File Level Encryption (FLE) limitations in Kaspersky Endpoint Security for Windows
This article concerns Kaspersky:
- Kaspersky Endpoint Security 12.0.0 for Windows (version 18.104.22.1685)
- Kaspersky Endpoint Security 11.11.0 for Windows (version 22.214.171.1242)
- Kaspersky Endpoint Security 11.10.0 for Windows (version 126.96.36.1999)
- Kaspersky Endpoint Security 11.9.0 for Windows (version 188.8.131.521)
- Kaspersky Endpoint Security 11.8.0 for Windows (version 184.108.40.2064)
- Kaspersky Endpoint Security 11.7.0 for Windows (version 220.127.116.119)
- Kaspersky Endpoint Security 11.6.0 for Windows (version 18.104.22.1684)
When using File Level Encryption (FLE), you may find that the file that you copied after decryption is encrypted again. For example, when you copy the file to an external device (a network drive, flash drive etc.).
When a system process reads an encrypted file, the hash of this file is saved to a special list of this process. When the same process writes data to the file, it looks for the hash of that file in the process list. If this hash is found, Kaspersky Endpoint Security for Windows receives a notification and triggers a mechanism that leaves the file encrypted.
The hash list is cleared as it fills up, but you can clear the list yourself. You can do it in one of the following ways:
- Reboot the computer.
- Restart the process that was used to read the encrypted file. For example, restart explorer.exe if you used Windows Explorer. If you used a file manager, such as FAR Manager or Total Commander, restart the corresponding processes.
- Use another file manager that wasn’t used to read the encrypted file.