Note: The FileVault Disk Encryption feature is available in Kaspersky Security Center 10 SP3 or later. For more information, contact Kaspersky Technical Support.
Kaspersky Endpoint Security allows FileVault encryption to be managed remotely. Encryption prevents unauthorized users from accessing sensitive data stored on the startup disk of the user's computer.
When an administrator starts FileVault encryption on a computer from Kaspersky Security Center, Kaspersky Endpoint Security prompts a user of this computer to enter his or her credentials. Disk encryption only starts after the user provides the credentials and the computer is restarted.
To prevent the user from decrypting the startup disk of their Mac when FileVault encryption is enabled, an administrator needs to use JAMF to deploy an MDM profile prohibiting disk decryption. To decrypt the startup disk of a Mac with an MDM profile prohibiting disk decryption, the administrator first needs to remove the profile.
Note: If FileVault encryption management isn't enabled in Kaspersky Security Center, users with administrator rights can encrypt and decrypt their Mac startup disks from System Settings. For more information on FileVault, refer to Apple documentation.
If the computer has multiple computer accounts, FileVault encryption makes the disk inaccessible to all users except for the user who entered his or her credentials.
Allow other users to unlock the disk
Note: Administrator rights are required to allow other users to unlock the disk.
If an administrator manages Kaspersky Endpoint Security via Kaspersky Security Center Administration Console, Web Console, or Cloud Console and a user of this computer forgets or loses his or her credentials and cannot access an encrypted disk, the administrator can get a recovery key.
How to get a recovery key using Kaspersky Security Center Administration Console
How to get a recovery key using Kaspersky Security Center Web Console and Cloud Console
Page top