An Error Occurred During Encryption 

Version 1

    Details

    Lumension Endpoint Security  - Device Control (LDC) - All versions
    Lumension Endpoint Management and Security Suite - Device Control (LEMSS:DC) module 7.1 and 7.2

    SAMPLE SCENARIO

    User has a 32 GB flash drive with 24 GB of data on it and they wish to retain their data before the drive is encrypted.  The local hard disk drive only has 20 GB of free space available.

    PROCESS

    Based on options selected by the  Admin, the user may be forced to retain this data, have the option to retain this data, forced to delete this data (preventing retention), or given the option to delete the data.  If a data retention process is forced or does occur, this data will be temporarily (and in its entirety) written to %systemroot%\sxdata\EncBackup\{GUID}\<actual data here>.

    In order for this process to succeed, an equal or greater amount of disk space must be present on the local hard disk.  If there is not equal or greater local disk space available and the option to retain data is selected, the following will occur:

         
    • The encryption dialog appears on screen with language similar to the following (depends on installed client version):    
               
      • Starting encryption process…
      •        
      • Starting retaining data…
      •        
      • An error occurred during encryption.
      •        
      • There is not enough free space on the removable or on the local drive to retain data.
      •    
         
    •    
    • The above is thrown to screen before any data is actually written to disk.  In other words, a calculation is done beforehand.

    CAVEAT

    Contiguous files of 4 GB or greater cannot be retained.  One way to counter this behavior is to break the file up into smaller parts or compress the data file.  This may not always be possible in which case the data cannot be retained during this process as a function of the Encrypt Medium utility; the data can, however, be manually transferred to another medium or hard disk prior to the encryption process and then copied back to the flash drive afterwards once it has been unlocked.

    OTHER INFORMATION

    In LDC, the "Encryption Retain Data" option can be found by opening the Management Console > click Tools > Default Options > Computer tab.  This option controls the state of the Retain Data checkbox in the Encrypt Medium dialog on the Client.

         
    • Unselected = Not pre-selected and enabled (default setting).
    •    
    • Selected = Pre-selected and enabled.
    •    
    • Force Unselected = Not pre-selected and disabled.
    •    
    • Force Selected = Pre-selected and disabled.


    In LEMSS:DC, the "Retain data when encrypting device" option can be found by opening the LEMSS Management Console > click Tools > Options > Device Control tab > Encryption settings section.  This option controls the state of the Retain Data checkbox in the Encrypt Medium dialog on the Client.

         
    • Erase existing data by default - endpoint user can change this selection
    •    
    • Erase existing data - endpoint user can't change this selection
    •    
    • Keep existing data by default - endpoint user can change this selection
    •    
    • Keep existing data - endpoint user can't change this selection 
     

    Additional Resources

    For LDC, see "Defining Default Options" in the HEATsoftware Device Control User Guide; for LEMSS:DC, see "Encryption settings" in the LEMSS Device Control User Guide.  Both guides are available in the Documentation section of our HEATsoftware Customer Portal (login and valid license required).