How to protect disk volumes and removable devices using Kaspersky KryptoStorage?

Back to "Starting the program" section

Applies to Kaspersky KryptoStorage

You can encrypt disk volumes (including the system and the boot volumes) and other Mass Storage devices.

Encrypted disk volumes and removable devices have the following features: 

• If you encrypt the system or the boot volume, you must authorize prior to loading the operating system to access the protected volume.

• Moreover, if you encrypt the system volume of a hard disk using Kaspersky KryptoStorage, you protect the crash damp file as well as the RAM data which is saved to the system disk when the system hibernates. If you encrypt the system volume, you prevent the leak of confidential data through the system information which is saved on the hard disk.
• You can use a protected disk or a removable device only if Kaspersky KryptoStorage is installed on the computer and the Protected volumes subsystem is running (by default, the subsystem is running). You can check the subsystem status (enabled\disabled) in the Kaspersky KryptoStorage main window in the KryptoStorage subsystems section. If the subsystem is disabled, the unprotected data on an encrypted disk or a removable disk cannot be accessed.

The operating system displays this volume as an unformatted volume or a volume containing errors. If the system and/or the boot volume of a hard disk is encrypted, the manager does not allow disabling the Protected volumes subsystem. 

It is not advised to use Kaspersky KryptoStorage on computers where several operating systems are installed, to protect the disk volumes which are used to load the installed operating systems. 

• The applications’s data on all encrypted volumes of a physical media (physical hard disk, Flash disk, etc) is stored in the root directory of the first volume of the physical media in the file iwcs.bin:

The file iwcs.bin is a system file, that's why, by default, the file is not displayed in Explorer. In order to display the file in the root directory of the first volume, perform the following actions:

• open the root directory of the first volume of the physical media, on which Kaspersky KryptoStorage is installed (Start - My Computer - the first volume of the physical media (physical hard disk or removable disk))
• click Tools in the menu of the My Computer window
• from the drop-down menu select Folder Options...
• in the Folder Options menu go to the View tab
• in the Advanced settings section uncheck Hide protected operating system files (Recommended) and check Show hidden files and folders
• in the root directory of the volume the file iwcs.bin is displayed

If the volume containing the file is formatted or if the file is removed, replaced or corrupted, you can lose access to all protected volumes of the physical media.

If the Protected volumes subsystem is running on the computer where Kaspersky KryptoStorage is installed, the application protects the file iwcs.bin from removal or modification. Therefore, it is not advised to disable the Protected volumes subsystem if some volumes are encrypted.

If you need to format the volume containing the file iwcs.bin, you must decrypt all volumes of the physical media, format the volume and then encrypt the volumes again. 

There are some limitations for encrypting disk volumes and removable disks:

• You can encrypt hard disk volumes and removable storages only if the sector size of a device is 512 bytes (the standard sector size of the majority of devices of this kind). 
• Encrypting dynamic volumes is not supported. 
• You can encrypt only local disks. Encrypting network disks is not supported.
• You cannot simultaneously encrypt\decrypt\re-encrypt several volumes of a hard disk. But you can simultaneously use the volumes of different disks.
• You can encrypt the hard disk volume where Kaspersky KryptoStorage is installed only if the volume is the system or/and the boot volume. 
• The encryption is allowed if the volume which you want to encrypt is write-enabled. 
• You can start encrypting a removable disk if the files on the removable disk are not used by any programs. You can use the files while the removable disk is being encrypted. 
• The application does not support the direct encryption of CD/DVD disks. At the same time, you can use CD/DVD disks to store protected containers.

Some utilities provide ability to change the sector size of a volume. Do not change the size of the encrypted volume. It can cause data loss. If you need to change the size of your volume, decrypt the volume and change the size of the volume, and then encrypt the volume again.