Best Practices for Data Recovery using Symantec Endpoint Encryption - Full Disk (SEE-FD)
Last Updated April 29, 2019
What are the Best Practices for Data Recovery using SEE-FD?
When a computer encrypted with Symantec Endpoint Encryption - Full Disk experiences a failure of any type, it is the policy of Symantec Technical Support to use a step-by-step approach to attempt to access and backup the computer’s encrypted files prior to any attempts to restore the system so as to protect against possible data loss during the repair process.
IMPORTANT NOTE: Symantec highly recommends that you contact technical support at the earliest possible convenience when dealing with a technical issue that involves critical data. Please document all events that preceded the problem, list any actions taken, and error messages encountered.
The Recovery Process Steps Summary:
It is recommended that the following actions take place in the order listed for the best possible chance at recovering data. 1. Contact your internal help desk for assistance. 2. Contact Symantec Technical Support for assistance. 3. Run “Recover /a”. 4. Run the SEE Hard Disk Access utility and back up any data. 5. Perform a Hard Drive consistency check. 6. Perform a hard drive backup using a “sector by sector” copy method. 7. Run “Recover /d” emergency decryption.
Contacting internal help desk (Step 1)
The Contact your internal help desk for assistance
The recommended first step, after contacting your internal company help desk and the Symantec technical support team, will be to attempt to repair the SEE Hard Disk Operating System (RTOS) if it has been damaged. The use of the recover utility with the /a parameter will not harm the drive or any data it contains.
The command to run this utility is: “recover /a”
WARNING: Do not run the recover program with the “/d” or “/b” parameters until instructed to do so, or there could be the risk of data loss.
Endpoint Encryption Hard Disk Access Utility (Step 4)
Symantec recommends running the Hard Disk Access Utility and attempting to back up the data to a secondary location for safe keeping.
Hard Drive Consistency Check (Step 5)
Using the hard drive manufacturers recommended method, perform a low level consistency check to verify that the hard drive hardware is operating normally. This is to eliminate the possibility that a mechanical failure is the root cause of the problem. This will usually require a separate boot disk with the manufacturer’s utility on it.
Hard Drive Backup (Step 6)
At this point, a backup of the hard drive should be taken for protection against possible data corruption. Further attempts at recovering data will involve writing to the drive and will increase the risk of data loss. Symantec recommends that Symantec Ghost be used to create a “sector-by-sector” copy of the hard drive.
Symantec Technical Support can provide instructions on performing a sector-by-sector backup of the hard drive.
Run “Recover /d” (Step 7 - Emergency decryption)
The emergency decryption process is used to decrypt a hard drive in the event that normal decryption methods are unsuccessful. The emergency decryption utility is a very powerful tool that will decrypt the entire hard drive when authorized by a Hard Disk administrator. There are some very important points to keep in mind when using this utility:
Never stop the emergency decryption process while in progress!
Do not run the “recover /d” command more than once, even if it did not appear to work.
Be patient! The program may appear to be working slowly or not at all at certain points, but the program is most likely still running.
Do not run Recover /d more than once – it will cause file corruption on the hard drive (making any data unrecoverable).
Imported Document ID: TECH104300
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe