FEATURE REQUEST: Do not automatically set default password when using Endpoint Encryption Removable Media Encryption
Last Updated May 15, 2019
There are two scenarios in which the default password for Symantec Endpoint Encryption (SEE) Removable Media Encryption (RME) is automatically set:
If a user has no default password set and attempts to copy data to external devices, the password set for this data transfer becomes the default password, with no opt-out option. The user would then need to manually open the user client and change it or disable it.
When User 2 opens User 1's RME-encrypted file and has not yet set a local default password, User 2's decrypt window has the option to set the password used to decrypt as the default password (the option is automatically checked). This means that whatever password User 2 is using to open the file will become their default password. Any files User 2 encrypts will automatically be encrypted to User 1's password because it has now been set as User 2's default password. This creates an issue because User 2 may not remember User 1's password. This may also be undesired behavior.
Additionally, User 2 may unintentionally encrypt files to User 1's default password and give those files to User 3. Now both User 2 and 3 cannot access the files.
Finally, when the default password is changed, any files encrypted to that password previously do not have their password updated until they are plugged into the same machine again and are unlocked with the old default password. Thus, User 2 could unintentionally encrypt some files with User 1's default password before changing their default password. User 2's new password will only be updated on those files after they have been decrypted using User 1's default password.
Both situations have a potential workaround:
After encrypting, manually open the SEE Management Agent on the client computer and change or disable the default password option.
When decrypting, ensure the set default password box is unchecked. If an incorrect password attempt is made you will need to uncheck the box again. If the default password was unintentionally set while decrypting, the user can manually open the SEE Management Agent on the client computer and change or disable the default password option.
Symantec Corporation is committed to product quality and satisfied customers. This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product.
Technical Support filed a Feature Request to add this product feature. Note that an feature request is exactly that, a request. There is no committed date for this request from the Endpoint Encryption Product Management team, nor from the Endpoint Encryption team at this time.
Please be sure to refer back to this document periodically as any changes to the status of the request will be reflected here.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe