Decrypting McAfee Endpoint Encryption Protection

Hello everyone,
I am not sure if this has already been discussed(cannot find any related link).

The Problem that I have is that my Laptop is encrypted with McAfee EndPoint Encryption Protection and its no longer booting.

The Story so far.
Coming from a long vacation, I put my Laptop to download mail through the night and forgot to plug the Power cable.(The Lid was not closed)

Morning When I woke up, I realized that the battery has run out, so I connected the power supply and tried to do restart the Laptop.

It went straight to repair the windows. No matter what Option I selected(Safe Mode - Safe Mode with Command Prompt - Last Known Good Configuration etc) it would go to repair mode only. So I thought of doing a System Restore, but it kept on saying something like "Choose a Windows Installation to do a System Restore". I promptly restarted again - tapped F8 - Selected the Windows OS ...however again the same thing. I couldn't do a System Restore.

After about 10 restarts, now what is happening is that whenever I boot the system, it takes me a black screen with a Flashing Cursor and nothing else. Now I dont even get the Option to Repair Windows etc.

I took the Laptop to Professionals and they said that since I have McAfee EndPoint Encryption Protection Installed, they cannot break it, being an Industrial Strength Program and that the only Option I now have is to Re-Image the HDD, which I am reluctant to do.


Specs : SeaGate 320 GB HDD
McAfee EndPoint Encryption Software v5.2.8.0


Note: Being a Company provided/Installed Laptop, I dont have the Bootable DVD of Windows. I only have the Re-Imaging DVD.

Also, I contacted my Help Desk, and they cannot help me either and that I need to Re-Image the HDD.

Any and every suggestion would be Welcome



Regards,
Sumku

Hi,
found this thread when searching for such solution ... if your problem is still actual, i could share my findings:

1. Download the WinTech CD from ftp://155.178.201.50/safeboot (i didin't find another location to download it)
2. Boot it, change system date to 27 Oct 2009
3. Start the SbWinTech.exe and authenticate with the daily code 1131 for the date given above
4. Enter your user and pass for the encryption
5. Choose Authenticate from SBFS from the menu
6. Mount the encrypted drive (there is such option in the menu)

Now you have access to files, you can back them up on external drive or network share.
You can also choose to decrypt the drive which could cost you a lot of time (took 10 hours for 150GB disk in my test enviroment)

Hope this helps ....

Hi XP User. I was wondering if you could PM me a link to the safeboot disk please since the above link doesnt seem to work anymore.

Hi mahematricks,
Just checked, for some reason the FTP doesn't open in IE, but i could open it by pasting the link in windows explorer. You could also try with FTP-commands from the prompt. Or also with another browser ....
My advice - first try to copy and backup your files, once accessed them, before trying to decrypt the drive.
Hope this helps ...

Thanks for your help mate. My issue was that the PC was hanging after the password was entered. I found another copy of Barts PE endpoint encryption recovery CD somewhere else but it wouldn't let me authenticate from SBFS. Also, I had blue screen crashes with the Barts PE CD. I'd almost given uip on it but someone on another forum mentioned to switch the SATA type to IDE from the BIOS as it was a common problem with blue screens and Barts PE CD. To cut a long story short, somehow, it stopped hanging and let me into the system again!

Thanks for your help

It depends also on the version of the live CD you are using .... BartPE was XP-based, i think, and the XP is not compatible with AHCI. On the FTP is also a WinPE (Win7-based), which should work even with AHCI-mode. So, were you able to rescue your data?

xpuser said:

Hi,
found this thread when searching for such solution ... if your problem is still actual, i could share my findings:

1. Download the WinTech CD from ftp://155.178.201.50/safeboot (i didin't find another location to download it)
2. Boot it, change system date to 27 Oct 2009
3. Start the SbWinTech.exe and authenticate with the daily code 1131 for the date given above
4. Enter your user and pass for the encryption
5. Choose Authenticate from SBFS from the menu
6. Mount the encrypted drive (there is such option in the menu)

Now you have access to files, you can back them up on external drive or network share.
You can also choose to decrypt the drive which could cost you a lot of time (took 10 hours for 150GB disk in my test enviroment)

Hope this helps ....

Click to expand...

Hi I try this solution but the daily code is not working for me. ALready change the date but im not authorised.
How can I ge the Tech Code generator or a valid code?
I dont have a grant number to access the Mcafee donwload page..

Apprecaite your help

Hi Flan,
there is no such thing like public daily code generator. This code has been shared from someone, who had a contract with mcafee (it's the only one i could find in the whole internet). I have noticed, that sometimes, when i change the system date to 27. Oct, the application shows 28. Oct (maybe it depends on a timezone, i don't know ...)
You can see the date at the bottom of the application ... if 28th, set the system date to 26th.
Hope this helps ....

I know it is obvious, but have you asked McAfee tech support about this?

xpuser said:

Hi,
found this thread when searching for such solution ... if your problem is still actual, i could share my findings:

1. Download the WinTech CD from ftp://155.178.201.50/safeboot (i didin't find another location to download it)
2. Boot it, change system date to 27 Oct 2009
3. Start the SbWinTech.exe and authenticate with the daily code 1131 for the date given above
4. Enter your user and pass for the encryption
5. Choose Authenticate from SBFS from the menu
6. Mount the encrypted drive (there is such option in the menu)

Now you have access to files, you can back them up on external drive or network share.
You can also choose to decrypt the drive which could cost you a lot of time (took 10 hours for 150GB disk in my test enviroment)

Hope this helps ....

Click to expand...

Can someone refresh the ftp link? It requirs some user and password. And I really need this WinTech CD now)

Hi

Here is some information on IP address 155.178.201.50
[h=3]Registrant[/h]
Federal Aviation Administration
William J Hughes Technical Center
AJF-A423
Atlantic City Airport, NJ 08405
UNITED STATES

[h=3]

[/h]


155.178.201.50 is the IP address you have a ran a report for on January, 30, 2015.