Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FGA_Sys_And_Net
Participant

Enterprise Endpoint Security BitLocker encryption feature

Hello,

We have the latest version of Enterprise Endpoint Security (86.60) and one of the recent features is to block all use of BitLocker to protect the PC as much as possible. Which is a good thing.

 

AHTP-24319

"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.

 

We have a Dell Command Update program that allows us to update the drivers and the Bios of the computers. When updating the firmware, it's mandatory to suspend the BitLocker protection, it is managed automatically.

The problem is that Check Point blocks this action.

I would like to allow the Dell Command Update program as a legitimate application and it seems there is an option in the latest Endpoint version, but I don't see any option.

 

AHTP-25171

Endpoint Client now blocks against more encryption programs that may be used to encrypt a drive as part of a Ransomware attack. Programs that are used for legitimate purposes can be allowed by excluding the encryptor's signature. The feature is controlled by the "Block Bitlocker Encryption" option in the Endpoint management.

 

Our Endpoint server is On premise (r81.10)

Any idea?

 

Thanks and kind regards,

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

When I look at the E86.50 release SK, I see the following:

AHTP-24319

"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.

 

I suspect there is no way to exclude a specific program at the moment.
Might be worth a TAC case to confirm.

0 Kudos