Help with Sophos Bootable Anti-Virus on a Bitlocker drive

Hello Christian,

while there are tools to decrypt an encrypted drive (Bitlocker or otherwise) - provided you have the necessary key/password - a disinfection would not only require write access but also "emulating" the encryption software. This would either mean (legal considerations aside) replicating Bitlocker or coming to an agreement with the vendor to incorporate the technology in SBAV.

You could argue that R/O decryption would at least help to verify if the partition is clean or otherwise identify any malicious items. But then there'd be still the problem of how to get rid of the malware and you'd likely have to decrypt the drive before attempting to clean it. Thus decrypting by SBAV would only save time if the drive is clean - but then you normally use SBAV only if there is a confirmed infection you can't get rid of by other means.  

Christian

Hello Christian,

while there are tools to decrypt an encrypted drive (Bitlocker or otherwise) - provided you have the necessary key/password - a disinfection would not only require write access but also "emulating" the encryption software. This would either mean (legal considerations aside) replicating Bitlocker or coming to an agreement with the vendor to incorporate the technology in SBAV.

You could argue that R/O decryption would at least help to verify if the partition is clean or otherwise identify any malicious items. But then there'd be still the problem of how to get rid of the malware and you'd likely have to decrypt the drive before attempting to clean it. Thus decrypting by SBAV would only save time if the drive is clean - but then you normally use SBAV only if there is a confirmed infection you can't get rid of by other means.  

Christian