Overview

Checkpoint’s Full Disk Encryption solution will encrypt the entire hard disk, sector by sector. There are times when a device will have issues and there will be a need to access encrypted files and/or decrypt/uninstall. When the device is in a non bootable state and decryption is required, Recovery Media will need to be created. Once created, the machine can boot from the Recovery Media and decrypt the endpoint. The following process has been used on versions 6.3.1 and 6.3.1 HF6.

Process to create Recovery Media

With every install of FDE, a management console is also installed. This console is of no use without the proper credentials. We will need to access this management console to create Recovery Media.

To access the management console, navigate to: \Program Files\Pointsec\Pointsec for PC\PCMC

Scroll down and locate PointsecForPC.exe. Double click the icon:

You will be prompted to enter credentials to access the management console. Here you will enter the administrator credentials. (example: customeradmin1)

Once the console loads, Click Remote on the left navigation pane.

The Remote screen will appear. On the bottom right corner here, click Create Recovery Media

This will launch a Wizard. On the first screen, click Next

On the next screen, highlight Browse file system for recovery file and click Next

Now click the button to browse your hard drive for the recovery file for this PC needing repair

Locate the Recovery File for the PC on your hard drive

The path and file will now be displayed. Click Next

On the next screen, click Finish

You will be required to enter two authorized credentials to complete this process. Use administrative credentials that have access to create recovery media (example: customeradmin1 and customeradmin2)

On the first screen, enter the first set of credentials

Click OK when the pop up appears notifying you that you successfully authenticated one of the two required accounts.

Now enter the second set of credentials on the next screen

Insert a USB thumb drive into your PC. We recommend using a USB thumb drive with a small capacity (example: 32MB)

Select this device from the drop down and click OK

A pop up will appear, click OK

The Recovery Media creation process will then begin

When complete, a pop up will appear, click OK

The Recovery Media for the PC will now be present on the USB key. You can now boot directly from this USB key to perform the Recovery Process. You may need to modify the BIOS settings to allow the machine to boot from a CD.

If booting from a CD is your preferred process, you will need to create a bootable ISO file using software like NERO and burn a CD. When doing so, make sure include all files on the drive except the file “EA DATA. SF” as it is not needed and will cause errors to occur during the burn process.

If you have any issues with the above procedure please visit www.maas360.com/support

Share