Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alex_Aitis
Explorer

Checkpoint FDE RAW partition no OS load

Hello to all,

We are the start of implementing FDE with Checkpoint and from 26 pc encrypted with preboot enabled we have 2 laptops that are not loading OS anymore after preboot authentification. We checked the disks and the partition that was encrypted its RAW (after preboot auth)

The common things are: Windows 10 Pro(1703 / 1709) 

Endpoint client is 80.83

What can we do to try recovering the OS? Some hints and tips?

Thank you 

0 Kudos
5 Replies
Alex_Aitis
Explorer

Also if anyone can point me how to collect the logs from that machine if it doesn't boot?

L.E: found the preboot tool Smiley Happy 

0 Kudos
Alex_Aitis
Explorer

So we did recover the data(with recovery media tool - decrypted the partition) and now Windows is still not loading giving us a blue screen with error "Page fault in non paged area" 

Looking for advise

0 Kudos
Steve_Lander
Collaborator

Can you try to boot into Safe Mode to see if you can get to the OS?  From my experience if we can get the data off the laptop by mounting the drive, but it can't boot to windows, we have just been rebuilding those laptops (imaging a new OS). 

I would open up a case with TAC if getting the actual data off the laptop is not possible even though you decrypted the laptop.

Alex_Aitis
Explorer

Eventually, we will reinstall that laptop. The support told me that it was an issue with Fast Startup function from Windows.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

We are still looking for possible scenarios on how to avoid this...

Any tips and tricks?

0 Kudos
Steve_Lander
Collaborator

In our BIOS settings, we use the new UEFI BIOS instead of legacy.  We have Fast Boot in the BIOS off (to correct the issue with usb mouse/keyboards in the preboot environment) and also Fast Startup in the Windows Power Options turned off (via GPO).

Since we turned off that fast startup in Windows, we haven't had that screenshot thats in the SK article you listed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events