Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 3311 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unencrypt off of network

jontan8181

Guys,

Is there a way to unencrypt a drive without having it sync with the Safeguard server? We have 2 drives with boot volume viruses that need to be unencrypted so our Network Security department can examine the drives. Is there a way to unencrypt those two drives without exposing them to our network and risking the virus spreading?

Thanks,

Jontan8181

:1024


This thread was automatically locked due to age.
Parents
  • 0
    jontan8181 wrote:

    The security team doesn't want to hook the drives up to their own machines, as the virus could spread to their machines, then to the network when they re-connect. They are planning on booting up a live CD such as Backtrack to look at the drives, and linux can't see the drives until they are decrypted.

    Thanks,

    Jontan8181

    Jontan8181,

    Thanks for visting the forum. Sophos offers a similar method to access an encrypted drive as using a Backtrack CD. 

    Another way to recover data is using the WinPE 2.0 disc with the SGN drivers and libraries. You access the encrypted drive either using the Logon Recovery option in the SGN Management Center to access the encrypted disk or try using the WinPE recovery disc with POA authentication. Take a look at this KB Article for details on how to execute the recovery process. KBA #108555

    What that KBA overlooks is the situation when POA is disabled. During the boot process, when the display reads that the auto user is logging in or please wait for auto logon hit the F2 key. That will bring POA up and then login.

    Hopefully this will help you clean the infected drive. Please let us know if this response helps so others can benefit as well.

    :1064
Reply
  • 0
    jontan8181 wrote:

    The security team doesn't want to hook the drives up to their own machines, as the virus could spread to their machines, then to the network when they re-connect. They are planning on booting up a live CD such as Backtrack to look at the drives, and linux can't see the drives until they are decrypted.

    Thanks,

    Jontan8181

    Jontan8181,

    Thanks for visting the forum. Sophos offers a similar method to access an encrypted drive as using a Backtrack CD. 

    Another way to recover data is using the WinPE 2.0 disc with the SGN drivers and libraries. You access the encrypted drive either using the Logon Recovery option in the SGN Management Center to access the encrypted disk or try using the WinPE recovery disc with POA authentication. Take a look at this KB Article for details on how to execute the recovery process. KBA #108555

    What that KBA overlooks is the situation when POA is disabled. During the boot process, when the display reads that the auto user is logging in or please wait for auto logon hit the F2 key. That will bring POA up and then login.

    Hopefully this will help you clean the infected drive. Please let us know if this response helps so others can benefit as well.

    :1064
Children
No Data
Unfiltered HTML