Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Table Of Contents

Table 3-1 Recommended Product Settings Policies (continued)

Policy

Options

Recommendations

Encryption

Providers Tab

(Windows

only)

• Use compatible MBR — Leave this option unchecked (disabled). This causes EEPC to boot

a built‑in fixed MBR instead of the original MBR that was on the system after pre‑boot

logon.

It is used to avoid problems with some systems that had other software that runs from

the MBR and no longer work if EEPC is installed.

• Fix OS boot record sides — Leave this option unchecked (disabled). Some boot records

report an incorrect number of sides. Selecting this option fixes this on the client

system. This is available only when you install the EEPC extension.

• Use Windows system drive as boot drive — Leave this option unchecked (disabled). This is for

maintaining the compatibility with some systems where the disk 0 is not the boot

disk. Selecting this option forces the users product to assume that the boot disk is the

one that contains the Windows directory but not disk 0.

• Enable Pre‑Boot Smart Check (BIOS‑based systems only) — Leave this option checked (enabled)

only when needed. When you enable this feature, it modifies the EEPC activation

sequence and creates a pre‑activation stage, where a series of hardware compatibility

checks are performed prior to actual activation and subsequent encryption to

successfully activate EEPC on platforms where BIOS issues might exist.

This feature is available only for BIOS systems using PC software encryption, and is

not available for UEFI or Opal systems.

There will be several reboots of the client system before the Smart Check is

completed.

• Force system restart once activation completes — Leave this option checked only when needed.

(enabled). This option is selected by default when you select the Enable Pre‑Boot Smart

Check (BIOS based systems only) option to restart your system after activation.

PC Opal

(Windows

only)

This option requires all the drives in your client system to be Opal for the PC Opal

encryption provider to be activated.

Mac Software

• Allow software updates — Allows the user to perform the software update for Mac OS X

from the Apple update server.

• Allow software updates but warn users—Leave this option checked (enabled). Allows the user

to perform the software update for Mac OS X from the Apple update server. However,

the following notification is displayed before the software update is performed:

Applying Operating System or Firmware updates to systems with McAfee Endpoint

Encryption for Mac installed can potentially cause problems. For more information,

refer to the https://kc.mcafee.com/corporate/index?page=content&id=KB68921

KnowledgeBase article.

• Block software updates—This is optional because the administrator can block software

updates as per the requirements.

Software configuration and policies