File Level Encryption (FLE) limitations in Kaspersky Endpoint Security for Windows

This article concerns Kaspersky:

• Kaspersky Endpoint Security 12.0.0 for Windows (version 12.0.0.465)
• Kaspersky Endpoint Security 11.11.0 for Windows (version 11.11.0.452)
• Kaspersky Endpoint Security 11.10.0 for Windows (version 11.10.0.399)
• Kaspersky Endpoint Security 11.9.0 for Windows (version 11.9.0.351)
• Kaspersky Endpoint Security 11.8.0 for Windows (version 11.8.0.384)
• Kaspersky Endpoint Security 11.7.0 for Windows (version 11.7.0.669)
• Kaspersky Endpoint Security 11.6.0 for Windows (version 11.6.0.394)

When using File Level Encryption (FLE), you may find that the file that you copied after decryption is encrypted again. For example, when you copy the file to an external device (a network drive, flash drive etc.).

Cause

When a system process reads an encrypted file, the hash of this file is saved to a special list of this process. When the same process writes data to the file, it looks for the hash of that file in the process list. If this hash is found, Kaspersky Endpoint Security for Windows receives a notification and triggers a mechanism that leaves the file encrypted.

Solution

The hash list is cleared as it fills up, but you can clear the list yourself. You can do it in one of the following ways:

• Reboot the computer.
• Restart the process that was used to read the encrypted file. For example, restart explorer.exe if you used Windows Explorer. If you used a file manager, such as FAR Manager or Total Commander, restart the corresponding processes.
• Use another file manager that wasn’t used to read the encrypted file.