Starting encryption of removable drives

To encrypt removable drives:

1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration group for which you want to configure encryption of removable drives.
3. In the workspace, select the Policies tab.
4. Select the necessary policy.
5. Open the Properties: <Policy name> window by using one of the following methods:
   • In the context menu of the policy, select Properties.
   • Click the Configure policy link located in the right part of the Administration Console workspace.
6. In the Data Encryption section, select the Encryption of removable drives subsection.
7. In the Encryption mode drop-down list, select the default action to be performed by Kaspersky Endpoint Security on all removable drives that are connected to computers in the selected administration group:
   • Encrypt entire removable drive. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security encrypts the contents of removable drives sector by sector. As a result, the application encrypts not only files stored on removable drives but also file systems of removable drives, including the file names and folder structures. Kaspersky Endpoint Security does not re-encrypt removable drives that have already been encrypted.

     This encryption scenario is enabled by the hard drive encryption functionality of Kaspersky Endpoint Security.

   • Encrypt all files. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security encrypts all files that are stored on removable drives. Kaspersky Endpoint Security does not encrypt already-encrypted files again. The application does not encrypt the file systems of removable drives, including the names of encrypted files and folder structures.
   • Encrypt new files only. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security encrypts only those files that have been added to removable drives or that were stored on removable drives and have been modified after the Kaspersky Security Center policy was last applied.
   • Decrypt entire removable drive. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security decrypts all encrypted files that are stored on removable drives as well as the file systems of the removable drives if they were previously encrypted.

     This encryption scenario is made possible by both file encryption functionality and hard drive encryption functionality of Kaspersky Endpoint Security.

   • Leave unchanged. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security does not encrypt or decrypt files on removable drives.
8. Create encryption rules for files on removable drives whose contents you want to encrypt.
9. Apply the policy.

View the Kaspersky Security Center Administrator's Guide for details on applying the Kaspersky Security Center policy.

As soon as the policy is applied, when the user connects a removable drive or if a removable drive is already connected, Kaspersky Endpoint Security notifies the user that the removable drive is subject to an encryption rule whereby data stored on the removable drive will be encrypted.

If the Leave unchanged rule is specified for the encryption of data on a removable drive, the application does not show the user any notifications.

The application warns the user that the encryption process may take some time.

The application prompts the user for confirmation of the encryption operation and performs the following actions:

• Encrypts data according to the policy settings, if the user consents to encryption.
• Leaves data unencrypted if the user rejects encryption, and restricts access to removable drive files to read-only.
• Leaves data unencrypted if the user ignores the prompt for encryption, restricts access to removable drive files to read-only, and prompts the user again to confirm data encryption the next time the Kaspersky Security Center policy is applied or a removable drive is connected.

The Kaspersky Security Center policy with preset settings for data encryption on removable drives is formed for a specific group of managed computers. Therefore, the result of data encryption on removable drives depends on the computer to which the removable drive is connected.

If the user initiates safe removal of a removable drive during data encryption, Kaspersky Endpoint Security interrupts the data encryption process and allows removal of the removable drive before the encryption process has finished.

If encryption of a removable drive failed, view the Data encryption report in the Kaspersky Endpoint Security interface. Access to files may be blocked by another application. In this case, try unplugging the removable drive from the computer and connecting it again.

Page top