Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Data Encryption

Encryption functionality limitations

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Encryption functionality limitations

April 25, 2024

ID 130984

Get as PDF

Data Encryption has the following limitations:

  • The application creates service files during encryption. Around 0.5% of non-fragmented free space on the hard drive is required to store them. If there is not enough non-fragmented free space on the hard drive, encryption will not start until enough space is freed up.
  • You can manage all data encryption components in the Kaspersky Security Center Administration Console and in the Kaspersky Security Center Web Console. In the Kaspersky Security Center Cloud Console, you can only manage Bitlocker.
  • Data encryption is available only when using Kaspersky Endpoint Security with the Kaspersky Security Center administration system or the Kaspersky Security Center Cloud Console (BitLocker only). Data Encryption when using Kaspersky Endpoint Security in offline mode is not possible because Kaspersky Endpoint Security stores encryption keys in Kaspersky Security Center.
  • If Kaspersky Endpoint Security is installed on a computer running Microsoft Windows for Servers, only full disk encryption using BitLocker Drive Encryption technology is available. If Kaspersky Endpoint Security is installed on a computer running Windows for Workstations, data encryption functionality is fully available.

Full disk encryption using Kaspersky Disk Encryption technology is unavailable for hard drives that do not meet the hardware and software requirements.

Compatibility between the full disk encryption functionality of Kaspersky Endpoint Security and Kaspersky Anti-Virus for UEFI is not supported. Kaspersky Anti-Virus for UEFI starts before the operating system loads. When using full disk encryption, the application will detect the absence of an installed operating system on the computer. As a result, the operation of Kaspersky Anti-Virus for UEFI will end with an error. File Level Encryption (FLE) does not affect the operation of Kaspersky Anti-Virus for UEFI.

Kaspersky Endpoint Security supports the following configurations:

  • HDD, SSD, and USB drives.

    Kaspersky Disk Encryption (FDE) technology supports working with SSD while preserving the performance and service life of SSD drives.

  • Drives connected via bus: SCSI, ATA, IEEE1934, USB, RAID, SAS, SATA, NVME.
  • Non-removable drives connected via SD or MMC bus.
  • Drives with 512-byte sectors.
  • Drives with 4096-byte sectors that emulate 512 bytes.
  • Drives with the following type of partitions: GPT, MBR, and VBR (removable drives).
  • Embedded software of the UEFI 64 and Legacy BIOS standard.
  • Embedded software of the UEFI standard with Secure Boot support.

    Secure Boot is a technology designed to verify digital signatures for UEFI loader applications and drivers. Secure Boot blocks the startup of UEFI applications and drivers that are unsigned or signed by unknown publishers. Kaspersky Disk Encryption (FDE) fully supports Secure Boot. Authentication Agent is signed by a Microsoft Windows UEFI Driver Publisher certificate.

    On some devices (for example, Microsoft Surface Pro and Microsoft Surface Pro 2), an out-of-date list of digital signature verification certificates may be installed by default. Prior to encrypting the drive, you need to update the list of certificates.

  • Embedded software of the UEFI standard with Fast Boot support.

    Fast Boot is a technology that helps the computer start up faster. When Fast Boot technology is enabled, normally the computer loads only the minimum set of UEFI drivers required for starting the operating system. When Fast Boot technology is enabled, USB keyboards, mice, USB tokens, touchpads and touchscreens may not work while Authentication Agent is running.

    To use Kaspersky Disk Encryption (FDE), it is recommended to disable Fast Boot technology. You can use the FDE Test Utility to test the operation of Kaspersky Disk Encryption (FDE).

Kaspersky Endpoint Security does not support the following configurations:

  • The boot loader is located on one drive while the operating system is on a different drive.
  • The system contains embedded software of the UEFI 32 standard.
  • The system has Intel® Rapid Start Technology and drives that have a hibernation partition even when Intel® Rapid Start Technology is disabled.
  • Drives in MBR format with more than 10 extended partitions.
  • The system has a swap file located on a non-system drive.
  • Multiboot system with multiple simultaneously installed operating systems.
  • Dynamic partitions (only primary partitions are supported).
  • Drives with less than 0.5% free unfragmented disk space.
  • Drives with a sector size different from 512 bytes or 4096 bytes that emulate 512 bytes.
  • Hybrid drives.
  • The system has third-party loaders.
  • Drives with compressed NTFS directories.
  • Kaspersky Disk Encryption (FDE) technology is incompatible with other full disk encryption technologies (such as BitLocker, McAfee Drive Encryption, and WinMagic SecureDoc).
  • Kaspersky Disk Encryption (FDE) technology is incompatible with ExpressCache technology.
  • Creating, deleting, and modifying partitions on an encrypted drive is not supported. You could lose data.
  • File system formatting is not supported. You could lose data.

    If you need to format a drive that was encrypted with Kaspersky Disk Encryption (FDE) technology, format the drive on a computer that does not have Kaspersky Endpoint Security for Windows and use only full disk encryption.

    An encrypted drive that is formatted with the quick format option may be mistakenly identified as encrypted the next time it is connected to a computer that has Kaspersky Endpoint Security for Windows installed. User data will be unavailable.

  • Authentication Agent supports no more than 100 accounts.
  • Single Sign-On technology is incompatible with other technologies of third-party developers.
  • Kaspersky Disk Encryption (FDE) technology is not supported on the following models of devices:
    • Dell Latitude E6410 (UEFI mode)
    • HP Compaq nc8430 (Legacy BIOS mode)
    • Lenovo Think Center 8811 (Legacy BIOS mode)
  • Authentication Agent does not support working with USB tokens when Legacy USB Support is enabled. Only password-based authentication will be possible on the computer.
  • When encrypting a drive in Legacy BIOS mode, you are advised to enable Legacy USB Support on the following models of devices:
    • Acer Aspire 5560G
    • Acer Aspire 6930
    • Acer TravelMate 8572T
    • Dell Inspiron 1420
    • Dell Inspiron 1545
    • Dell Inspiron 1750
    • Dell Inspiron N4110
    • Dell Latitude E4300
    • Dell Studio 1537
    • Dell Studio 1569
    • Dell Vostro 1310
    • Dell Vostro 1320
    • Dell Vostro 1510
    • Dell Vostro 1720
    • Dell Vostro V13
    • Dell XPS L502x
    • Fujitsu Celsius W370
    • Fujitsu LifeBook A555
    • HP Compaq dx2450 Microtower PC
    • Lenovo G550
    • Lenovo ThinkPad L530
    • Lenovo ThinkPad T510
    • Lenovo ThinkPad W540
    • Lenovo ThinkPad X121e
    • Lenovo ThinkPad X200s (74665YG)
    • Samsung R530
    • Toshiba Satellite A350
    • Toshiba Satellite U400 10O
    • MSI 760GM-E51 (motherboard)

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.