Store the Windows hibernation file on an encrypted volume
Last Modified: 2024-01-06 09:06:23 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Store the Windows hibernation file on an encrypted volume
Technical Articles ID:
KB77036
Last Modified: 2024-01-06 09:06:23 Etc/GMT Environment
Drive Encryption (DE) 7.x For details of DE supported environments, see KB79422 - Supported platforms for Drive Encryption 7.x. SummaryIMPORTANT: We strongly recommend that you make sure that Windows stores the hibernation file on an encrypted volume. If the hibernation file is not stored on an encrypted volume, the system is open to attack.
During the hibernation process, the system dumps a copy of the system memory into a file called the hibernation file. When the system resumes from hibernation, the system reads the file to reconstruct the state of the system memory at the time of hibernation. This allows the user to continue the previous Windows session. For the system to be secure during hibernation, this file must be stored on an encrypted volume. Failure to do so leaves the system open to attack. By default, the hibernation file is stored on the C: drive, which is encrypted when you use the recommended All disks policy. In most cases, you don't need to take any specific action or configuration steps. You might need to change your configuration to protect the hibernation file if the system encryption policy is set to the following:
If you have configured Windows to store the hibernation file in a non-default location, we strongly recommend that you modify the system encryption policy or Windows configuration to make sure that the hibernation file is stored on an encrypted volume.
Affected ProductsLanguages:This article is available in the following languages: |
|