Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1
5140(513-0015)
McAfee, Inc.
McAfee, Inc.
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, USA
Tel: (+1) 888.847.8766
Internet: www.mcafee.com
For more information regarding local McAfee representatives please contact your local McAfee
office, or visit:
www.mcafee.com
Copyright (c) 1992-2008 McAfee, Inc., and/or its affiliates. All rights reserved.
McAfee, SafeBoot and/or other noted McAfee related products contained herein are registered
trademarks or trademarks of McAfee, Inc., and/or its affiliates in the US and/or other
countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any
other non-McAfee related products, registered and/or unregistered trademarks contained
herein is only by reference and are the sole property of their respective owners.
2
McAfee, Inc.
Contents
1. INTRODUCTION ............................................................................ 1-1
1.1 SAFETECH OVERVIEW ............................................................................................ 1-1
1.2 PRIOR KNOWLEDGE ............................................................................................... 1-1
3
McAfee, Inc.
4
McAfee, Inc.
Table of Figures
FIGURE 1 SAFETECH AUTHROIZATION CODE 3‐5
FIGURE 2 ‐ THE WORKSPACE 3‐6
FIGURE 3 ‐ DISK INFORMATION 3‐7
FIGURE 4 – INSERT THE START SECTOR VALUE (63) 3‐9
FIGURE 5 ‐ FORCE CRYPT/DECRYPT SECTORS 3‐10
FIGURE 6 ‐ ENUMERATE ALGORITHMS 3‐12
FIGURE 7 ‐ SET ALGORITHM 3‐13
FIGURE 8 ‐ CHECKING THE SBADMIN ALGORITHM 3‐13
FIGURE 9 ‐ CONTACT DETAILS 3‐14
FIGURE 10 ‐ ABOUT DISPLAY 3‐14
FIGURE 11 ‐ THE SAFETECH WORKSPACE 4‐15
FIGURE 12 ‐ CREATING THE SAFETECH BOOT DISK 5‐17
FIGURE 13 ‐ THE DEVICES TAB 5‐18
FIGURE 14 ‐ THE MACHINE GROUP 5‐18
FIGURE 15 ‐ EXPORT CONFIGURATION 5‐19
FIGURE 16 ‐ THE LOCATION OF THE BOOTABLE DISK 5‐20
FIGURE 17 ‐ ENTERING THE SAFETECH CODE 5‐21
FIGURE 18 ‐ SELECTING AUTHENTICATE FROM SBFS 5‐22
FIGURE 19 ‐ LOGIN WITH SELECTED TOKEN 5‐23
FIGURE 20 ‐ ENTER THE USERNAME AND PASSWORD 5‐23
FIGURE 21 ‐ SELECT RESET INT13 VECTOR 5‐24
FIGURE 22 ‐ INT13 VECTOR RESET MESSAGE 5‐24
FIGURE 23 ‐ VIRUS PROTECTION OPTION 5‐25
FIGURE 24 ‐ CLIENT MACHINE SYNCHRONIZATION MENU 5‐26
FIGURE 25 ‐ ENTER THE AUTHENTICATION CODE 5‐27
FIGURE 26 ‐ LOADING VALUES FROM A MACHINE’S DATABASE 5‐27
FIGURE 27 ‐ AUTHENTICATE FROM DATABASE 5‐28
FIGURE 28 ‐ SELECT THE MACHINE NAME 5‐29
FIGURE 29 ‐ CHOOSING EMERGENCY BOOT OPTION 5‐29
FIGURE 30 ‐ CHOOSE THE OPERATING SYSTEM 5‐30
FIGURE 31 ‐ CONFIRM EMERGENCY BOOT 5‐30
FIGURE 32 ‐ THE CLIENT STATUS SCREEN 5‐31
FIGURE 33 ‐ AUTHORIZATION CODE PROMPT 5‐32
FIGURE 34 ‐ SELECTING AUTHENTICATE FROM SBFS 5‐32
FIGURE 35 ‐ SELECT TOKEN 5‐33
FIGURE 36 ‐ ENTER YOUR USERNAME AND PASSWORD 5‐34
FIGURE 37 ‐ THE REMOVE SAFEBOOT OPTION 5‐34
FIGURE 38 ‐ SAFETECH REMOVING SAFEBOOT ENCRYPTION AND BOOT LOGON 5‐35
FIGURE 39 ‐ AUTHORIZATION CODE 5‐37
FIGURE 40 ‐ AUTHENTICATE FROM DATABASE 5‐38
FIGURE 41 ‐ SELECT THE FILE NAME 5‐38
FIGURE 42 ‐ SELECT MACHINE 5‐39
FIGURE 43 ‐ SELECT REMOVE SAFEBOOT 5‐39
FIGURE 44 ‐ REMOVING SAFEBOOT 5‐40
FIGURE 45 ‐ THE SAFEBOOT WINTECH OPTION 5‐41
FIGURE 46 ‐ THE WINTECH AUTHORIZATION SCREEN 5‐42
FIGURE 47 ‐ EXAMPLE CODE 5‐42
FIGURE 48 ‐ THE INFORMATION BAR 5‐42
FIGURE 49 ‐ THE AUTHENTICATE FROM DATABASE OPTION 5‐43
5
McAfee, Inc.
