... 21 
Encryption and Boot Sector Removal Procedure 2 ....................................... 22 

Glossary ........................................................................................ 25 

|3
Preface

Preface

Using this guide


This guide is designed to aid corporate security administrators to understand the
disaster recovery tools, WinTech and SafeTech. Included in this document are
procedures on how to recover data from problem machines. If you are unsure about
any procedure, and are concerned about your data, then you must contact McAfee
support before undertaking any of the procedures in this document.

Audience
This guide was designed to be used by qualified system administrators and security
managers. Knowledge of basic networking and routing concepts, and a general
understanding of the aims of centrally managed security is required.

McAfee can only contribute to information security within your organization as part of
a coherent and well-implemented organizational security policy.

Conventions
This guide uses the following conventions:
Bold Condensed All words from the interface, including options, menus, buttons, and dialog
box names.
Courier The path of a folder or program; text that represents something the user
types exactly (for example, a command at the system prompt).
Italic Emphasis or introduction of a new term; names of product manuals.
Blue A web address (URL); a live link.
Note Supplemental information; for example, an alternate method of executing
the same command.
Caution Important advice to protect your computer system, enterprise, software
installation, or data.

   

4|
Welcome

Welcome
The team at McAfee is dedicated to providing you with the best in security for
protecting data on personal computers. Applying the latest technology, deployment
and management of users is enhanced using simple and structured administration
controls.

Endpoint Encryption for PC (EEPC) incorporates functionality not found in earlier


versions. This new edition of the software features a new dimension in IT security
incorporating many new enterprise level options, including automated upgrades, file
deployment, flexible grouping of users and centralized user management. In addition,
user’s credentials can be imported and synchronized with other deployment systems.

WinTech and SafeTech are McAfee’s disaster recovery systems used in conjunction
with Endpoint Encryption for PC (EEPC).

Through the continued investment in technology and the inclusions of industry


standards we are confident that our goal of keeping Endpoint Encryption at the
forefront of data security will be achieved.

Related Documentation
• Endpoint Encryption for PC Administration Guide

• Endpoint Encryption for PC Quick Start Guide

• Endpoint Encryption Manager Administration Guide

Contacting Technical Support


Please refer to www.mcafee.com for further information.

|5
Introduction

Introduction
This guide discusses how to use the McAfee Endpoint Encryption disaster recovery
tools, WinTech and SafeTech.

SafeTech is a disaster recovery tool that allows the administrator to perform everyday
recovery functions. WinTech performs the same functions under a Windows-like
environment and includes greater features such as drive mounting, booting from
BartPe and easier access to encrypted USB drives and memory sticks.

Included in this guide are instructions on how to recover data from problem machines.
If you are unsure about any procedure, and are concerned about your data, then you
must contact McAfee support before undertaking any of the instructions in this
document.

Extreme care must be taken when using WinTech and SafeTech. If they are used
without diligence this may result in the loss of data. McAfee cannot be held responsible
for loss of data.

Prior Knowledge
This guide was written for security administrators. It assumes the reader has some
knowledge of security concepts, data encryption, Endpoint Encryption for PC and the
Endpoint Encryption Manager. It is preferable that administrators (readers) attend
some form of McAfee training to understand the basic concepts before following the
procedures in this guide.

6|
WinTech

WinTech
This chapter explains some of the common tasks that can be undertaken using
McAfee’s Windows based disaster recovery tool, WinTech.

Please exercise caution for all WinTech procedures. McAfee is not responsible for the
loss of data. Please contact McAfee if you are unsure about attempting any of these
procedures.

WinTech contains the same functions as its sister application, SafeTech. WinTech,
however, contains the following features:

• Boot from a BartPE CD/DVD: This provides administrators with the ability
to utilize the same recovery environment for disaster recovery and repair.

• Mount Drive: The Mount Drive feature allows quick access to data on an
encrypted drive. This is only possible if the administrator has been properly
authorized using the correct key. There is no need to completely decrypt the
drive first to get at important files. Data is decrypted on-the-fly from the
encrypted disk and this allows full access to the contents.

• Easier access to encrypted USB drives and memory sticks: WinTech


provides access to USB drives and memory sticks that have been encrypted
using 5.x DE optional USB removable drive support.

• An encrypted USB flash memory stick or external USB drive is generally only
accessible from the machine it was encrypted from, however, WinTech allows
these encrypted drives to be mounted and viewed, or the contents removed,
without requiring access to the original working machine. However, for this to
work the machine key must still be available in the master Object Directory of
the Endpoint Encryption Manager.

You can access a machine using the WinTech plug-in providing you also have the
following:

• As with all McAfee data security products, at all times, a valid user
authentication or machine key is needed to access the data on the encrypted
hard drive or USB stick.

