Quantcast
Channel: Symantec Connect - Security - Discussions
Viewing all 196 articles
Browse latest View live

File Share Decryption in DR Scenario

March 13, 2016, 2:52 pm
$
0
0
I need a solution

Can someone point me in the right direction for how to decrypt backups during an outage or other DR scenario?  I want to test how to handle restore of encrypted files off-site if our data center is down.

I realize one option is to re-create our SEMS server off-site by restoring the latest SEMS backup.  I believe then the groups keys and adminisrator key used to encrypt the files would be restored to the SEMS and then I could use the Symantec Encryption Desktop to view any restored files.

Is there a command line way to quickly decrypt the encrypted files without having to fire up a SEMS server again?  Assuming I had a copy of the keys readily available.  Sometimes an outage can be short lived and users just want a few files to keep working until the data center systems come back online.

Thanks

Peter

0
Search

Symantec File Share encryption: using hardware tokens as 2nd Factor

March 15, 2016, 1:34 pm
$
0
0
I need a solution

Hello everybody,

We are trying to implement a 2 factor authentication (domain logon + hardware token) using Symantec Encryption Desktop and Encryption Management Server.

The goal is that specific file shares are only accessible -using group keys- once the token has been inserted into the client machine.

The hardware token is being used as key generator and keystore (CKM) in the enrollment process.

Encrypting a share to the users keys works of course, but would result in constant re-encryption with every permission change.

Encrypting to group keys results in the LDAP authentication to be used to authenticate the user, not the token, which enables access even without the token and the private key.

Is there a way to use the hardware token as means of additional authentication and enable group key operations with it?

Or at least add the group membership characteristics to the token itself (for example by adding it as a device)?

I am very thankful for every hint or idea.

Cheers,

Uli

0

Encryption of a new file added to protected folder

March 29, 2016, 1:45 pm
$
0
0
I need a solution

An authorized user is adding files to a protected folder but the added files do not encrypt automatically. I know this because, when I check the folder status, it shows that the number of files un-encrypted matches the number of files added. A re-encrypt fo the folder does encrypt the new files. From the documentation I've read, adding files to a protected folder should encrypt them automatically. Have I missed something when establishing the protected folder?

0
1459346277
4573671

How does this work between company members.

April 14, 2016, 2:12 pm
$
0
0
I need a solution

Hi All. 

I haven't yet used the Symantec Encryption Software. The company is 3-4 members and needs to be able to encrypt sensistive data. My questions are:

1) How do we share the encrypted data amoung members in the company?

2) How do we use encrypted data on a third party machine?

3) How do we recover data in terms of any system failures?

Thanks in advance for any direction, description or advice in this area.

Regards,

Yajesh

0

Symantec Encryption Desktop 10.3 for Windows

April 26, 2016, 8:19 am
$
0
0
I need a solution

Good morning.

when I try to access a file share of PGP encryption I see the folder u:\

but I do not see my key users and is not available add user (disabled).

This is unknown key in key users

UNKNOWN KEY , KEY ID IS 0XC95253CB

How do I view my key ?

Thank you

0

encryption desktop using runas.exe

April 27, 2016, 8:07 am
$
0
0
I need a solution

We are trying to use the File Share Encryption and because of the way we run a particular product, it is giving us fits. The product is Angoss Knowledge Studio. Due to licensing constrains, the appliaction is started with the runas.exe command and all instances are run as a service user account, but the user is logged in as themselves(for compliance reasons). What happens, is the application runs, but the PGPtray and its dependent services, dont realize when it trys to access an encrypted share, so they get access denied. We were able to figure out that if you stop the tray service and the other services and start them in the same script as the angoss program, it is able to access the share from the program. But, the user then loses the ability to access the share from any other applications like windows explorer. It seems it will only run one instance of the application. The format of the scripts is below. Any input or ideas are appreciated.

