Policy enforcement failures during elevated crypt security mode in Drive Encryption 7.1 and later
Last Modified: 2024-01-06 08:57:56 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Policy enforcement failures during elevated crypt security mode in Drive Encryption 7.1 and later
Technical Articles ID:
KB79291
Last Modified: 2024-01-06 08:57:56 Etc/GMT EnvironmentDrive Encryption (DE) 7.1 and later
Microsoft Windows 8.x BayTrail, CloverTrail and Haswell platforms with TPM 2.0 Only systems with Unified Extensible Firmware Interface (UEFI) For details of DE 7.x supported environments, see KB79422 - Supported platforms for Drive Encryption 7.x. SummaryDE 7.1 introduces a new security mode called elevated crypt security. You can enable it on supported platforms by selecting the Harden against cold-boot attack policy option in the system policy. Transitions to and from elevated crypt security mode are logged to the
When operating in the elevated crypt security mode, the disk encryption key (DEK) is removed from RAM to a secure location inside Intel® hardware to prevent side-channel RAM attacks, such as the cold-boot attack. Policy enforcement often requires the DEK to be present in RAM to allow certain operations to take place. Because the DEK can't be in the RAM in elevated crypt security mode, policy enforcement fails. The policy enforcement failures are logged to You can safely ignore any policy enforcement failures logged to the ... Normal crypt security resumed Policy enforcement failures that occur outside of these bounding log entries indicate an issue.
For further information on this feature, see your product documentation and KB79784 - FAQs for Drive Encryption 7.x. For product documents, go to the Product Documentation portal.
Affected ProductsLanguages:This article is available in the following languages: |
|