The application creates service files during encryption. Around 0.5% of non-fragmented free space on the hard drive is required to store them. If there is not enough non-fragmented free space on the hard drive, encryption will not start until enough space is freed up.
Data Encryption is available only when using Kaspersky Endpoint Security with the Kaspersky Security Center administration system. Data Encryption when using Kaspersky Endpoint Security in offline mode is not possible because Kaspersky Endpoint Security stores encryption keys in Kaspersky Security Center.
Data encryption management is available in the Kaspersky Security Center Administration Console and the Kaspersky Security Center 12 Web Console. It is not possible to manage data encryption in the Kaspersky Security Center Cloud Console.
If Kaspersky Endpoint Security is installed on a computer running Microsoft Windows for Servers, only full disk encryption using BitLocker Drive Encryption technology is available. If Kaspersky Endpoint Security is installed on a computer running Windows for Workstations, data encryption functionality is fully available.
Full disk encryption using Kaspersky Disk Encryption technology is unavailable for hard drives that do not meet the hardware and software requirements.
Compatibility between the full disk encryption functionality of Kaspersky Endpoint Security and Kaspersky Anti-Virus for UEFI is not supported. Kaspersky Anti-Virus for UEFI starts before the operating system loads. When using full disk encryption, the application will detect the absence of an installed operating system on the computer. As a result, the operation of Kaspersky Anti-Virus for UEFI will end with an error. File Level Encryption (FLE) does not affect the operation of Kaspersky Anti-Virus for UEFI.
Kaspersky Endpoint Security does not support the following configurations:
The boot loader is located on one drive while the operating system is on a different drive.
The system contains embedded software of the UEFI 32 standard.
Intel® Rapid Start Technology and drives that have a hibernation partition even when Intel® Rapid Start Technology is disabled.
Drives in MBR format with more than four extended partitions.
Swap file located on a non-system drive.
Multiboot system with several simultaneously installed operating systems.
Dynamic partitions (only primary partitions are supported).
Drives with less than 0.5% free unfragmented disk space.
Drives with a sector size different from 512 bytes or 4096 bytes that emulate 512 bytes.