Seqrite encryption policy lets you encrypt sensitive data and protect it from unauthorized access.
Data on a lost or stolen device is vulnerable to unauthorized access, either by running a software-attack tool against it, or by transferring the device’s hard drive to a different device. Seqrite encryption feature helps mitigate unauthorized data access by performing volume encryptions using Microsoft BitLocker.
This feature enables you to:
System Requirements
Server Pre-requisites:
Service Pack 1.0 applied on Linux EPS Server.
Note: To download the PDF for the detailed steps to apply SP, click the this link: Steps to Apply SP
Client Pre-requisites:
1. Hardware:
2. OS
3. AV update – VDB 21st Feb 2024 or later
Disclaimer
- Ensure that hardware TPM 2.0 is enabled on the endpoint.
- It is highly recommended to back up important data before you apply the encryption policy.
- Seqrite shall not assume responsibility for any loss or damage to data. It is advised to thoroughly review the BitLocker terms prior to implementing this policy.
- In the event of occurrences such as a server crash, it is recommended as a precautionary measure to regularly back up the recovery keys.
- Ensure that the laptop/desktop has enough battery life or is connected to the power source.
- Ensure that the volume you need to encrypt are not already encrypted by any third-party encryption software.
- Depending on the volume size, encryption/decryption might take time and it might affect the system performance. However, you can continue with the work while it is in progress.
- IT Admin should be trained for all the recovery mechanism.
- To avoid any hardware compatibility issue before rolling out encryption to a large number of machines, a pilot testing should be conducted in customer premises on some test machines.
- Encrypting or decrypting the removable media is not supported.
- This feature is supported only on Windows systems.
Configure the Encryption Policy
Following are the steps to configure the Seqrite encryption policy for Windows endpoints to perform encryption/decryption operation for volume.
- Go to the EPS console.
- Click Policies from the left panel. Refer this link to know the steps for creating a new policy.
- Click the edit icon against the desired policy.
- Click Encryption from the left panel and expand the Encryption section by clicking the side arrow.
- Select the Encrypt OS and Fixed Data Volume checkbox to encrypt the OS volume and all the fixed data volumes.
- Clear the Encrypt OS and Fixed Data Volume checkbox to decrypt the already encrypted volumes through Seqrite encryption policy.
- Click Save Policy.
The policy is saved and applied to the supported endpoints.
Rescue Steps
If the systems/volumes are stuck in the recovery mode, these are the steps to retrieve the recovery key.
- Go to the EPS console.
- Go to Reports.
- Click Encryption.
- Click View to open the Endpoint Encryption Status report.
- Click Apply. Enter the required details in the text box and click Generate Report.
- Click Details under the Volume Details column against the endpoint that you need the recovery key for.
- Click the Show Recovery Key button. A table with Recovery Key and other details appears. You can use the key to recover the volume.
In case of multiple entries, you can click Add Filter to search for an endpoint by either entering the endpoint name or the status.
The filtered list appears.
The Volume Status report window appears.
Note that the recovery key is displayed only to the Super Admin and Admin user roles.
For the detailed steps, refer the KB article here.
In case of any issue, contact Seqrite support at support@seqrite.com.