• The daily access code to allow access to the functions and use of WinTech.
This is usually obtained from McAfee Support by customers with a valid
support contract.

|7
WinTech

The Daily access code does NOT provide access to encrypted data. Although WinTech
is a convenient recovery tool, it is NOT a ‘back door’ to data. The daily access code
ONLY enables advanced WinTech menu functions.

Authentication is still required to access the encrypted data. The other way is to
provide the machine’s unique encryption key exported from the administration
database (this requires administration rights to export).

Creating a BartPE Boot CD\DVD


Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable
Windows CD-Rom or DVD from the original Windows XP.

Before you create the BartPE CD\DVD you will need the Windows XP \i386 folder. The
\i386 folder holds the files used to install, repair, modify, update and rebuild Windows.
This can be found on the root directory of a Windows XP Pro/Home installation CD.

You will also need the contents of the \Recovery\Making a Rescue CD\BartPE Plug-in
and the \SafeBoot\SBWinTech_AES-FIPS folders which can be found on the installation
CD. If you have downloaded Endpoint Encryption you can find these paths on the
computer where the Endpoint Encryption Manager resides.

Create the BartPE CD/DVD


1. Download the latest BartPe install file. See the http://www.nu2.nu/pebuilder/
website for information and download links.

2. Install BartPe using the default install locations.

3. Open Windows Explorer and navigate to the \pebuilderxxxxx\plugin folder.


Note: xxxxx = denotes the version number of BartPE.

4. Create a subfolder called safeboot. This folder will be the source for the
Endpoint Encryption recovery files.

5. Copy the files from the \Recovery\Making a Rescue CD\BartPe Plugin


folder to the \pebuilderxxxxx\plugin\EEPC folder.

6. Launch BartPe.

8|
WinTech

Figure 1 ‐ The BartPE CD/DVD Builder window 

1. The Source box should contain the path to the Windows installation files, i.e.
the \i386 folder. See Creating a BartPE Boot CD\DVD for further info.

2. The Custom folder should contain any other local or remote files and folders
you may wish to include. Note: Do not include the Windows directory or any
other folder that has files in use. Also, bear in mind that the files you add must
fit your target CD or DVD. If you are unsure what to enter in this field, then
leave it empty.

3. In the Output Directory field enter a directory name to store the files PE
Builder copies. Please note that the location you enter is relative to your
\pebuilder directory.

4. If you need to specify an absolute path, you must change the Output path
absolute in the Builder Æ Options dialog.

5. Use the Media Output section to specify whether you want to create a
CD/DVD or an ISO image.

NOTE: you can click the Plugins button to add, edit, enable/disable, configure or remove plugins from the 
list. 

6. Click the Build button to start writing the CD/DVD or build the ISO image.

Boot from the BartPE Windows CD/DVD


WinTech is accessed via the BartPE plug-in boot CD/DVD. When the problem machine
is booted with this CD/DVD, the first screen you will see is the Endpoint Encryption

|9
WinTech

interface (see below). This will be followed by a pop up dialogue that will prompt you
to start network services. You may start the network services if you have added the
drivers for your Ethernet card to the CD/DVD build; otherwise click No.

1. Boot the machine with the BartPE CD/DVD. This will load the Endpoint
Encryption interface.

Figure 2 ‐ Accessing Endpoint Encryption WinTech 

Figure 3 ‐ The WinTech application 

Reset INT 13
INT 13 is an interrupt vector that stores a machine’s bios information. If the hardware
of a machine changes (the motherboard, for example) or a virus has affected the bios,
this will have an impact on the pre-boot environment and Endpoint Encryption will not
work. In this situation you will need to boot from the BartPE CD/DVD to access
WinTech and reset the INT 13 to reflect the correct bios.

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

10 |
WinTech

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

• The daily access (authorization) code. This can be obtained directly from
McAfee Support or from your internal Help Desk (Note: availability from your
Help Desk is dependent on your contract with McAfee).

2. Boot the machine with the BartPE CD/DVD. This will load the Endpoint
Encryption interface.

3. Click the Go Æ Programs Æ EEPC WinTech.

4. Enter the authorization/access code when prompted and click Ok.

5. From the top toolbar select EEPCÆAuthenticate from SBFS. This will prompt
you for the Endpoint Encryption credentials for this machine.

6. Enter the username and password for the client machine.

7. Click the EEPC Æ RESET INT13 Vector from the menu. A message
containing INT13 has been successfully reset should appear.

8. Click OK.

Avoiding the Reset of INT13 for a BIOS upgrade


If you wish to avoid the Reset INT 13 condition while updating the BIOS, then you can
temporarily turn off Virus Protection before the BIOS upgrade.

1. Locate the machine in the Endpoint Encryption Manager, Devices tab.

2. Right-click on it and select Properties.

3. Select the General icon.

4. Under Options, scroll down until you find Virus Protection.

5. Deselect the Enable MBR virus protection option.

6. Click Apply.

When the BIOS has been upgraded, the Enable MBR virus protection option should
be re-enabled and the machine synchronized. This will again protect the machine’s
boot sector.

