Configuring Full Disk Encryption
Full Disk Encryption gives you the highest level of data security for Endpoint Security client computers.
It combines boot protection and strong disk encryption to ensure that only authorized users can access data stored in desktop and laptop PCs.
When you add or remove Full Disk Encryption for the Endpoint Security client, the client must restart to enforce them on the endpoint.
Check Point's Full Disk Encryption has two main components:
- Check Point Disk Encryption for Windows - Ensures that all volumes of the hard drive and hidden volumes are automatically fully encrypted. This includes system files, temporary files, and even deleted files. There is no user downtime because encryption occurs in the background without noticeable performance loss. The encrypted disk is inaccessible to all unauthorized people.
- Authentication before the Operating System Loads (Pre-boot) - Requires users to authenticate to their computers before the computer boots. This prevents unauthorized access to the operating system using authentication bypass tools at the operating system level or alternative boot media to bypass boot protection.
Full Disk Encryption also supports BitLocker Encryption for Windows Clients and FileVault Encryption for macOS
The Full Disk Encryption policy contains a pre-defined Default Policy rule, which applies to the entire organization.
Each new rule you create, has pre-defined settings, which you can then edit in the right section of the screen.