This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun_R
Collaborator
‎2018-06-14 10:45 AM

Unable to install Hyper-V service on Windows-10 after enabled FDE(Encrypted Machine)

Hi Team.

I have encountered an issue with a windows-10 machine with the following enabled blades. I am not able to install Hyper-V service where I enable FDE.

Endpoint Client Version: R80.80

Server: R77.30.03

→ FDE

→ Media Encryption

→ Sandblast Blades

Whereas one more machine with the same configuration and in same production I able to install the services, the only difference is that I haven't install the endpoint package yet on this, this issue was triggered on all windows-10 machine where I installed EPS(Endpoint packages). Especially in FDE machine.

When I try to enable the service while rebooting all the feature is getting Undoing with the followed error.

"We couldn't complete the feature Undoing changes, Don't turn off your computer".

FYI: I attached the error screenshot.

By simplifying it: 

I am unable to install in the machine where I installed FDE.

I am able to install in the machine where I am not installed FDE yet.

Addition Information: If I enable the Hyper-V in the first place and observed that I am able to install EPS and encrypted the machine without any issue.

Please let me know if there is any restriction/compatible on FDE machine in windows family.

- Arun.R

3 Replies
Steve_Lander
Collaborator
‎2018-06-14 01:19 PM

Try either upgrading the endpoint client to E80.83 or changing the algorithm from AES-CBC 256 to XTS-AES 256 (can only do this if the BIOS is set to UEFI, not legacy).  Changing the algorithm is pretty easy, it changes on the fly with no interaction with the user, it just starts re-encrypting the computer.

0 Kudos
Arun_R
Collaborator
‎2018-06-14 04:06 PM
In response to Steve_Lander

Can you share me the procedure how to configured it and by changing algorithm will it impacting any things on OS level.?

- Arun.R

0 Kudos
Steve_Lander
Collaborator
‎2018-06-15 05:21 AM
In response to Arun_R

In SmartEndpoint, create a new FDE policy for testing.  Then just clone the action for "Encrypt all local hard disks" and then create a new policy with the new XTS-AES 256 with your desired choices. 

As far as impacting things on the OS level, CheckPoint claims that it is faster and more reliable than the other encyption algorithms.  Also, this has fixed hibernate for us, as when we did our 1703-1803 upgrades, ripping off CheckPoint to do the upgrade and then reinstalling it broke hibernate for our laptops, and changing the algorithm types fixed it.

Sorry for the messy screenshot, the UI of SmartEndpoint doesn't work well with 4k monitors.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events