Encryption and Boot Sector Removal Procedure 1


Use the following procedure in the event that:

• Windows becomes corrupt.

• You cannot access the data of an encrypted machine.

| 11
WinTech

• Encryption or decryption fails.

CAUTION: Make sure the machine’s main power supply is plugged in for this procedure. Do not attempt to 
perform on battery only. 

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.
Note: any sticks and drives required to access the machine must be plugged
in before WinTech starts.

• The daily access/authorization code. This can be obtained directly from McAfee
Support or from your internal Help Desk. Note: availability from your Help
Desk is dependent on your contract with SafeBoot.

1. Boot the machine with the BartPE CD/DVD. This will load the Endpoint
Encryption interface.

2. Click the Go Æ Programs Æ EEPC WinTech.

3. Enter the access code when prompted and click Ok.

4. From the top menu click the EEPC option.

5. Select the Authenticate from SBFS option from the EEPC menu.

6. Enter the machine’s username and password.

7. Select Remove SafeBoot.

This will decrypt the drive and remove the boot sector. It may take some hours
depending on the machine performance and the storage capacity of the drive or
partition.

8. Next, when Endpoint Encryption has been removed, delete its record from the
Endpoint Encryption Manager (the central record will no longer have the
correct parameters for the machine). See the Endpoint Encryption for PC
Administration Guide for further information, or, contact your Endpoint
Encryption Database Administrator.

NOTE: If you had a problem with Windows and the operating system is repaired, Endpoint Encryption will 
automatically reactivate itself if the installed files are still intact. It will also connect to the Endpoint 
Encryption Server.  The machine may encrypt at this point too depending on its settings in the database. 

12 |
WinTech

This can be prevented by disconnecting from the network prior to booting the machine (or disable wireless 
networking).  After Windows has loaded, open Dos CMD prompt. Change to the EEPC folder on the machine 
and enter: “sbsetup –Uninstall”. This command can only be used if the drive is completely unencrypted. 

CAUTION: Make sure you check where the \SBADMIN (administration system files) and the \SBDATA 
(database folder) have been installed. If your installation is not in the recommended locations, then make 
sure you check where they have been installed before proceeding. 

Also, disconnecting from the network will prevent re‐activation only if this machine was originally an Online 
install. If it was an Offline install, then boot to Windows Safe Mode first.  See the Endpoint Encryption for PC 
Administration Guide for further information regarding online and offline installation. 

Encryption and Boot Sector Removal Procedure 2


If Endpoint Encryption does not work and the previous Encryption and Boot Sector
Removal Procedure 1 cannot be used, then follow this procedure. Note: this procedure
should only be attempted under the guidance of McAfee Support. For this method the
machine’s configuration should be exported from the database.

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.
Note: any sticks and drives required to access the machine must be plugged
in before WinTech starts.

• The daily access/authorization code. This can be obtained directly from McAfee
Support or from your internal Help Desk Note: availability from your Help
Desk is dependent on your contract with McAfee.

Export machine configuration to a floppy disk or a USB stick.

1. Insert your choice of removable media, i.e. floppy disk or USB drive.

2. Select the Devices tab from the Endpoint Encryption Manager.

3. Right-click on the machine name.

4. Select Export Configuration and browse to the floppy disk or USB drive.

5. Enter a name the database.

6. Click Save.

Boot the machine with the BartPE CD/DVD. This will load the Endpoint
Encryption interface.

| 13
WinTech

1. Click the Go Æ Programs Æ EEPC WinTech.

2. Enter the access code when prompted and click Ok.

3. From the top menu click the EEPC option.

4. Select the Authenticate from Database option from the EEPC menu.

5. Next, select the machine SDB file and click Ok.

6. Select the correct machine name from the Select Machine window.

7. Select Remove EEPC from the EEPC drop down menu. This will decrypt the
drive and remove the boot sector. It may take some hours depending on the
machine performance and the storage capacity of the drive or partition.

8. Remember to delete the machine’s record from the Endpoint Encryption


Manager after Endpoint Encryption has been removed. The central record will
no longer have the correct parameters for the machine.

NOTE: When the operating system is repaired, Endpoint Encryption will automatically reactivate itself if the 
installed files are still intact and it connects to the Endpoint Encryption Server. The machine may encrypt at 
this point too depending on its settings in the database. 

This can be prevented by disconnecting from the network prior to booting the machine (or disable wireless 
networking).  After Windows has loaded, open Dos CMD prompt. Change to the EEPC folder on the machine 
and enter: sbsetup –Uninstall. This command can only be used if the drive is completely 
unencrypted. 

