Check Point Full Disk Encryption Recovery

If the operating system does not start on a client computer due to system failure, Check Point Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. offers these recovery options:

Full Recovery with Recovery Media

Client computers send recovery files to the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. so that you can create recovery media if necessary.

After the recovery, the files are restored as decrypted, like they were before the Full Disk Encryption installation, and the operating system can run without the Pre-boot Authentication before the Operating System loads..

Full recovery with recovery media decrypts the failed disk and recovers the data. This takes more time than Full Disk Encryption Drive Slaving Utility and Dynamic Mount Utility that let you access data quickly.

Recovery Media:

Is a snapshot of a subset of the Full Disk Encryption database on the client.
Contains only the data required to do the recovery.
Updates if more volumes are encrypted or decrypted.
Removes only encryption from the disk and boot protection.
Does not remove Windows components.
Restores the original boot procedure.

Users must authenticate to the recovery media with a username and password. These are the options for the credentials to use:

Using SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. - Users that are assigned to the computer and have the Allow use of recovery media permission can authenticate with their regular username and password. In SmartEndpoint, go to the OneCheck User Settings rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. > Advanced > Default logon settings.
When you create the recovery media, you can create a temporary user who can authenticate to it. A user who has the credentials can authenticate to that recovery media. Users do not require Allow use of recovery media permission to use the recovery media. Smart Card users must use this option for recovery.

To perform full recovery with recovery media

Go to Asset Management > Organization > Computers.
From the top toolbar, click and select Remote Help & Recovery > Recovery > Full Disk Encryption Recovery.
Search for the computer which you want to decrypt.

The OS Name and OS version of the computer are displayed.
User List - This list shows the users who have permission to use recovery media for the computer. There must be at least two users on the list to perform recovery.
- If there are two users or more on the list, continue to the next step.
- If there are less than two users on the list:
  1. Click the + sign to create a temporary user or temporary users who can use the recovery media.
  2. In the window that opens add a username and a password that the users use to access the file.
Download the recovery file.

Create the recovery media:

Step

Description

On the Endpoint Security client, go to folder:

C:\Program Files(x86)\CheckPoint\Endpoint Security\Full Disk Encryption\

Double-click UseRec.exe to start the external recovery media tool.

Follow instructions in the tool to create the recovery media.

Note - During the decryption process, the client cannot run other programs.

Full Disk Encryption Drive Slaving Utility

Use this to access specified files and folders on the failed, encrypted disk that is connected from a different "host" system.

The Drive Slaving Utility is hardware independent.

Full Disk Encryption Drive Slaving Utility replaces older versions of Full Disk Encryption drive slaving functionality, and supports R73 and all E80.x versions. You can use the Full Disk Encryption Drive Slaving Utility instead of disk recovery.

Notes:

On an E80.x client computer with 2 hard disk drives, the Full Disk Encryption database can be on a second drive. In this case, you must have a recovery file to unlock the drive without the database.
Remote Help Users can be denied access to their Full Disk Encryption-protected computers or Media Encryption & Port Protection-protected devices for many different reasons. Remote Help can help users in these types of situations. The user contacts the Help Desk or specified administrator and follows the recovery procedure. is available only for hard disk authentication. It is not available for recovery file authentication.

To use the Drive Slaving Utility:

On a computer with Check Point Full Disk Encryption installed, run this command in Windows Command Prompt to start the Full Disk Encryption Drive Slaving Utility:

<DISK:>\Program files(x86)\CheckPoint\Endpoint Security\Full Disk Encryption\fde_drive_slaving.exe

The Full Disk Encryption - Drive Slaving window opens.

Note - To unlock a protected USB connected hard disk drive, you must first start the Drive Slaving Utility, and then connect the disk drive.

Select a Full Disk Encryption protected disk to unlock.

The Unlock volume(s) authentication window opens.
Enter User account name and Password.
Click OK.

After successful authentication, use Windows Explorer to access the disk drive. If you fail to access the locked disk drive, use the Full Disk Encryption recovery file, then run the Drive Slaving Utility again.

Note - To prevent data corruption, shut down the system or use a safe removal utility before you disconnect the USB connected drive.