Full disk encryption using Kaspersky Disk Encryption technology

Before starting full disk encryption on a computer, you are advised to make sure that the computer is not infected. To do so, start the Full Scan or Critical Areas Scan task. Performing full disk encryption on a computer that is infected by a rootkit may cause the computer to become inoperable.

To perform full disk encryption using Kaspersky Disk Encryption technology:

  1. Open the Kaspersky Security Center Administration Console.
  2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group for which you want to configure full disk encryption.
  3. In the workspace, select the Policies tab.
  4. Select the necessary policy.
  5. Open the Properties: <Policy name> window by using one of the following methods:
    • In the context menu of the policy, select Properties.
    • Click the Configure policy link located in the right part of the Administration Console workspace.
  6. In the Data encryption section, select Full Disk Encryption.
  7. In the Encryption technology drop-down list, select the Kaspersky Disk Encryption option.

    Kaspersky Disk Encryption technology cannot be used if the computer has hard drives that were encrypted by BitLocker.

  8. In the Encryption mode drop-down list, select Encrypt all hard drives.

    If the computer has several operating systems installed, after encrypting all hard drives you will be able to load only the operating system that has the application installed.

    If you need to exclude some of the hard drives from encryption, create a list of such hard drives.

  9. Select one of the following encryption methods:
    • If you want to apply encryption only to those hard drive sectors that are occupied by files, select the Encrypt used disk space only check box.

      If you are applying encryption on a drive that is already in use, it is recommended to encrypt the entire drive. This ensures that all data is protected - even deleted data that might still contain retrievable information. The Encrypt used disk space only function is recommended for new drives that have not been previously used.

    • If you want to apply encryption to the entire hard drive, clear the Encrypt used disk space only check box.

      This function is applicable only to unencrypted devices. If a device was previously encrypted using the Encrypt used disk space only function, after applying a policy in Encrypt all hard drives mode, sectors that are not occupied by files will still not be encrypted.

  10. If a hardware incompatibility problem was encountered during encryption of the computer, you can select the Use Legacy USB Support check box to enable support for USB devices during the initial computer startup phase in BIOS.

    Enabling / disabling Legacy USB Support does not affect support for USB devices after the operating system is started.

    When Legacy USB Support is enabled, Authentication Agent does not support operations with USB tokens if the computer is operating in BIOS mode. It is recommended to use this option only when there is a hardware compatibility issue and only for those computers on which the problem occurred.

  11. Click OK to save changes.
  12. Apply the policy.

    For details on applying a Kaspersky Security Center policy, please refer to the Kaspersky Security Center Help Guide.

Page top