Symantec Drive Encryption For Mac
External Drive Encryption Software
Overview: Full disk encryption software. Symantec Drive Encryption provides organizations with comprehensive, high performance full disk encryption for all data (user files, swap files, system files, hidden files, etc.) on desktops, laptops, and removable media. VeraCrypt owners built the tool from an earlier TrueCrypt fork, but more recent releases.
Symantec Drive Encryption For Mac Windows 10
Mac OS X uses a Utility called Keychain Access, which can store passwords, link other accounts to be unlocked automatically when a particular keychain is unlocked, etc. Symantec Drive Encryption (formerly known as PGP Whole Disk Encryption) also uses the Keychain Access utility for Enrollment of the Symantec Drive Encryption client to the Symantec Encryption Management server (SEMS - formerly known as PGP Universal Server). The entries Symantec Encryption Desktop creates in Keychain are listed as 'PGP Passphrase', 'PGP LDAP' and 'PGP Universal Auth Cookie'. The 'PGP Passphrase' entry will be associated to the user who enrolled to SEMS. Each of these entries are protected with a password that can only be unlocked if the current keychain password is known. Multiple entries may also exist if multiple users have enrolled on the system. It is possible older entries for the same user may exist in which the passphrase may no longer be known.
With Symantec Drive Encryption 10.2.1, if there were any pre-existing PGP entries in Keychain Access, in which the password for those particular entries is currently not known, a Drive Encryption user can be added to the disk, and therefore no passphrase will be known to allow authentication to occur.
What happens during a normal encryption process with the above conditions is the user enters his/her LDAP credentials to enroll. The enrollment process configures a PGP Key, and then adds a user to the disk for Symantec Drive Encryption. A pop-up will appear to confirm the Drive Encryption passphrase matched what was just used, and if this matches, normal encryption will occur. If the passphrases do not match, then the window will not accept the passphrase. If the user then clicks 'cancel' to this pop-up window, and error 'PGPError #-1' occurs.
The end result is the user is left on the disk and no known passphrase is set for that user and there would be no way to authenticate the drive, or decrypt, unless a WDE Admin Passphrase was added to the disk. Also try using a Whole Disk Recovery Token to gain access to the system in this case.