To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

WithSecure Elements EPP support scan BitLocker-encrypted usb drives?

Options
jllorente
jllorente W/ Member Posts: 1 Security Scout

Hi,

We activated 'Force Scan and show result to user' in 'Action when USB storage device is plugged' option 'Manual Scanning' section of profile, but when we plugged a USB encrypted with Bitlocker, we don't see any action of scan.

Client Security Premium 15.30 introduce support for 'USB device scan BitLocker-encrypted drives', but we don't see any option in profile in WithSecure Elements EPP.

Answers

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    Options

    Hi @jllorente

    Thank you for reaching out the WithSecure Community,

    Due to the nature of encryption, scanning an encrypted drive is not feasible while it remains encrypted. The contents can only be scanned once the drive has been decrypted and is accessible by the user.

    Here's a breakdown of why:

    • Encryption Scans Require Decryption: Endpoint Security programs rely on being able to access the files within a drive to scan them for potential threats. Encryption scrambles the contents of the files, making them unreadable without the decryption key.
    • Scanning at Rest vs. On-Access: Antivirus software can typically scan files in two ways:
      • Scanning at Rest: This scans files that are currently stored on the drive, but not actively in use. Encrypted drives are inaccessible for "at rest" scans.
      • On-Access Scan: This scans files as they are opened or accessed by the user. If a user decrypts a file by entering their password, then an on-access scan could potentially detect threats within that file at that time.

    Here are some additional points to consider:

    • Pre-Encryption Scans: It's always a good practice to scan a drive for malware before encrypting it. This helps ensure no existing threats are locked away inside the encrypted container.

    If you have any further questions about WithSecure Endpoint Security software and encrypted drives, feel free to ask! The WithSecure community is here to help.

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home