About encryption of hard drives

Before starting hard drive encryption, the application runs a number of checks to determine if the device can be encrypted, which includes checking the system hard drive for compatibility with Authentication Agent and with BitLocker encryption components. To check for compatibility, the computer must be restarted. After the computer has been rebooted, the application performs all the necessary checks automatically. If the compatibility check is successful, then hard drive encryption starts after the operating system has booted up and application has started. If the system hard drive is found to be incompatible with Authentication Agent or with BitLocker encryption components, the computer must be restarted by pressing the Reset hardware button. Kaspersky Endpoint Security logs information about the incompatibility. Based on this information, the application does not start encryption of hard drives at operating system startup. Information about this event is logged in Kaspersky Security Center reports.

If the hardware configuration of the computer has changed, the incompatibility information logged by the application during the previous check should be deleted in order to check the system hard drive for compatibility with Authentication Agent and BitLocker encryption components. To do so, before hard drive encryption type avp pbatestreset in the command line. If the operating system fails to load after the system hard drive has been checked for compatibility with Authentication Agent, you must remove the objects and data remaining after test operation of Authentication Agent by using the Restore Utility and then start Kaspersky Endpoint Security and execute the avp pbatestreset command again.

After hard drive encryption has started, Kaspersky Endpoint Security encrypts all data that is written to hard drives.

If the user shuts down or restarts the computer during hard drive decryption, Authentication Agent loads before the next startup of the operating system. Kaspersky Endpoint Security resumes encryption of hard drives after successful authentication in the authentication agent and the operating system startup.

If the operating system switches to hibernation mode while encrypting hard drives, Authentication Agent loads when the operating system switches back from hibernation mode. Kaspersky Endpoint Security resumes encryption of hard drives after successful authentication in the authentication agent and the operating system startup.

If the operating system goes into sleep mode during hard drive encryption, Kaspersky Endpoint Security resumes encryption of hard drives when the operating system comes out of sleep mode without loading Authentication Agent.

User authentication in the Authentication Agent can be performed in two ways:

The authentication agent supports keyboard layouts for the following languages:

A keyboard layout becomes available in the Authentication Agent if this layout has been added in the language and regional standards settings of the operating system and has become available on the welcome screen of Microsoft Windows.

If the Authentication Agent account name contains symbols that cannot be entered using keyboard layouts available in the Authentication Agent, encrypted hard drives can be accessed only after they are restored using the Restore Utility or after the Authentication Agent account name and password are restored.

Kaspersky Endpoint Security supports the following tokens, smart card readers, and smart cards:

Page top