Configuring security encryption

GFI EndPointSecurity enables you to configure settings which specifically cater for encrypted devices. It also enables you to encrypt devices which are not yet secured.

This section contains information about:

• Configuring Microsoft BitLocker To Go devices
• Configuring Volume Encryption

Configuring Microsoft BitLocker To Go devices

GFI EndPointSecurity can detect storage devices encrypted with Microsoft BitLocker To GoA Microsoft Windows 7 feature to protect and encrypt data on removable devices.. This enables you to configure different permissions on such devices.

To enable Microsoft BitLocker To Go detection:

1. From GFI EndPointSecurity management console, click Configuration tab > Protection Policies.
2. From the left pane, select the protection policy for which to apply the encryption policy.
3. From the right pane, click Encryption in the Security section.

Encryption options - General tab

4. Select Enable detection of encrypted devices and click Configure.

Encryption options - Permissions tab

5. Click Add… to specify the users and groups with access to encrypted devices.

Encryption options - File-type Filter tab

6. Select the File-type Filter tab to configure the file-types to restrict.
7. Select the restriction to apply to this policy:

• Use the same File-type filtersA set of restrictions that are assigned to users and groups per file-type. Filtering is based on file extension checks and real file type signature checks. used for non-encrypted devices
• Allow all files but block the usage of the following file types
• Block all files but allow the usage of the following file types.

8. Use the Add, Edit and Remove buttons, to manage file types.
9. Click OK.

Configuring Volume Encryption

Volume Encryption enables you to encrypt the contents of USB devices using AES 256 encryption. When volume encryption is enforced, users must provide a password to encrypt or access storage devices data. To enforce Volume Encryption on installed agents:

1. From GFI EndPointSecurity management console, click Configuration tab > Protection Policies.
2. From the left pane, select the protection policy for which to apply encryption policy.
3. From the right pane, click Encryption in the Security section.

Encryption options - General tab

4. Select Enable volume encryption. Click Configure. Click Reset user password to reset the encryption password for a specific user.

Encryption options -Security tab

5. From the Security tab, configure the features described below:

Option	Description
Recovery Password	Key in a password used if users forget or lose their passwords.
Enable user password security	Enforce restrictions to passwords specified by end users. In Minimum password length, specify the minimum acceptable password length.

Encryption options - Users tab

6. Select Users tab and configure the following options:

Option	Description
Enforce all users in the following list	Select the users that will have volume encryption enforced on their portable devices. Use the Add and Remove buttons to manage selected users.
Enforce all users except those in the following list	Select the users that will be exempt from volume encryption. Use the Add and Remove buttons to manage selected users.

Encryption options - Traveler tab

7. Select Traveler tab and configure the following options:

Option	Description
Copy Traveler to device for the following users	Select the users that will have Traveler installed on their machines. Use the Add and Remove buttons to manage selected users.
Copy Traveler to device for everyone except the following users	Select the users that will be exempt from having Traveler installed. Use the Add and Remove buttons to manage selected users.

8. Click Apply and OK.