Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Article Number: 000125667

Dell Encryption Enterprise Requires System32 .EXE’s to be Excluded

Summary: Dell Encryption Enterprise (formerly Dell Data Protection Enterprise Edition) exclusions can be added for System32 .EXEs by following these instructions.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Affected Products:

  • Dell Encryption Enterprise
  • Dell Data Protection | Enterprise Edition

Affected Versions:

  • v7.0.x and Later

Microsoft recently modified the Windows update process to change files within the \Windows\System32 directory before Dell Encryption Enterprise drivers are loaded. This may result in SDE encrypted executables (.exe) within the System32 folder being replaced by a clear-text (nonencrypted) file without notifying Dell Encryption Enterprise on the change.

Cause

This causes Dell Encryption Enterprise to attempt to decrypt a nonencrypted file, resulting in a blue screen.

Resolution

Only users using Dell Encryption Enterprise with System Data Encryption (SDE) are affected by this issue. Click the version of your Dell Security Management Server to determine if the issue is present in your environment.

Dell Security Management Server Version 9.2 and Later
  1. Log in to the Dell Data Protection Remote Management Console (RMC).
  2. In the left-menu pane, click Populations.

SLN301956_en_US__1Population
Figure 1: (English Only) Populations

  1. Click Enterprise, Endpoint Groups, or Endpoints. This option depends on where SDE policies are modified in your organization.

SLN301956_en_US__2enterprise
Figure 2: (English Only) Choose Enterprise, Endpoint Group, or Endpoints

  1. Click File/Folder Encryption (FFE).

SLN301956_en_US__3FFE
Figure 3: (English Only) File/Folder Encryption (FFE)

  1. Confirm SDE Encrypted Enabled is checked.

SLN301956_en_US__4sdeencryptionenabled
Figure 4: (English Only) Verify SDE Encrypted Enabled

Note: This issue does not affect your environment if SDE Encrypted Enabled is not checked.
  1. Under SDE Encryption Rules look for %ENV:SYSTEMROOT%\SYSTEM32\;exe or C:\Windows\System32\;exe without a - symbol.

Example of a policy with the issue:

C:\Windows\System32\;exe
@C:\Windows\System32\;exe
%ENV:SYSTEMROOT%\System32\;exe
@%ENV:SYSTEMROOT%\System32\;exe
Note: The syntax may include a ^, ^2 or ^3 symbol.

If you are unable to find syntax similar to the above examples, then you are not affected by the issue. If you find syntax similar to the above example, go to: How do I fix the issue?

Dell Data Protection | Enterprise Edition Server Version 7.0.X - 9.1.5
  1. Log in to the Dell Data Protection Remote Management Console (RMC).
  2. In the left-menu pane, select Enterprise, Endpoint Groups, or Endpoints. This option depends on where SDE policies are modified in your organization.

SLN301956_en_US__7PROTECT&MANAGE
Figure 5: (English Only) Choose Enterprise, Endpoint Groups, Endpoints

Example of a policy with the issue:

Note: The syntax may include a ^, ^2 or ^3 symbol.

If you are unable to find syntax similar to the above examples, then you are not affected by the issue. If you find syntax similar to the above example, go to: How do I fix the issue?

  1. Select Security Policies tab.

SLN301956_en_US__8securitypolicies
Figure 6: (English Only) Security Policies

  1. If the template menu appears, click Override and then go to step 5.

SLN301956_en_US__9override
Figure 7: (English Only) Override

  1. From the Policy Category drop-down, select Windows Encryption.

SLN301956_en_US__10windows encryption
Figure 8: (English Only) Select Windows Encryption

  1. Expand Fixed Storage.

SLN301956_en_US__11Fixedstorage
Figure 9: (English Only) Fixed Storage

  1. Confirm SDE Encryption Enabled is set to true. If SDE Encryption Enabled is False, then you are not affected by this issue.
  2. Under SDE Encryption Rules look for %ENV:SYSTEMROOT%\SYSTEM32\;exe or C:\Windows\System32\;exe without a "-" symbol.
C:\Windows\System32\;exe
@C:\Windows\System32\;exe
%ENV:SYSTEMROOT%\System32\;exe
@%ENV:SYSTEMROOT%\System32\;exe

Click the version of your Dell Data Security Server / Dell Data Protection Server for the solution.

Dell Security Management Server Version 9.2 and Later
  1. Log back into the RMC and go the SDE Encryption Rules section (covered in How do I know if I am affected?).
  2. Add a "-" (minus) symbol to the syntax in question.
    Example of change:

SLN301956_en_US__13before92
Figure 10: (English Only) Before

SLN301956_en_US__14after92
Figure 11: (English Only) After

  1. In the upper right menu, click Save.

SLN301956_en_US__1592save
Figure 12: (English Only) Save

  1. In the left-menu pane, click Management.

SLN301956_en_US__16management92
Figure 13: (English Only) Management

  1. Click Commit.

SLN301956_en_US__17commit92
Figure 14: (English Only) Commit

  1. Under the Commit menu, optionally enter comments about the policy change, and then press Commit Policy.
  2.  Endpoints using Dell Encryption Enterprise will pick up the new policy change on the next policy poll and begin decrypting .exe’s within the System32 folder.

This may result in BSODs if .exe extensions are encrypted with System Data Encryption (SDE), Common, or User.

Note: This is a default policy as of v9.2.
Dell Data Protection | Enterprise Edition Server Version 7.0.X - 9.1.5
  1. Log back into the RMC and go to the SDE Encryption Rules section (covered in How do I know if I am affected?).
  2. Add a "-" (minus) symbol to the syntax in question.

Example of change:

SLN301956_en_US__19before915
Figure 15: (English Only) Before

SLN301956_en_US__20after915
Figure 16: (English Only) After

  1. In the bottom-right corner, click Save.

SLN301956_en_US__21save915
Figure 17: (English Only) Save

  1. In the left menu pane, click Commit Policies (under Actions).

SLN301956_en_US__22commitmenu
Figure 18: (English Only) Commit Policies

  1. Optionally enter a comment about the policy change and then click Apply Changes.
  2. Endpoints using Dell Data Protection | Enterprise Edition will pick up the new policy change on the next policy poll and begin decrypting .exe’s within the System32 folder.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Article Properties

Affected Product

Dell Encryption

Last Published Date

02 May 2023

Version

8

Article Type

Solution

Back to Top