[KB7133] What is Full Disk Encryption Safe Start in ESET Endpoint Encryption?


ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE. Visit What's new in ESET Full Disk Encryption to view EFDE content.

  • Safe Start is available in client versions 4.6.9 and later and DESlock Enterprise Server versions 2.4.23 or ESET Endpoint Encryption Server version 3.0 and later.


Safe Start is a pre-encryption test designed to ensure your machine starts successfully once encrypted. ESET Endpoint Encryption (EEE) will install the Full Disk Encryption mbr bootloader and use it to start Windows before any encryption of the disk occurs. Under normal circumstances, Safe Start initiates and your PC will restart displaying the following screen:

Figure 1-1

Alternatively, on a workstation utilizing a Legacy BIOS, Safe Start may appear as shown below:

Figure 1-2

Safe Start ensures the machine is fully supported and allows encryption with ESET Endpoint Encryption Full Disk Encryption. A machine may be incompatible with Full Disk Encryption utilities (EEE, or any other tool) for several reasons, including different disk controller types, such as RAID, or any third-party drivers that may be installed.

If the machine is not compatible and fails to start, Safe Start will attempt to automatically repair the problem and log back into Windows. If Safe Start cannot automatically repair the problem, the machine can be restored using the system repair, because the machine will not be encrypted.

The actual encryption operation will only proceed if Safe Start detects no issues. Safe Start guarantees the safety of your machine and any data on it since Full Disk Encryption only occurs once Safe Start has determined that your machine can start safely with the EEE bootloader.