Install Guide
Table Of Contents
- Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
- Contents
- Introduction
- Requirements
- Registry Settings
- Install Using the Master Installer
- Uninstall the Master Installer
- Install Using the Child Installers
- Uninstall Using the Child Installers
- Data Security Uninstaller
- Commonly Used Scenarios
- Provision a Tenant
- Configure Advanced Threat Prevention Agent Auto Update
- Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Designate the Dell Server through Registry
- Extract Child Installers
- Configure Key Server
- Use the Administrative Download Utility (CMGAd)
- Configure Encryption on a Server Operating System
- Configure Deferred Activation
- Troubleshooting
- Glossary
wsprobe [-h]
wsprobe [-f path]
wsprobe [-u n] [-x process_names] [-i process_names]
Parameters
Parameter To
path Optionally specify a particular path on the device to scan for possible encryption/
decryption. If you do not specify a path, this utility scans all folders related to your
encryption policies.
-h View command line Help.
-f Troubleshoot as instructed by Dell ProSupport
-u Temporarily disable or re-enable the user Application Data Encryption List. This list
is only effective if Encryption Enabled is selected for the current user. Specify 0 to
disable or 1 to re-enable. The current policy in force for the user is reinstated at the
next logon.
-x Add process names to the privileged list. The computer and installer
process names on this list, plus those you add using this parameter or
HKLM\Software\CREDANT\CMGShield\EUWPrivilegedList, are ignored if specified in
the Application Data Encryption List. Separate process names with commas. If your list
includes one or more spaces, enclose the list in double quotes.
-i Remove process names previously added to the privileged list (you cannot remove
hard-coded process names). Separate process names with commas. If your list includes
one or more spaces, enclose the list in double quotes.
Check Encryption Removal Agent Status
The Encryption Removal Agent displays its status in the description area of the services panel (Start > Run > services.msc >
OK) as follows. Periodically refresh the service (highlight the service > right-click > Refresh) to update its status.
● Waiting for SDE Deactivation - Encryption is still installed, is still configured, or both. Decryption does not start until
Encryption is uninstalled.
● Initial sweep - The service is making an initial sweep, calculating the number of encrypted files and bytes. The initial sweep
occurs one time.
● Decryption sweep - The service is decrypting files and possibly requesting to decrypt locked files.
● Decrypt on Reboot (partial) - The decryption sweep is complete and some locked files (but not all) are to be decrypted on
the next restart.
● Decrypt on Reboot - The decryption sweep is complete and all locked files are to be decrypted on the next restart.
● All files could not be decrypted - The decryption sweep is complete, but all files could not be decrypted. This status
means one of the following occurred:
○ The locked files could not be scheduled for decryption because they were too big, or an error occurred while making the
request to unlock them.
○ An input/output error occurred while decrypting files.
○ The files could not be decrypted by policy.
○ The files are marked as should be encrypted.
○ An error occurred during the decryption sweep.
○ In all cases, a log file is created (if logging is configured) when LogVerbosity=2 (or higher) is set. To troubleshoot, set the
log verbosity to 2 and restart the Encryption Removal Agent service to force another decryption sweep. See (Optional)
Create an Encryption Removal Agent Log File for instructions.
● Complete - The decryption sweep is complete. The service, the executable, the driver, and the driver executable are all
scheduled for deletion on the next restart.
112
Troubleshooting