Restoring data on encrypted devices using the Restore Utility

These instructions are intended for users of client computers with Kaspersky Endpoint Security installed.

To restore access to an encrypted device using the Restore Utility:

  1. Run Restore Utility in one of the following ways:
  2. In the Restore Utility window, from the Select device dropdown list select an encrypted device to which you want to restore access.
  3. Click the Scan button to allow the utility to define which of the actions should be taken on the device: whether it should be unlocked or decrypted.

    If the computer has access to Kaspersky Endpoint Security encryption functionality, the Restore Utility prompts you to unlock the device. While unlocking the device does not decrypt it, the device becomes directly accessible as a result of being unlocked. If the computer does not have access to Kaspersky Endpoint Security encryption functionality, the Restore Utility prompts you to decrypt the device.

  4. Click the Fix MBR button if diagnostics of the encrypted system hard drive has returned a message about problems involving the master boot record (MBR) of the device.

    Fixing the master boot record of the device can speed up the process of collecting information that is needed for unlocking or decrypting the device.

  5. Click the Unlock or Decrypt button depending on the results of diagnostics.

    The Device unlock settings or Device decryption settings window opens.

  6. If you want to restore data using an Authentication Agent account:
    1. Select the Use Authentication Agent account settings option.
    2. In the Name and Password fields, specify the Authentication Agent account credentials.

    This method is possible only when restoring data on a system hard drive. If the system hard drive was corrupted and Authentication Agent account data has been lost, you must obtain an access key from the corporate LAN administrator to restore data on an encrypted device.

  7. If you want to use an access key to restore data:
    1. Select the Specify device access key manually option.
    2. Click the Receive access key button.
    3. The Receive device access key window opens.
    4. Click the Save button and select the folder in which to save the request access file with the fdertc extension.
    5. Send the request access file to the corporate LAN administrator.

      Do not close the Receive device access key window until you have received the access key. When this window is opened again, you will not be able to apply the access key that was previously created by the administrator.

    6. Obtain and save the access key file that was created and provided to you by the corporate LAN administrator.
    7. Click the Load button and select the access key file with the fdertr extension in the window that opens.
  8. If you are decrypting a device, you must also specify the other decryption settings in the Device decryption settings window. To do so:
    • Specify the area to decrypt:
      • If you want to decrypt the entire device, select the Decrypt entire device option.
      • If you want to decrypt a portion of the data on a device, select the Decrypt individual device areas option and use the Start and End fields to specify the decryption area boundaries.
    • Select the location for writing the decrypted data:
      • If you want the data on the original device to be rewritten with the decrypted data, clear the Save data to file after decryption check box.
      • If you want to save decrypted data separately from the original encrypted data, select the Save data to file after decryption check box and use the Browse button to specify the path in which to save the data.
  9. Click OK.

The device unlocking / decryption process starts.

Page top