set WshShell = WScript.CreateObject("WScript.Shell")
strCmd="C:\Program Files\Angoss\runangoss.cmd"
strUser="claire@xxxxxxx.net"
strPass="xxxxxxxx"
WshShell.Run "c:\windows\system32\runas.exe "& " /user:"& strUser & ""& chr(34) & strCmd & chr(34)
WScript.Sleep 1000
WshShell.Sendkeys strPass & "~"

(the cmd it calls)

start """C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe"
"C:\Program Files\Angoss\Workstation 9.4\bin\Angoss.KSMain.exe"

0

PGP Encryption and FIPS 140-2 compliant

May 26, 2016, 1:44 pm
$
0
0
I need a solution

I currently use PGP file encryption to encrypt files coming in/out of my company.  We just got a request that for a certain client, we need to be able to support FIPS 140-2.  My question is I see that I can enable FIPS by going into the advanced options and enabling it.  Then rebooting the server.  My question is would I then need to generate a new Public/Private key set to reflect this change?  I would assume the current keys I've been using would not work.  Is this correct?  Am I missing a step somewhere?  Thanks in advance.

0

Cannot open 8.8gb exe pgp file. Is there a solution?

July 11, 2016, 2:36 pm
$
0
0
I need a solution

Using a temporary trial of pgp encryption some time ago in Windows 7 64bit I created an exe file of 8.82gb containing several mp4 files. During encryption the menu warned that the file was too large but that a "small helper file" would be created to enable decryption even though the final file would be larger than the normal limit. No small file was created and the .exe encrypted file cannot be decrypted. Is there any software that will resolve this problem? Is there any procedure to enable decryption?

0
Search

User on Windows 10 cannot encrypt files

July 13, 2016, 8:50 am
$
0
0
I need a solution

I have an end user who is able to open received PGP encrypted files, but when creating files, a 'the file was corrupted' message populates no matter where the file is opened.

The user is able to receive messages from other users and decrypt them successfully, but can't open files they encrypt on their own machine even when trying to open locally.

Multiple clean installs of the PGP software have not resolved the issue, nor have the functions available under the 'tools' tab.

Please advise if you've run into something similar and how you resolved it.

Thank you!

0

Is there a Master Key available for the Symantec File Share and Drive Encryption?

August 26, 2016, 11:55 am
$
0
0
I need a solution

Hi,

We are planning to use Symantec File Share and Drive Encryption in our environment. I wanted to inquire if there is Master key available to decrypt any File Share or Drive which was encrypted by an employee and now he is refusing to decrypt it because he has left the company or is disgruntled?

0

File Share Encryption utilize resources on Server or the client?

August 26, 2016, 12:01 pm
$
0
0
I need a solution

Hi,

We are planng to use Symantec File Share Encryption in our Environment. I wanted to inqurie if an encrypted file/share is on a server and multiple users access the file, what resources are taxed? Server? PC? Both?

0

Compatibility between Symantec File Share Encryption and Microsoft DFS-R & VSS

August 30, 2016, 12:21 pm
$
0
0
I need a solution

Hi,

We are planning to use Symantec Encryption Management Server (EMS) for managing File Share and Drive Encryption in our environment.  Some of our FIle Servers use Microsoft DFS-R & VSS. I want to know if there are any potential issues or compatiability issues that can arise when used with Symantec File Share Encryption? Any help in this regard will be much appreciated. Thanks.

0

PGP fileshare encryption with group key

September 2, 2016, 8:33 am
$
0
0
I need a solution

I'm using the flex response from DLP to encrypt files from the DLP console. The configuration I have setup encrypts the file to this ACL:

DLP (group key) "Admin"

DLP service account "User"

Everyone (group key) "User"

The DLP group key has an LDAP matched users list that I am included in, and the "Everyone" DLP group key includes all users. My understanding is that anyone in the "admin" level group key can unlock and decrypt a file, and that anyone in the "user" level can unlock the file.

In practice, I can only unlock or decrypt with a private key that I have on my local keyring, in this case the service account or the ADK. My own private key which is on my keyring and  is assigned to my matched consumer record in the PGP group will not unlock the file. So clearly the relationship so far is 1:1. If I have a private key on my keyring that is part of the direct ACL, I can unlock the file. Otherwise I cannot.

