Check Point Disk Encryption for Windows

Ensures that all volumes of the hard drive and hidden volumes are automatically fully encrypted. This includes system files, temporary files, and even deleted files. There is no user downtime because encryption occurs in the background without noticeable performance loss. The encrypted disk is inaccessible to all unauthorized people.

Configuration Options

  • Algorithms used

    Go to Advanced Settings > EncryptionChoose Algorithm.

    Full Disk EncryptionClosed A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. can use these encryption algorithms:

    • AES-CBC 256 bit (Default)

    • XTS-AES 128 bit

    • XTS-AES 256 bit

  • Volumes encrypted

    By default, all drives that are detected after the installation and all visible disk volumes are encrypted. IRRT are not encrypted.

    Go to Advanced Settings > Encryption > Allow Self-Encrypting Drives (SED) hardware functionality.

    Full Disk Encryption probes and uses SED disks that comply with the OPAL standard. If a compatible system and disk are detected, Full Disk Encryption uses the hardware encryption on the disk instead of the traditional software encryption.

    When using SED drives, leave Encrypt hidden disk volumes checked (which is the default setting):

    • AES encryption is always used with SED drives

    • Manage SED drives in the same way as software-encrypted drives.

  • Initial Encryption

    • Encrypt entire drive - Recommended for computers that are in production and already have user data, such as documents and emails.
    • Encrypt used disk space only - Encrypts only the data. Recommended for fresh Windows installations.