WARNING: Disconnecting from the network will prevent re‐activation only if this machine was originally an 
‘online’ install of SafeBoot. If it was an ‘offline’ install boot to Windows Safe Mode first.  See the Endpoint 
Encryption for PC Administration Guide PDF document for further information regarding online and offline 
installation. 

Mount Drive
The Mount Drive feature allows quick access to data on an encrypted drive. This is
only possible if the administrator has been properly authorized using the correct key.
There is no need to completely decrypt the drive first to get at important files. Data is
decrypted on-the-fly from the encrypted disk and this allows full access to the
contents. This includes access to data stored on removable media.

Before proceeding you must have the following:

• The BartPE Boot CD/DVD boot disk.

14 |
WinTech

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

• The daily access (authorization) code. This can be obtained directly from
McAfee Support or from your internal Help Desk (Note: availability from your
Help Desk is dependent on your contract with McAfee).

1. Export the machine configuration to a floppy disk or a USB stick. Insert your
choice of removable media, i.e. floppy disk or USB drive.

2. Select the Devices tab from the Endpoint Encryption Manager.

3. Right-click on the machine name.

4. Select Export Configuration and browse to the floppy disk or USB drive.
(Note: There are two options you can select: the Include all users in the
configuration option will add all users that can access the machine, into the
machine configuration; the Include all files in the configuration option will
add all the files assigned to the machine’s groups into the machine
configuration).

5. Enter a name for the database file.

6. Click Save.

NOTE: Any USB sticks or drives you need to access later will need to be plugged in before Windows PE starts 
to load. This includes any encrypted disks you wish to access, or, any disk containing the machine export 
database. 

7. Boot the machine with the BartPE CD/DVD. This will load the Endpoint
Encryption interface.

8. Click the GoÆ Programs Æ EEPC WinTech.

9. Enter the authorization/access code when prompted and click Ok.

NOTE: The Info bar at the bottom of the tool reports Not Authorized until the code has been correctly 
entered. After the code has been entered, this changes to Authorized. 

The Not Authenticated message still shows. User authentication or an encryption key to decrypt any data is 
still required! 

10. Now enter the machine’s key retrieved earlier from the exported database.
From the EEPC menu select Authenticate from Database.

11. Browse to the location of the exported machine configuration, i.e. floppy or
USB stick.

| 15
WinTech

12. Click the SDB file you created earlier.

13. From the Disk menu, choose Mount Drive.

14. From the Go menu run the file management tool (BartPE default is A43 File
Utility Manager).

Restoring the MBR (Master Boot Record)


The MBR loads the boot sector which in turn will load the operating system. The MBR
of a machine is stored in the central administration database during the
synchronization and can therefore be exported as part of the Endpoint Encryption
Transfer Database (.SDB) file. Note: if you have performed a manual (forced) decrypt
then you must follow this procedure to restore the original MBR.

Before proceeding you must have the following:

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

Authenticate from the database using the .SDB file on the floppy disk or USB. This
must be plugged in before booting from the BartPE CD/DVD.

1. Click the EEPC menu followed by the Authenticate from Database option.

NOTE: There is a known problem with BartPE at present: if you select the Authenticate from Database 
option from the EEPC menu, the dialog box may not immediately display the .SDB file(s). To view the 
contents of the floppy disk/USB stick, then type in the drive letter containing the media, e.g. a:\, f:\, etc. 

2. Next, select the machine SDB file from the floppy disk or USB drive.

3. Click Open.

4. Select the correct machine name from the Select Machine window.

5. Click Ok to confirm the authentication.

Restore the MBR:

1. Click the Disk menu followed by Restore MBR.

2. Click Yes to confirm that you want to overwrite the Master Boot Record.

Restoring the EEPC MBR


The EEPC MBR loads the EEPC pre-boot environment. This MBR is stored in the central
administration database during the synchronization. You can restore the EEPC MBR in
the event.

Before proceeding you must have the following:

16 |
WinTech

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

Authenticate from the database using the .SDB file on the floppy disk or USB. Note:
this must be plugged in before booting from the BartPE CD/DVD:

1. Click the EEPC menu followed by the Authenticate from Database option.

NOTE: There is a known problem with BartPE at present: if you select the “Authenticate from Database” 
option from the EEPC menu, the dialog box may not immediately display the .SDB file(s). To view the 
contents of the floppy disk/USB stick, then type in the drive letter containing the media, e.g. a:\, f:\, etc. 

2. Next, select the machine SDB file from the floppy disk or USB drive.

3. Click Open.

4. Select the correct machine name from the Select Machine window.

5. Click Ok to confirm the authentication.

Restore the EEPC MBR:

1. Click the Disk menu followed by Restore MBR.

2. Click Yes to confirm that you want to overwrite the Master Boot Record.

| 17
SafeTech

SafeTech
This chapter explains some of the common tasks that can be undertaken using
McAfee’s disaster recovery tool, SafeTech.