1. Introduction
1-1
McAfee, Inc.
2. Using SafeTech/WinTech
2.2 Concepts
2.2.1 SafeTech
SafeTech is SafeBoot’s comprehensive low level diagnostic, repair and
recovery utility. It runs from the OnTime 32 bit Operating System and
has the look of Windows but is not a true Windows application.
SafeTech has some unique advantages as well:
The only disadvantage WinTech has is the ability to perform an
Emergency Boot, whereas this feature is available in SafeTech created
from the directory.
2.2.2 WinTech
WinTech is the true Windows version of SafeTech and offers several
advantages:
1) The ability to booting directly from a Bart PE or Windows PE/RE boot
environment using CD, DVD or bootable USB stick giving administrators
the ability to utilize the same recovery environment they used always
used for Disaster Recovery and Repair.
2) The new MOUNT drive feature allows data on an encrypted drive to
be accessed quickly once authorized. There is no need to completely
decrypt the drive first to get to important files or documents. Data is
decrypted on-the-fly from the encrypted disk and this allows full access
to the contents.
2-2
McAfee, Inc.
3) Easier access to USB drives and memory sticks that have been
encrypted using the new 5.x DE optional USB removable drive support.
Although normally an encrypted USB flash memory stick or external
USB drive would only be accessible from the machine it was encrypted
from, SafeBoot’s WinTech utility allows these encrypted drives to be
mounted and viewed or the contents removed without requiring access
to the original working machine as long as the machine key is still
available in the Master Object Directory of the SafeBoot Management
Center.
2-3
McAfee, Inc.
2-4
McAfee, Inc.
3. SafeTech Commands
3.1 File
3.1.1 Authorize
This screen allows you to enter the SafeTech access code to unlock
dangerous features. You only need to use this option if you started
SafeTech without entering the code, and then chose to enter the code.
Once a correct code has been entered, the SafeTech status bar changes
to show “Authorized” access.
3.1.2 Quit
This option exits SafeTech and restarts the system.
3-5
McAfee, Inc.
3.2 Disk
3.2.1 Open Workspace
This option opens the Workspace. For assistance on how to use the
SafeTech/WinTech workspace, please contact SafeBoot support.
3-6
McAfee, Inc.
Disk Information
GUID – The unique GUID of this disk (a Device Encryption construct)
Alg ID - The SafeBoot Algorithm used to encrypt the disk
Database ID – The SafeBoot Database ID (hexadecimal) of the host
SafeBoot Database that this machine has registered its keys to, and is
accepting policy updates from. You can determine the Database ID
through SBAdmin by looking at the License Information.
Machine ID – This is the machine unique object ID. You can find the
machines corresponding policy object by authenticating to the correct
SafeBoot Database (using the Database ID above to ensure you’re
connected to the correct DB). Then click the “SafeBoot Machines
Group” node in the Devices tab, then click the “Groups” → “Find” and
search for the appropriate Object ID – in the example above it would be
00000003.
SBFS Sector Map – This is the sector location at the beginning of the
SBFS Sector map. The SBFS Sector map defines the ranges of sectors
on the users’ hard disk which contain the Device Encryption pre-boot
environment.
SBFS Sector Map Count – This is the size of the sector map.
Key Check – A hash of the encryption key used to protect the
machine. This is used to verify keys are correct.
3-7
McAfee, Inc.
Crypt List
Region Count – The number of defined crypted areas of this logical
disk. This usually corresponds to the number of partitions on the drive.
Region … - Each region is defined as follows:
Start Sector – The physical start sector of the region
End Sector – The last physical sector included in the region
Sector Count – The number of sectors included in this region
PowerFail Status – Device Encryption tracks the progress of
encryption on the drive to ensure that if power is lost during
encryption, the process is recoverable.