What am I missing here?

0

compatibility between pgp and endpoint encryption

September 13, 2016, 2:41 am
$
0
0
I need a solution

At the company where i work, PGP 10.2/10.3 is the official file encryption program all users have access to. But now that it is no longer available to buy, the question has been raised about the compatibility between pgp and endpoint encryption.

If an emplyee encrypt a file in PGP and sends it to a partner that has endpoint encryption. Will it work, can the person at the partner company open the file, using keys, just like in PGP to PGP transfers?

0

Self decrypting archive. Passphrase and admin decryption key

October 31, 2016, 11:35 am
$
0
0
I need a solution

We have Symantec encryption management environment. We use it to allow users to create encrypted folders and files but with the option of our quality assurance officer being able to decrypt with her key to check users are not break information governance rules.
What we users need to do is create encrypted files and send to a variety of third parties none of which use symantec. we have been using self decrypting archives. However we should have the option to check the contents without needing the passphrase the user used when creating the file.
Is it possible to set a master key (which the QA officer holds) as well as a passphrase (for the external companies)

All users are aware of the checking that takes place.

0
Search

How to use Consumer Policy ADK for decryption of file share encrypted folder

November 18, 2016, 12:56 pm
$
0
0
I need a solution

Hi,

We want to decrypt a file that is encrypted by the Key of an ex-employee who is no longer with our organization. We had consumer policy level ADK set for the department to which that user belonged. Can anyone please explain to me what step we need to follow to successfully decrypt the folder?

Thanks.

0

Impact on non-availability of Encryption Management server on File Share Encryption

November 18, 2016, 1:08 pm
$
0
0
I need a solution

Hi,

Noob here. We are using FIle Share Encryption managed by Symantec Encryption Management Server (EMS). I am wondering what will be the impact of unavailability of Symantec Encryption Management Server (EMS) on the operations of File Share Encryption. If there will be an affect then in which ways will it impact our current operations?

Thanks.

0

Symantec Encryption Desktop - Windows 10 updates

November 23, 2016, 11:12 am
$
0
0
I need a solution

I am having an issue with Windows 10 workstations with Symantec Encryption Desktop. During the installation of updates, clients will get stuck and fail at between 75-77%.

This appears to happen only on specific Dell models: Latitude E5550, Optiplex 7040 and the Optilpex 9020m

If I restore from a restoration point before the updates and uninstall Symantec Encryption Desktop, the workstations will update correctly.

This is happening on workstations with versions greater than 10.3.2_MP11.

Windows 7 has no issue.

Any help would be greatly appreciated.

Thanks

JP

0

PGP Desktop: Signing A File So The Signature Wraps the File Instead of Appearing At The End of The File

November 30, 2016, 9:14 am
$
0
0
I need a solution

I'm using "PGP Desktop" to sign a file for a client using a test public key I created. The problem, as they describe it is as follows:

The file has a good signature now however it still failed PGP validation.  The reason it failed is because it’s now being clear-signed.  The signature is attached at the end of the file when it should encompass (wrap) the entire file for it to pass PGP validation.  Do you have an option to disable ‘clear-signing’?

When I right click the key in the software and view the key properties, I cannot find a way to modify properties of the key so that the signature wraps the message instead of being added at the end (a.k.a: clear-signing). It looked like the compression method may be the way to impact this, so I changed it to "ZIP". That didn't work.

Any assistance would be greatly appreciated!

Take it easy on me guys. I've done file encryption plenty of times, but never had a client request the files be signed in this way, so I'm struggling here. They do not support the use of "Kleopatra", and I'd like to leverage what I have. I KNOW this can be done using this tool.

Thanks!

0

Change File Share Drive Letter

December 14, 2016, 2:22 am
$
0
0
I need a solution

Hi,

if I change the mapped drive letter on an encrypted fileshare I can't write any encrypted files.

I can create new files but they are not encrypted.

Also editing existing encrypted files is not possible,

Any idea?

thanx.

0
Viewing all 196 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>