Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aragorn
Explorer
Jump to solution

Check Point Endpoint Security login ID and Password unknown/forgotten.

I have a friend's personal laptop with Windows 7 and the Check Point Endpoint Security software propping up before the OS boots.  The Endpoint software was installed by the company for whom he did consulting work a few years back. He no longer works there and has not used the laptop for a while.

He now needs to log in and access data on the laptop but does not remember the Endpoint password nor the Windows Administrator password and is not even sure what Username was used to log in.

How can the Endpoint software be disabled? (Once this is done, I can help him get into Windows)

I would greatly appreciate any help.

Thanks very much in advance,

Aragorn.

 

 

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

If you get a Check Point login screen before the normal Windows login, that means Full Disk Encryption is installed.
If that's the case, I'm afraid without having access to the Endpoint Management used to generate the installation package, there's nothing you can do to disable the Endpoint short of completely reformatting the computer.
Even if you knew the credentials to get past the pre-boot login, you need the uninstall password in order to remove the Endpoint software from the PC.

In short, without involving the previous employer, there's not a lot you can do to regain access to the existing Windows installation.

View solution in original post

(1)
PhoneBoy
Admin
Admin

With Full Disk Encryption, the data is stored on the disk encrypted at all times.
This applies whether the machine is powered on or not or whether a user is logged in or not to Windows.
Without the private key used to encrypt the disk, it will not be possible to recover the data from the raw drive.

Once you've logged into the pre-boot (i.e. provided the appropriate credentials), Windows will see the FDE-encrypted drive the same way it sees an unencrypted drive.
All data read/written from/to the physical device will go through the FDE driver, but you will be able to access the data on the drive if you're logged into Windows with a user that can access the data.

View solution in original post

0 Kudos
(1)
12 Replies
PhoneBoy
Admin
Admin

If you get a Check Point login screen before the normal Windows login, that means Full Disk Encryption is installed.
If that's the case, I'm afraid without having access to the Endpoint Management used to generate the installation package, there's nothing you can do to disable the Endpoint short of completely reformatting the computer.
Even if you knew the credentials to get past the pre-boot login, you need the uninstall password in order to remove the Endpoint software from the PC.

In short, without involving the previous employer, there's not a lot you can do to regain access to the existing Windows installation.

(1)
Aragorn
Explorer

Thanks for your speedy reply PhoneBoy. I appreciate your letting me know and now I can relate this to my friend.

Cheers

0 Kudos
Aragorn
Explorer

Hello, again PhoneBoy,

If I may pose two more questions, please.

1) Does the "Full Disk Encryption" mean that when logging out of this laptop and the Check Point Endpoint login screen is active, the entire contents of this disk are always encrypted and will only get decrypted upon successful login?

2) Does this then mean that if the drive were to be sent to a professional data recovery company and they get to the data, will the user data that they may be able to access, still be encrypted? I mean without trying any fancy science fiction movie decryption stuff 🙂

I need to know if this is an alternate solution.

Thanks very much.

Aragorn.

 

0 Kudos
PhoneBoy
Admin
Admin

With Full Disk Encryption, the data is stored on the disk encrypted at all times.
This applies whether the machine is powered on or not or whether a user is logged in or not to Windows.
Without the private key used to encrypt the disk, it will not be possible to recover the data from the raw drive.

Once you've logged into the pre-boot (i.e. provided the appropriate credentials), Windows will see the FDE-encrypted drive the same way it sees an unencrypted drive.
All data read/written from/to the physical device will go through the FDE driver, but you will be able to access the data on the drive if you're logged into Windows with a user that can access the data.

0 Kudos
(1)
Aragorn
Explorer

Thanks very much once again, Phoneboy.  I greatly appreciate that information.

Cheers,

Aragorn.

0 Kudos
Aragorn
Explorer

Dear Phoneboy (Admin),
I am sorry but I really need to bother you once more as Check Point is now our only hope.
My friend contacted Investors Group (now known as IG Wealth Management), the company he worked for a while ago and asked them to arrange to remove the Check Point Endpoint Security Client off his personal laptop.

Unfortunately, they said they could not do this because they no longer use Check Point.

Since this is Check Point's product, surely there must be a way that Check Point can access and remove this software off this laptop. Also, since Investors Group no longer uses Check Point software, there is no question of a conflict arising.

I will greatly appreciate it if you can let me know if Check Point can help us in this matter.

Thanking you in advance,

Aragorn

0 Kudos
Dorit_Dor
Employee
Employee

Your question equals “does cp have back door to read encrypted endpoints” and the answer is clearly no!
Check point does NOT have ability to access the private customer data. i would be concerned as customer if cp had such things

the sole owner of “opening keys” is the customer and the owners of the end user credentials are the user of the system and the company - this has nothing with being a customer - they can recover from backup etc (they can use temporary access to recover it if they have the keys.

We never hold the keys

Dorit

0 Kudos
(1)
Aragorn
Explorer

Dear Dorit_Dor,

You did read my question correctly but I had to ask it because I needed to know for sure. You see, the data on the drive which my friend can no longer access may be required for tax reporting if asked for by the Tax Authorities. At least now he can explain the situation and that all attempts were made to find a solution.

Thanks,

Aragorn.

 

 

0 Kudos
PhoneBoy
Admin
Admin

Without the credentials needed to log in to the system or recovery media for the precise system to decrypt it (generated from Endpoint Management), I’m afraid there is nothing we as Check Point can do to provide access that machine.

0 Kudos
(1)
Aragorn
Explorer

Thanks for confirming, Phoneboy.

Cheers,

Aragorn

 

0 Kudos
Cheto
Explorer

Hi PhoneBoy,

My question isn't the same as Aragorn but this thread appeared in my search.

I have an external HD that has content encrypted with Check Point Endpoint Security.  I've forgotten my password and our IT group attempted to perform a Key Recovery using the Challenge code that appears in my CPES window but received the error that I (my username) is incorrect.  I definitely was the person who performed the initial encryption but it was a few years ago.  I'm at the same company and I have the same username but the laptop I've plugged the external HD into may be different.

Are there any troubleshooting steps we can take regarding Key Recovery?  Is there additional information that would help solve this mystery?

Thanks!

0 Kudos
PhoneBoy
Admin
Admin

You will need to work with the TAC on this: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events