Status – Determines whether the drive is currently in powerfail state.
A status of Inactive Indicates that the current encryption process has
finished.
Partition – A section per Logical partition on this physical drive as
follows:
Partition Number – The unique partition number
Partition Type – The file system detected on this partition
Partition Bootable – Whether the partition is bootable or not
Partition Recognised – Whether the partition is recognized as viable
Partition Drive Letter – The detected drive letter of this partition
Partition Start Sector – The physical start sector of the partition
Partition End Sector – The physical end sector of the partition
Partition Sector Count – The number of sectors in the partition
3-8
McAfee, Inc.
3-9
McAfee, Inc.
3-10
McAfee, Inc.
3.3 SafeBoot
3.3.1 Authenticate from SBFS
This authentication is through entering the correct userid and password
when presented with that screen.
3.4 Algorithms
3.4.1 Enumerate Algorithms
Enumerates through each possible algorithm and tries to load it from
the SafeTech boot file. The algorithms are contained within the
SafeTech program themselves.
3-11
McAfee, Inc.
3-12
McAfee, Inc.
3-13
McAfee, Inc.
3.5 Options
3.5.1 Set Background Colour (SafeTech only option)
This option allows the background colour of the screen to be set to
improve clarity on older monitors. You can choose from Black, Red,
Green, Blue, or White.
3.6 Help
3.6.1 Contact
3.6.2 About
3-14
McAfee, Inc.
4. The Workspace
4-15
McAfee, Inc.
5. Troubleshooting
SCENARIO II:
Updated the machine’s BIOS and now boot to a virus warning
Follow the Reset INT 13 Vector procedure
SCENARIO III:
Boot to missing operating system while the machine is in the process of
encrypting or decrypting
Follow the Encryption and Boot Sector Removal: Method 1 procedure
SCENARIO IV:
Boot to missing operating system after machine has successfully
encrypted
Follow the Encryption and Boot Sector Removal: Method 2 procedure
SCENARIO V:
Copy Data from a corrupted encrypted drive without removing
encryption.
Follow the Mount Drive (WinTech Only option) procedure
SCENARIO VI:
Copy Data from an encrypted external USB attach drive or USB flash
drive.
Follow the Mount Drive (WinTech Only option) procedure
5-16
McAfee, Inc.
3. Select the media to use as the recovery disk and save it.
5-17
McAfee, Inc.
5-18
McAfee, Inc.
4. For normal use uncheck all three items under “Options” to save
disk space.
5-19
McAfee, Inc.
5-20
McAfee, Inc.
5-21
McAfee, Inc.
5-22
McAfee, Inc.
9. Go to the Tool Bar menu and open the SafeBoot drop down
menu. Select “RESET INT13 Vector” from the menu.
5-23
McAfee, Inc.
5-24
McAfee, Inc.
After the BIOS has been upgraded the option is re-enabled, applied,
and the machine is synchronized. This will again protect the boot sector
of the machine.
5-25
McAfee, Inc.
5-26
McAfee, Inc.
5-27
McAfee, Inc.
5-28
McAfee, Inc.
9. Please click “Yes” if you are using Windows XP (or earlier), or,
click “No” if you are using Windows 2003, Vista and higher.
5-29
McAfee, Inc.
5-30
McAfee, Inc.
5-31
McAfee, Inc.
5-32
McAfee, Inc.
5-33
McAfee, Inc.
5-34
McAfee, Inc.
10. This will decrypt the drive and remove the boot sector. It may
take some hours depending on the machine performance and the
storage capacity of the drive or partition.
11. Next, when the machine has been removed, delete its record
from the SafeBoot directory (the central record no longer has the
correct parameters for the machine). See the Device Encryption
Administrators Guide for further information, or, contact your
SafeBoot Database Administrator.
5-35
McAfee, Inc.
5-36
McAfee, Inc.
5-37
McAfee, Inc.
6. Next select the current machine name shown in the open window.
Then click OK.
5-38
McAfee, Inc.
5-39
McAfee, Inc.
5-40
McAfee, Inc.
Any USB sticks or drives you need to access later will need to
be plugged in before Windows PE starts to load, this includes
any encrypted disks you wish to access, or any disk
containing the machine export database.
5. WinTech will then load. It will prompt for the authorization code
(this code can be obtained from SafeBoot Support). Enter the
code.
5-41
McAfee, Inc.
Notice the Info bar at the bottom of the tool reports “Not Authorized”
until the code has been correctly entered. After the code has been
entered, this changes to Authorized.
5-42
McAfee, Inc.
5-43