[KB7191] Using BitLocker and ESET Endpoint Encryption Full Disk Encryption at the same time

Solution

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies to the EEE Client, EEE Server and EFDE. Visit What's new in ESET Full Disk Encryption to view EFDE content.  

You must NOT use multiple disk encryption solutions on a single machine

This is not supported and can lead to permanent loss of data. 

Check if BitLocker is turned on

To check if you have any volumes of BitLocker Device Encryption turned on, open an elevated Command Prompt and type the following command:

manage-bde -status

Figure 1-1

In the screenshot above, BitLocker has fully encrypted the C:\ volume. To use ESET Endpoint Encryption FDE, you must decrypt the C:\ drive first.

You can also see the history of BitLocker by opening a PowerShell command line and typing the following:

Get-WinEvent @{logname='system';ProviderName='Microsoft-Windows-BitLocker-Driver'}

The screenshot below shows an example of this.

Figure 1-2

Remove BitLocker

Back up your data before making changes

Before making any changes to your system, ensure that you have an up-to-date backup of your data.

Method 1: Using the Command Line

If your C:\ volume (or any other volumes) is encrypted with BitLocker as displayed above, then you can decrypt it by following these steps:

  1. Open an Elevated Command Prompt.
     
  2. Type the following command:

    manage-bde -off C:
    Decrypt each drive individually

    If multiple volumes are encrypted with BitLocker, then you will need to decrypt each volume individually.

  3. BitLocker will begin decrypting the selected volume. When decryption is complete, update the Workstation Details and try to start FDE with ESET Endpoint Encryption again. See Updating a Workstation record in the ESET Endpoint Encryption Server.

For more information, see the following Microsoft article: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-off

Method 2: Using Windows 10 (1809 and later)

Use the Settings interface to turn off BitLocker Device Encryption by following the instructions below:

  1. Open Windows Settings by pressing Windows key + i.
     
  2. Click Update & Security.
     
  3. Click Device encryption at the bottom of the left hand menu.
     
  4. Click Turn off.

Figure 2-1

  1. Click Turn off again to confirm.

Figure 2-2

  1. Wait for the decryption process to finish.

Figure 2-3

  1. After decryption is finished, update the Workstation Details and try to start FDE with ESET Endpoint Encryption again. See Updating a Workstation record in the ESET Endpoint Encryption Server. 
English
Last Updated: Jun 10, 2024

Additional resources

User Guides

ESET Forum

YouTube videos

Need further assistance?

Contact ESET Technical Support

More Information

Support News
Customer Advisories
ESET Status Portal