Avatar of Craig Paulsen
Craig Paulsen
Flag for New Zealand asked on

Symantec Encryption Software

Hi Experts,

I would like to know whether the Symantec encryption software can encrypt only a certain part of a HDD, for example. we don't want to encrypt the system drive
We find the Symantec Encryption software is slowing down the laptop performance.
Management now only wants the files and folders under the document settings and the temp files to be encrypted.Is this possible?
Can you refer me to a white paper or any article advising whether this can/cannot be done.
Can you please advise if this is possible  and with out rebuilding  a laptop and partition the drive into two disk?
Anti-Virus AppsOS SecurityEncryption

Avatar of undefined
Last Comment
Rich Rumble

8/22/2022 - Mon
Craig Paulsen

anyone that could advise on this please?
Simon Earl

Yes but for gods sake don't do it !!!

It's available from within the hard disk module in the management console

Rich Rumble

First something to make sure your aware of, Full disk encryption only protects from off-line attacks, like a laptop is stolen, or a HD is removed. If the laptop is booted up and unlocked, and I steal it from you, I can access anything I want, you've already unlocked it. This is the same for a virus or malware, once the laptop is unlocked, and boots up, it looks like any other HD to any other program.
If speed is an issue with your fully encrypted disc's then perhaps you can select another encryption format? Perhaps move "down" from AES-256 to AES-128 or something like that?
There are also other programs you can try, and even HD's that have FDE builtinto them:
TrueCrypt is another application you can try once the Symantec encryption is removed
Your help has saved me hundreds of hours of internet surfing.
Craig Paulsen

thanks guys,
@legalsrl -> what are the reasons for not recommeding this?
Simon Earl

We are the lead UK GuardianEdge partner (now Symantec after the acquisition)

All of the UK legislation states that the whole disk must be encrypted as users will chose the easiest place to save things.....

If you're trying to boost performance, then use SSDs, Hardware Encrypted Drives or increase the memory in the devices

The only way you will achieve this is to actually create a seperate partition and force a redirect of the My Docs folder to the new partition using GPOs

Once that's done you can encrypt the separate partition, but that is going to render the Pre Boot Authentication useless....

You can do it, but I really wouldn't do it......

If you want to go down that route, then you are looking at using Bitlocker rather than the GuardianEdge piece

Rich Rumble

SSD's are a bit overkill, but if you did go SSD, do not use software to encrypt them, they have to be hardware encrypted: http://www.truecrypt.org/docs/?s=wear-leveling
A hardware encrypted traditionaly drive is typically just as if not more cost effective than an SSD, especially if you break it down to MB/TB per Dollar.

If anyone suggests EFS, I will kill them :p Also EFS does not support temp files being encrypted.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Craig Paulsen

currently using the max mem on these 32bit Win XP notebooks,
u mentioned this can be done from within the HDD disk modules management console? I will check this out tonight, any instructions?
Craig Paulsen

@legalsrl: I can't see a place in the MM console of SEE as to where you can encrypt only part of the drive, instructions??

For symantec, check this out -mentioned to be ok for SEE 7.0.4.

@ http://www.symantec.com/connect/forums/secondary-partition-encryption-only

This table of comparison is useful

@ http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software#Layering
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Craig Paulsen

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Craig Paulsen

it's not possible to encrypt specific files and folders only on a partition,
Rich Rumble

If you look at pgp,do yourself a favor and look at free alternatives as well True Crypt and FreeOTFE, and make sure symantec knows your looking at them :)
No objections btw.