Full disk encryption using Kaspersky Disk Encryption technology

Prior to starting full disk encryption, you are advised to make sure that the computer is not infected. To do so, start the Full Scan or Critical Areas Scan task. Performing full disk encryption on a computer that is infected by a rootkit may cause the computer to become inoperable.

To perform full disk encryption using Kaspersky Disk Encryption technology:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
  3. In the workspace, select the Policies tab.
  4. Select the necessary policy and double-click to open the policy properties.
  5. In the policy window, select Data EncryptionFull Disk Encryption.
  6. In the Encryption technology drop-down list, select Kaspersky Disk Encryption.

    Kaspersky Disk Encryption technology cannot be used if the computer has hard drives that were encrypted by BitLocker.

  7. In the Encryption mode drop-down list, select Encrypt all hard drives.

    If the computer has several operating systems installed, after encrypting all hard drives you will be able to load only the operating system that has the application installed.

    If you need to exclude some of the hard drives from encryption, create a list of such hard drives.

  8. Select one of the following encryption methods:
    • If you want to apply encryption only to those hard drive sectors that are occupied by files, select the Encrypt used disk space only check box.

      If you are applying encryption on a drive that is already in use, it is recommended to encrypt the entire drive. This ensures that all data is protected – even deleted data that might still contain retrievable information. The Encrypt used disk space only function is recommended for new drives that have not been previously used.

    • If you want to apply encryption to the entire hard drive, clear the Encrypt used disk space only check box.

      If a device was previously encrypted using the Encrypt used disk space only function, after applying a policy in Encrypt all hard drives mode, sectors that are not occupied by files will still not be encrypted.

  9. If a hardware incompatibility problem occurs during computer encryption, you can select the Use Legacy USB Support check box.

    Legacy USB Support is a BIOS/UEFI function that allows you to use USB devices (such as a security token) during the computer's boot phase before starting the operating system (BIOS mode). Legacy USB Support does not affect support for USB devices after the operating system is started.

    When the Legacy USB Support function is enabled, the Authentication Agent in BIOS mode does not support working with tokens via USB. It is recommended to use this option only when there is a hardware compatibility issue and only for those computers on which the problem occurred.

  10. Save your changes.

If system hard drives are encrypted, the Authentication Agent loads before startup of the operating system. Use the Authentication Agent to complete authentication for obtaining access to encrypted system hard drives and load the operating system. After successful completion of the authentication procedure, the operating system loads. The authentication process is repeated every time the operating system restarts.

Page top