Solution
Check if BitLocker is turned on
To check if you have any volumes have BitLocker Device Encryption turned on, open an elevated Command Prompt and type the following command:
manage-bde -status
Figure 1-1
In the screenshot above, BitLocker has fully encrypted the C:\ volume. In order to use ESET Endpoint Encryption FDE, you must decrypt the C:\ drive first.
You can also see the history of BitLocker by opening a PowerShell command line and typing the following:
Get-WinEvent @{logname='system';ProviderName='Microsoft-Windows-BitLocker-Driver'}
The screenshot below shows an example of this.
Figure 1-2
Remove BitLocker
Method 1: Using the Command Line
If your C:\ volume (or any other volumes) is encrypted with BitLocker as displayed above, then you can decrypt it by following these steps:
- Open an Elevated Command Prompt.
- Type the following command:
manage-bde-off C:
- BitLocker will begin decrypting the selected volume. Once decryption is complete, update the Workstation Details and try to start FDE with ESET Endpoint Encryption again. See I made changes to my client workstation, how do I update the ESET Endpoint Server of this?
For more information, see the following Microsoft article: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-off
Method 2: Using Windows 10 (1809 and later)
Use the Settings interface to turn off BitLocker Device Encryption by following the instructions below:
- Open Windows Settings by pressing Windows key + i.
- Click Update & Security.
- Click Device encryption at the bottom of the left-hand menu.
- Click Turn off.
Figure 2-1
- Click Turn off again to confirm.
Figure 2-2
- Wait for the decryption process to finish.
Figure 2-3
- After decryption is finished, update the Workstation Details and try to start FDE with ESET Endpoint Encryption again. See I made changes to my client workstation, how do I update the ESET Endpoint Server of this?