Please exercise caution for all SafeTech procedures. McAfee is not responsible for the
loss of data. Please contact McAfee if you are unsure about attempting any of these
procedures.

Creating a SafeTech Boot Disk


You can create a boot disk from the Endpoint Encryption Manager by using the
Recovery menu option.

1. Select the Recovery option on the top toolbar of the Endpoint Encryption
Manager.

2. Select Create SafeTech Boot Disk.

3. Enter a floppy disk into the a:\ drive and select Ok. This will create the boot
disk.

Creating the Endpoint Encryption Transfer Database


The Endpoint Encryption Transfer Database is the machine configuration file (.SDB).
This file contains the machine key that will provide access to the problem machine.

1. Enter the media into the drive you wish to export the database to, e.g. floppy
disk or USB drive.

2. Select the Devices tab from the Endpoint Encryption Manager.

3. Right-click on the machine name.

4. Select Export Configuration and browse to the floppy disk or USB drive.

5. Enter a name for the database.

6. Click Save.

Emergency Boot
The Emergency boot is performed in the event of Endpoint Encryption failing to boot or
the logon screen is corrupt.

Before proceeding you must have the following:

• The SafeTech boot disk.

18 |
SafeTech

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

• The daily access code. This can be obtained directly from McAfee Support or
from your internal Help Desk (Note: availability from your Help Desk is
dependent on your contract with McAfee).

1. Create a SafeTech boot disk. See the Creating a SafeTech Boot Disk procedure
at the beginning of this chapter.

2. Reboot the problem machine using the SafeTech boot disk.

3. Enter the authentication code.

4. Click Ok.

Authenticate from the database file (.SDB)

1. Enter the media containing the machine configuration file (.SDB).

2. From the top toolbar click SafeBoot.

3. Select Authenticate from Database.

4. Select the machine configuration file (filename.SDB) from the disk or USB
drive.

5. Click Ok. The machine name will be shown in the open window. This will be
the machine exported from the Endpoint Encryption Manager. The correct
machine name is listed.

6. Click Use Selected Machine. The panel at the bottom of the SafeTech screen
should display an Authorized and Ready status.

Perform the Emergency Boot.

1. From the top toolbar click SafeBoot.

2. Click the Emergency Boot option. This will prompt you to confirm the
operating system.

3. Click Yes if you are using Windows XP (or earlier), or, click No if you are using
Windows 2003, Vista and higher.

4. Click Ok to confirm the Emergency boot.

When the machine boots into Windows, if there is a network connection to the
Endpoint Encryption server, then the machine will synchronize with the Endpoint
Encryption Object Directory and fully repair itself. Check this by right-clicking on the
Endpoint Encryption icon in the system tray, followed by “Show Status”.

| 19
SafeTech

If Endpoint Encryption is unable to establish connection to the master directory at this


time, continue to use the SafeTech Emergency Repair boot disk to boot the machine
until a connection to the server is made.

Reset INT 13
INT 13 is an interrupt vector that stores a machine’s bios information. If the hardware
of a machine changes (the motherboard, for example) or a virus has affected the bios,
this will have an impact on the pre-boot environment and Endpoint Encryption will not
work. In this situation you will need to use a boot disk to access SafeTech and reset
the Int 13 to reflect the correct bios.

Before proceeding you must have the following:

• The SafeTech boot disk.

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

• The daily access code. This can be obtained directly from McAfee Support or
from your internal Help Desk (Note: availability from your Help Desk is
dependent on your contract with McAfee).

1. Create a SafeTech boot disk. See the Creating a SafeTech Boot Disk procedure
at the beginning of this chapter. Note: The machine configuration is not
required.

2. Reboot the problem machine using the SafeTech boot disk.

3. Enter the access code when prompted and click Ok.

4. From the top toolbar select EEPC followed by Authenticate from SBFS. This
will prompt you for the Endpoint Encryption credentials for this machine.

If you get a message that indicates a failure to read the values from the disk, contact
McAfee Support – otherwise, click Login With Selected Token.

5. Enter the username and password for the client machine.

6. Click the EEPC option from the toolbar and select the RESET INT13 Vector
from the menu. The INT13 has been successfully reset message should
appear.

7. Click OK.

Avoiding the Reset of INT13 for a BIOS upgrade


If you wish to avoid the Reset INT 13 condition while updating the BIOS, then you can
temporarily turn off Virus Protection before the BIOS upgrade.

20 |
SafeTech

1. Locate the machine in the Endpoint Encryption Manager, Devices tab.

2. Right-click on it and select Properties.

3. Select the General icon.

4. Under Options, scroll down until you find Virus Protection.

5. Deselect the Enable MBR virus protection option.

6. Click Apply.

When the BIOS has been upgraded, the Enable MBR virus protection option should
be re-enabled and the machine synchronized. This will again protect the machine’s
boot sector.

