The PGPFS.INI file created by Encryption Desktop File Share Encryption can be deleted
search cancel

The PGPFS.INI file created by Encryption Desktop File Share Encryption can be deleted

book

Article ID: 159202

calendar_today

Updated On:

Products

File Share Encryption

Issue/Introduction

When a folder is protected by Encryption Desktop File Share Encryption, a PGPFS.INI file is created in each protected folder.

The PGPFS.INI file contains the File Share ACL (Access Control List) for the protected folder.

This file is invisible to users who have File Share Encryption enabled in Encryption Desktop.

However, users who do not have File Share Encryption enabled in Encryption Desktop or who do not have Encryption Desktop installed at all, can see the PGPFS.INI file using Windows Explorer and can also delete the file if they have appropriate file and folder permissions.

Environment

Symantec Encryption Desktop File Share Encryption release 10.4.2 and above.

Resolution

Upgrade to release 10.5 MP1 or above.

In releases prior to 10.5 MP1, the PGPFS.INI file has the System attribute set. However, although this makes the file invisible from the command prompt and generates a warning when a user without File Share Encryption tries to delete it using Windows Explorer, it does not prevent deletion:

In release 10.5 MP1 and above, the PGPFS.INI file has both the System and the Hidden attributes set. By default, this prevents users without File Share Encryption from being able to see the file using Windows Explorer.

In order to be able to see the PGPFS.INI file in Windows Explorer, the user needs to change folder and search options to do the following:

  1. Show hidden files, folders and drives.
  2. Show protected operating system files.

Even if the user makes these changes to folder and search options, they are still warned when deleting the PGPFS.INI file.

This change in release 10.5 MP1 and above therefore makes accidental deletion of the PGPFS.INI file much more unlikely.

Note that the Hidden and System attributes are generally only available on shared folders hosted on Windows based machines. If the shared folder is hosted on, for example, a Linux based machine, the NTFS.INI file will appear as a standard file.

Additional Information

EPG-22065