Recovery Partition Exclusion - SDE Encryption Rules - Dell DSS - Security - Dell Community

Recovery Partition Exclusion - SDE Encryption Rules

Security

Security
All things Dell Security related

Recovery Partition Exclusion - SDE Encryption Rules

  • Hi Guys,

    Would someone tell us how to exclude the recovery partition of the computers in the SDE Encryption Rules ?

    All recovery partition has been encrypting and we are having some issues to recovery the Operating System when it is necessary

    Please, some help.

    Thanks

  • Hi Bruno!

    in Mid 2015, Microsoft modified the method in which they deliver updates to a "Servicing model" for all operating systems. This introduced an ability for Microsoft to deliver updates and to mount other partitions during those updates to modify their files. When any updates are made to the recovery partition, this mounts the volume (which is typically hidden and un-mountable even by a local administrator). once a volume is mounted Dell Encryption (Dell Data Protection) will attempt to analyze and encrypt the new drive based on volume to ensure it is protected.

    I'm working on updating and publishing a KB that will have the solution ID of SLN244078 in the next few business days with this information.

    You will need to exclude these folders to ensure the recovery partition and files are not encrypted. Once the recovery partition gets mounted again, these will be automatically decrypted:

    -^F#:\Boot\

    -^F#:\Recovery\

    -^F#:\System Volume Information\

    -^F#:\bootmgr

    -^F#:\BOOTNXT

    -^F#:\BOOTSECT.BAK

    Dale

    L4 Support

    Dell Data Protection | Encryption

    Need Immediate help? Please call DDP |E Support @ +1.877.459.7304 Ext. 4310039

  • Hi Dale,

    I really appreciate your help and the explanation.

    I already excluded these folders in the RMC but it seems that the Recovery Partition still encrypted. I rebooted the laptop several times but It does not work.

    Do you know how long does it take to decrypt the partition after applying the exclusions ?

    Thank you,

    -Bruno

  • Hi Bruno!

    Sorry for the delayed response.  The only time the DDP|E agent would see this partition again would be when Microsoft mounts it during a Windows Update process, so we're basically waiting for that to happen again within the Windows OS.

    There is an option to mount the partition and decrypt it offline via our WinPE ISOs.  I can provide more info on that process and download links if you'd like.

    Best Regards,

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • Hi Stephen,

    Thank you for your response

    It would be great with you provide me more information on this process.

    Best Regards,

    Bruno

  • Hey Bruno,

    The following link will take you to the download page for our recovery tools.  Once the download is complete you can extract the contents and burn the ISO file to bootable media.  Then you can review this document which has the detailed steps on how to perform an offline decrypt.  

    If you get stuck at any point please leverage our dedicated support queue via the number in my signature or if you need an international dial in information it can be found at this thread.

    Best Regards,

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • Hey Stephen,

    I appreciate your support on this case.

    I could not reach this link out. It shows an error when I click on it " Page Not Found"

    Could you please provide me another link ?

    Best regards,

    -Bruno Marques

  • Hmmm not quite sure what happened but all my links got messed up when it posted.  Sorry about that.  I edited the post and corrected the links, they are currently working, but I also went ahead and sent you a friend request with the direct links in the messages as well.

    Let me know if you still have issues accessing the links.

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • Hey Stephen, Good Morning

    I can access those links now.

    I really appreciate your help . I will try to do this process to decrypt the recovery partition and if I have any questions or issues I will let you know.

    Thank You,

    -Bruno