Encryption and Boot Sector Removal Procedure 1


Use the following procedure in the event that:

• Windows becomes corrupt.

• You cannot access the data of an encrypted machine.

• Encryption or decryption fails.

CAUTION: Make sure the machine’s main power supply is plugged in for this procedure. Do not attempt to 
perform it on battery only. 

Before proceeding you must have the following:

• The SafeTech boot disk.

• The daily access code. This can be obtained directly from McAfee Support or
from your internal Help Desk (Note: availability from your Help Desk is
dependent on your contract with McAfee).

1. Create a SafeTech Boot Disk. See the Creating a SafeTech Boot Disk procedure
at the beginning of this chapter.

2. Boot the problem machine with the SafeTech Boot disk.

3. Enter the authorization code.

4. From the top menu click the EEPC option.

5. Select the Authenticate from SBFS option from the EEPC menu. SafeTech
reads values from the drive and returns a message. If the message indicates a
failure to read the values from the disk then contact McAfee Support,
otherwise, choose the right token and click Logon with Selected Token.

6. Enter the machine’s username and password.

| 21
SafeTech

7. Select Remove SafeBoot.

8. This will decrypt the drive and remove the boot sector. It may take some
hours depending on the machine performance and the storage capacity of the
drive or partition.

9. Next, when Endpoint Encryption has been removed, delete its record from the
Endpoint Encryption Manager (the central record no longer has the correct
parameters for the machine). See the Endpoint Encryption for PC
Administration Guide for further information, or, contact your Endpoint
Encryption Database Administrator.

NOTE: If you had a problem with Windows and the operating system is repaired, Endpoint Encryption will 
automatically reactivate itself if the installed files are still intact. It will also connect to the Endpoint 
Encryption Server.  The machine may encrypt at this point too depending on its settings in the database. 

This can be prevented by disconnecting from the network prior to booting the machine (or disable wireless 
networking).  After Windows has loaded, open Dos CMD prompt. Change to the Endpoint Encryption folder 
on the machine and enter: “sbsetup –Uninstall”. This command can only be used if the drive is completely 
unencrypted. 

CAUTION: Make sure you check where the \SBADMIN (administration system files) and the \SBDATA 
(database folder) have been installed. If your installation is not in the recommended locations, then make 
sure you check where they have been installed before proceeding. 

Also, disconnecting from the network will prevent re‐activation only if this machine was originally a 
Endpoint Encryption ‘online’ install. If it was an ‘offline’ install, then boot to Windows Safe Mode first.  See 
the Endpoint Encryption for PC Administration Guide for further information regarding online and offline 
installation. 

Encryption and Boot Sector Removal Procedure 2


If Endpoint Encryption does not work and the previous Encryption and Boot Sector
Removal Procedure 1 cannot be used, then follow this procedure. Note: this procedure
should only be attempted under the guidance of McAfee Support. For this method the
machine’s configuration should be exported from the database.

Before proceeding you must have the following:

• The SafeTech boot disk.

• The floppy drive or USB containing the machine configuration file (.SDB). This
contains the machine key that will provide access to the problem machine.

22 |
SafeTech

• The daily access code. This can be obtained directly from McAfee Support or
from your internal Help Desk (Note: availability from your Help Desk is
dependent on your contract with McAfee).

1. Create a SafeTech Boot Disk. See the Creating a SafeTech Boot Disk procedure
at the beginning of this chapter.

2. Export machine configuration file (.SDB) to a floppy disk or a USB stick. See
the Creating the Endpoint Encryption Transfer Database procedure earlier in
the chapter.

3. Boot the problem machine with the SafeTech boot disk.

4. Enter the authorization code when prompted.

Use SafeTech to authenticate from the database:

1. From the top menu click the EEPC option.

2. Select the Authenticate from Database option from the EEPC menu.

3. Next, select the machine SDB file and click Ok.

4. Select the correct machine name from the Select Machine window.

5. Select Remove EEPC from the EEPC drop down menu. This will decrypt the
drive and remove the boot sector. It may take some hours depending on the
machine performance and the storage capacity of the drive or partition.

6. Remember to delete the machine’s record from the Endpoint Encryption


Manager after Endpoint Encryption has been removed. The central record will
no longer have the correct parameters for the machine.

NOTE: When the operating system is repaired, Endpoint Encryption will automatically reactivate itself if the 
installed files are still intact and it connects to the Endpoint Encryption Server.  The machine may encrypt at 
this point too depending on its settings in the database. 

This can be prevented by disconnecting from the network prior to booting the machine (or disable wireless 
networking).  After Windows has loaded, open Dos CMD prompt. Change to the Endpoint Encryption folder 
on the machine and enter: sbsetup –Uninstall. This command can only be used if the drive is 
completely unencrypted. 

