Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
51525354555657585960
Table Of Contents
attributes. The results are colorcoordinated, so that it is easy for the administrator to analyze the
results.
Green indicates a single match
Orange indicates more than one match
Red indicates no match
Do 5.x.x policies get imported to 7.x during the migration?
No, 5.x.x policies are not imported to 7.x as part of the migration process. The user should set the
required 5.x.x policies, more importantly the Encrypt policy, in 7.x before upgrading the client.
If you do not change the default Encrypt policy from None to Encrypt in 7.x before the upgrade, the client
system will start decrypting after the upgrade. So, it is always a best practice to configure your required
policies before even initiating the import process.
What happens if the LDAP server used by 5.x.x is not registered in ePolicy
Orchestrator?
All imported users of 5.x.x will appear as unmatched users in ePolicy Orchestrator. So, ensure to
register the same LDAP server used by 5.x.x, then schedule and run the EE LDAP Server User/Group
Synchronization task.
What happens if the LDAP server has been registered, but the EE LDAP Server
User/Group Synchronization task hasn't been scheduled and run?
ePolicy Orchestrator will display an error message when the user initiates the import process. Closing
the error message will guide the user directly to EE LDAP Server User/Group Synchronization task page.
What happens if the 5.x.x machines are not managed by ePolicy Orchestrator?
All imported machines of 5.x.x will appear as unmatched machines in ePolicy Orchestrator. So, make
sure that the systems to be migrated are managed by ePolicy Orchestrator before initiating the import
process.
Upgrade to EEPC 7.0 Patch 1
The primary goal of upgrading the EEPC 5.x.x series to EEPC 7.x is to retain the disk encryption. This
is to make sure that a decrypt and a reencrypt of the disk is not required during the upgrade.
Only one encryption algorithm can be active for all disks, so no matter whatever the algorithm is set in
7.x, if the 5.x.x system has a different algorithm, then that algorithm will be used for all disks even
after migrating to 7.x.
The only way to change the client algorithm is to deactivate EEPC on the client and decrypt
all disks, then reactivate EEPC on it.
All the recovery settings have 4 times as many lines as the AES algorithm. So, setting
recovery key size as Low gives 4 lines of response code with RC5 algorithm.
On migrating from EEPC 5.x.x to EEPC 7.x, the available user password token, SSO, and Self Recovery
details are transferred to EEPC 7.x. To use 5.x.x SSO and Self Recovery data in 7.x, you need to
enable SelfRecovery and SSO in the 7.x policies after importing the users.
Migration and upgrade
Upgrade to EEPC 7.0 Patch 1
6
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
55