Versions / Builds AffectedAgent build 20121115
Problem SummaryIf you have a device encrypted by ESEC, and log on with a power user to a machine where the agent is installed, you will not be able to run the traveler application as it just doesn't load
TT / JIRAID256
How to Identify1. Encrypt a device with agent build 20121115
2. Log on to the agent machine with a user that is a Power User in the ESEC policy
3. Try to run traveler.exe, nothing happens
Issue happens with agent build 20121115 and possibly previous agents, but does not happen with the release agent build 20120104. Devices encrypted with the release agent should continue to work regardless of the agent currently installed on the computer.
Workaround / Fix DetailsFixed in GFI EndPointSecurity 2013 (build 20130306)
Remove the user/group from the Power Users, and instead add permissions in the policy for the Administrators group and allow it full access to everything. With this configuration the agent will show the password prompt when plugging in an encrypted device. Two important notes when you use this workaround:
1. If the user/group doesn't have Encryption enabled for them in the policy, the password prompt will also give the user the option to remove the encryption
2. If the user/group has Encryption enabled for them in the policy, they will get the normal password prompt with no option to remove encryption. However this also means that the user will have to encrypt any USB storage device they plug in when logged in as a local admin
Note that the problem will occur with devices that were encrypted with the problem agent, regardless of the agent currently installed.
Required Actions1. Ask the customer to upgrade to the latest build and re-encrypt the device
2. Attach this article to the case