WARNING: Disconnecting from the network will prevent re‐activation only if this machine was originally an 
‘online’ install of SafeBoot. If it was an ‘offline’ install boot to Windows Safe Mode first.  See the Endpoint 
Encryption for PC Administration Guide PDF document for further information regarding online and offline 
installation. 

| 23
SafeTech

24 |
Glossary

Glossary
Topic  Description 

Algorithms  An option on the main menu for setting the correct algorithm on 
a machine. 

Authorize  Enter the daily access/authorization code in this dialog box. The 
code can be obtained directly from McAfee Support or from your 
internal Help Desk. Note: availability from your Help Desk is 
dependent on your contract with McAfee.  

Authenticate from Database  This function allows the user to authenticate using the machine 
key obtained via the Select Transfer Database (SDB file) exported 
 
from the master object directory. 

Authenticate from SBFS  This authentication is through entering the correct userid and 
password. 

Authenticate from HP Recovery  This option is applicable to users of HP computers only. HP users 
File  can create a recovery file containing the machine key and 
recovery key. This menu option allows the user to authenticate 
onto a problem HP machine using the saved recovery file. 

Contact  Displays a list of current world telephone support numbers. 

Crypt/Decrypt Sectors  The Crypt/Decrypt option allows you to safely manipulate which 
sectors are encrypted on the disk. This option follows the crypt 
list (see “Get Disk Information”) to validate the ranges you 
submit, so it will not encrypt sectors which are currently 
encrypted, and will not decrypt sectors which are currently not 
encrypted. This option supports power fail protection.  
You can only use the Crypt/Decrypt Sectors option if the disk 
crypt state is still valid. If Endpoint Encryption has become 
corrupt on the disk, or the crypt state has been corrupted, you 
will need to use the Force Crypt/Decrypt Sectors option.  
If you change the encryption state with the Crypt/Decrypt 
Sectors option, appropriate modifications will be made to the 
disk Crypt List. For example, if you encrypt a new range, a new 
Region definition will be created. If you decrypt within an 
existing Region, then the existing region will be split into two, if 
you completely decrypt a region, it will be removed from the 
crypt list. 

Disk  Menu containing the options: Get Disk information; Repair Disk 
Information; Crypt Sectors; Force Crypt Sectors; Edit Crypt State; 
Restore MBR; Restore EEPC MBR; Mount Drive. 

| 25
Glossary

Topic  Description 

Disk Information  GUID – The unique GUID of the machine’s disk (a Endpoint 
Encryption for PC construct). 
 
Alg ID ‐ The ID of the Endpoint Encryption Algorithm used to 
encrypt the disk. 
Database ID – The Endpoint Encryption Database ID 
(hexadecimal) of the host Endpoint Encryption Database that 
this machine has registered its keys to, and is accepting policy 
updates from. You can determine the Database ID through 
Endpoint Encryption Manager by looking at the License 
Information.  
Machine ID – This is the machine unique object ID. You can find 
the machines corresponding policy object by authenticating to 
the correct Endpoint Encryption Database (using the Database ID 
above to ensure you’re connected to the correct DB). Then click 
the “Endpoint Encryption Machines Group” node in the Devices 
tab, then click the “Groups” → “Find” and search for the 
appropriate Object ID – in the example above it would be 
00000003.  
SBFS Sector Map – This is the sector location at the beginning of 
the SBFS Sector map. The SBFS Sector map defines the ranges of 
sectors on the users’ hard disk which contain the Endpoint 
Encryption for PC pre‐boot environment.  
SBFS Sector Map Count – This is the size of the sector map.  
Key Check – A hash of the encryption key used to protect the 
machine. This is used to verify keys are correct.   
Crypt List 
Region Count – The number of defined crypted areas of this 
logical disk. This usually corresponds to the number of partitions 
on the drive.  
  Region … ‐ Each region is defined as follows: 
  Start Sector – The physical start sector of the region 
  End Sector – The last physical sector included in the 
region 
  Sector Count – The number of sectors included in this 
region 
PowerFail Status – Endpoint Encryption for PC tracks the 
progress of encryption on the drive to ensure that if power is lost 
during encryption, the process is recoverable.  
Status – Determines whether the drive is currently in powerfail 
state. A status of Inactive indicates that the current encryption 
process has finished.  
Partition – A section per Logical partition on this physical drive as 
follows: 
Partition Number – The unique partition number. 
Partition Type – The file system detected on this partition. 

26 |
Glossary

Topic  Description 
Partition Bootable – Whether the partition is bootable or not.  
Partition Recognised – Whether the partition is recognized as 
viable. 
Partition Drive Letter – The detected drive letter of this partition. 
Partition Start Sector – The physical start sector of the partition. 
Partition End Sector – The physical end sector of the partition. 
Partition Sector Count – The number of sectors in the partition. 

