Starting encryption of removable drives

To encrypt removable drives:

1. Open the Kaspersky Security Center Administration Console.
2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
3. In the workspace, select the Policies tab.
4. Select the necessary policy.
5. Double-click it to open the policy properties window.
6. In the Data Encryption section, select the Encryption of removable drives subsection.
7. In the Encryption mode drop-down list, select the default action to be performed by Kaspersky Endpoint Security on all removable drives that are connected to computers in the selected administration group:
   • Encrypt entire removable drive. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security encrypts the contents of removable drives sector by sector. As a result, the application encrypts not only files stored on removable drives but also file systems of removable drives, including the file names and folder structures. Kaspersky Endpoint Security does not re-encrypt removable drives that have already been encrypted.

     This encryption scenario is enabled by the full disk encryption functionality of Kaspersky Endpoint Security.

   • Encrypt all files. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security encrypts all files that are stored on removable drives. Kaspersky Endpoint Security does not encrypt already-encrypted files again. The application does not encrypt the file systems of removable drives, including the names of encrypted files and folder structures.
   • Encrypt new files only. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security encrypts only those files that have been added to removable drives or that were stored on removable drives and have been modified after the Kaspersky Security Center policy was last applied.
   • Decrypt entire removable drive. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security decrypts all encrypted files that are stored on removable drives as well as the file systems of the removable drives if they were previously encrypted.

     This encryption scenario is made possible by both file level encryption functionality and full disk encryption functionality of Kaspersky Endpoint Security.

   • Leave unchanged. If this item is selected, when applying the Kaspersky Security Center policy with the specified encryption settings for removable drives, Kaspersky Endpoint Security does not encrypt or decrypt files on removable drives.

   Kaspersky Endpoint Security supports encryption in FAT32 and NTFS file systems. If the Encrypt all files or Encrypt new files only option is selected and a removable drive with an unsupported file system is connected to the computer, the removable drive encryption task returns an error and Kaspersky Endpoint Security assigns read-only status to the removable drive.

8. Create encryption rules for files on removable drives whose contents you want to encrypt.
9. Apply the policy.

For details on applying a Kaspersky Security Center policy, please refer to the Kaspersky Security Center Help.

As soon as the policy is applied, when the user connects a removable drive or if a removable drive is already connected, Kaspersky Endpoint Security notifies the user that the removable drive is subject to an encryption rule whereby data stored on the removable drive will be encrypted.

If the Leave unchanged rule is specified for the encryption of data on a removable drive, the application does not show the user any notifications.

The application warns the user that the encryption process may take some time.

The application prompts the user for confirmation of the encryption operation and performs the following actions:

• Encrypts data according to the policy settings, if the user consents to encryption.
• Leaves data unencrypted if the user rejects encryption, and restricts access to removable drive files to read-only.
• Leaves data unencrypted if the user ignores the prompt for encryption, restricts access to removable drive files to read-only, and prompts the user again to confirm data encryption the next time the Kaspersky Security Center policy is applied or a removable drive is connected.

The Kaspersky Security Center policy with preset settings for data encryption on removable drives is formed for a specific group of managed computers. Therefore, the result of data encryption on removable drives depends on the computer to which the removable drive is connected.

If the user initiates safe removal of a removable drive during data encryption, Kaspersky Endpoint Security interrupts the data encryption process and allows removal of the removable drive before the encryption process has finished.

If encryption of a removable drive failed, view the Data encryption report in the Kaspersky Endpoint Security interface. Access to files may be blocked by another application. In this case, try unplugging the removable drive from the computer and connecting it again.

Page top