[KB7191] Using BitLocker and ESET Endpoint Encryption Full Disk Encryption at the same time

Issue

Solution

Do not use multiple disk encryption solutions on a single machine

Multiple disk encryption solutions on a single machine are not supported and can lead to permanent data loss.

Verify BitLocker is turned on

To verify if any volumes of BitLocker Device Encryption are turned on, open an elevated Command Prompt and type manage-bde -status

For example, in the screenshot below, BitLocker has fully encrypted C:\. To use ESET Endpoint Encryption FDE, decrypt C:\ first.

Figure 1-1

BitLocker history

Open a PowerShell command line and type Get-WinEvent @{logname='system';ProviderName='Microsoft-Windows-BitLocker-Driver'}

Figure 2-1

Remove BitLocker with Command Line

Back up your data before making changes

Before making any changes to your system, ensure you have an up-to-date data backup.

  1. Open an Elevated Command Prompt.

  2. Use the manage-bde prompt. Type manage-bde -off C:

  3. BitLocker will begin decrypting the selected volume. When decryption is complete, update the workstation and start FDE with ESET Endpoint Encryption again.

  4. Repeat the process for each drive that requires decryption. 

Remove BitLocker with Windows 10 (1809 and later)

  1. Open Windows Settings.

  2. Click Update & Security.

  3. Click Device encryption.

  4. Click Turn off.

  5. Click Turn off again to confirm.

  6. Wait for the decryption process to finish.

  7. When decryption is complete, update the workstation and start FDE with ESET Endpoint Encryption again.

Last Updated: May 28, 2025

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?