Edit Disk Crypt State  Before using this option call McAfee Technical support for 
assistance. 
This option will certainly cause irretrievable data loss if used 
incorrectly. 
Ensure when using this option that there is no possibility of 
losing power while it is working – this option DOES NOT support 
power fail protection. 

Emergency Boot  Repairs the Endpoint Encryption File system on the client 
machine. 

EEPC  Endpoint Encryption for PC (formerly known as Endpoint 
Encryption for PC). 

Force Crypt/Decrypt Sectors  Before using this option call McAfee Technical support for 
assistance. 
 
Unlike the Crypt/Decrypt sectors option, the Force 
Crypt/Decrypt option does not pay attention to the disk crypt 
state, it simply performs the operation blindly according to user 
input. Force Crypt does not support power fail, nor does it apply 
any logic or parameter validation on the input.  
You should only use the Force Crypt/Decrypt sectors option 
when all else fails, when the on‐disk structures are completely 
corrupted for example.  
This option will certainly cause irretrievable data loss if used 
incorrectly. If you are forced to use this option, you should make 
a recording of each operation you apply to aid in data recovery.  
Ensure when using this option that there is no possibility of 
losing power while it is working – this option DOES NOT support 
power fail protection. 

Get Disk Information  This option displays information about the physical drives 
detected by SafeTech. Each physical disk has a node in the disk 
information tree which describes its LUN, partitions, size and 
Endpoint Encryption information.  

Mount Drive  The Mount Drive feature allows quick access to data on an 
encrypted drive. This is only possible if the administrator has 
been properly authorized using the correct key. There is no need 
to completely decrypt the drive first to get at important files. 
Data is decrypted on‐the‐fly from the encrypted disk and this 

| 27
Glossary

Topic  Description 
allows full access to the contents. 
 

Mount SBFS as a drive  This option provides quick and easy access to the Endpoint 
Encryption File System by mounting it as a drive. 

Open Workspace  This option opens the Workspace window. For assistance on how 
to use the SafeTech/WinTech workspace, please contact McAfee 
 
support. 
Note: The Open Workspace option appears in the Disk menu for 
SafeTech only, however, with the WinTech application appears 
as a main menu option. 

Remove SafeBoot  Removes the encryption and boot sector from a machine, but 
does not remove the Endpoint Encryption client files. (See the 
 
Endpoint Encryption for PC Administration Guide for details on 
removing client files). 

Repair Disk Information  The Repair Disk Information option will fix problems with the 
boot disk only. For this to work the crypt list portion must still be 
 
valid and the power fail state must be inactive.  

Reset INT13 vector  When moving a hard disk between machines, updating the BIOS, 
or after a virus attack, Endpoint Encryption will warn of a 
 
possible virus at boot time and deny access to the machine.  
Should there be a possibility of a virus, run a virus checker.  

Restore MBR  Restores the original MBR of the machine but does no validation 
checking. 
 

Restore EEPC MBR  Now that the disk information for the boot disk is stored in the 
main partition, the only link to it is from the EEPC MBR. If the 
 
EEPC MBR gets removed or corrupted, there is no way to find 
the disk information. So the client now stores the EEPC MBR in 
the database during sync, hence it will be exported to the 
transfer database and can then be used by WinTech to restore 
the EEPC MBR. 
This allows administrators to have the ability to restore it in case 
of a disaster recovery with WinTech. 
This can be used to repair a corrupt logon screen, for example. 

Set Background Colour  This option allows the background colour of the screen to be set 
(SafeTech only)  to improve clarity on older monitors. You can choose from Black, 
Red, Green, Blue, or White.  

.SDB  The file type of the select transfer database file. See below. 

Select Transfer Database  The Select Transfer Database is the machine configuration file 
containing the encryption keys and MBR information for a 
particular machine. This file is created (exported) from the main 

28 |
Glossary

Topic  Description 
database using the Endpoint Encryption Manager. 

Set Disk Algorithm  This option allows you to specify an algorithm for the disk in the 
event that it is not picked up automatically. 
 

Set Workspace Algorithm  This option allows you to specify an algorithm for the Workspace 
in the event that it is not picked up automatically. 
 

Set Algorithm  This option allows you to select which algorithm to use in the 
current SafeTech session. As the Endpoint Encryption for PC 
 
algorithm is an enterprise‐wide setting, and can never be 
changed, you should confirm the algorithm the Endpoint 
Encryption Manager is using before setting it in SafeTech. You 
can do this from the Help/About/Modules screen – check the 
description of the SBAlg.DLL file. 
Selecting the wrong algorithm here will prevent any manual 
decryption functions (decrypt sectors, force decrypt sectors etc) 
perform the wrong mathematical functions on the data. This 
process is reversible, by for example re‐encrypting the sector 
ranges but if the algorithm choice cannot be remembered, can 
be extremely time consuming to recover from. 

| 29

You might also like