CmgAd.exe utility

@josebilbao 

CMGAD is designed to download the bundle only through the UI (either through admin or forensic mode). What is the use case needing to download via CLI or UI? I may be able to file an enhancement if I understand the business case.

Alternatively, you can use CMGALU to download key material (on demand) to unlock data via CLI. 

Admin guide has a bit more info on CMGALU: https://topics-cdn.dell.com/pdf/dell-dp-endpt-security-suite-enterprise_administrator-guide2_en-us.pdf

-Brian

L4 | Dell Endpoint Security #IWork4Dell

Hi Brian,

I am creating a tool to automate Dell encryption removal from a machine. Dell Data Security Uninstaller gets stuck removing Cylance so I have script that stops the services before continuing with the uninstall process: https://coad.ca/2018/10/11/how-to-uninstall-cylance-protect-without-the-uninstallation-password/

I enabled the removal agent logs in the registry, downloaded a key bundle manually (CmgAd.exe ), use "get-wmiobject -class win32_product" to find products identify numbers and run this line:

msiexec.exe /X { IdentifyingNumber } CMG_DECRYPT=2 DA_KM_PATH="path_to_key" DA_KM_PW="passphrase" NOREBOOT /silent

However, I can't remove encryption and decrypt the hard disk.

Thanks

@josebilbao 

I know this wasn't originally your intention by this post, but I'd like to explore your uninstall issues and see if we can simplify them a bit. 

Based on your comments, you are using Dell Encryption Enterprise with Cylance Advanced Threat Prevention. 

In the administration console, do you currently have Prevent Service Shutdown from Device under Execution Control checked? 

If so, this will prevent the graceful removal of the software. If you don't have this checked, can you shoot me a PM with the MSI temp logs from around time you ran the uninstaller? 

My goal is to have Dell Data Security Uninstaller not freeze during removal of the software for you.

-Brian

L4 | Dell Data Security #IWork4Dell

Hi Brian,

I used that method in the past but that requires amending the settings for a particular device and then commit the new policies (repeat the process to reverse these settings).

The script runs with a system account and disables Cylance protection by stopping its services. I am running this script before launching Dell Uninstaller and selecting a key pair that has been previously downloaded.

My intention is to automate the whole process so that you only need to specify a passphrase from a key bundle (if we can sort out CmgAd.exe) and the program will do the rest.

Also, I could not find any documentation about CmgDecryptAgent.exe. Is it possible to decrypt a hard drive after having had removed everything (ATP, Encryption and Management agent)?

Thanks

@josebilbao 

 To confirm did you have Prevent Service Shutdown from Device enabled in policy? Just want to make sure that is what is causing the pause in DDS Uninstaller. 

From a ease of removal, you could create an admin defined group, and as you remove the product in your environment you could add devices to that group. 

Unfortunately the automation via key bundle won't be possible at this time, since CMGAD requires the UI to pass credentials through.  I will file an enhancement for this request. Could you private message me the total amount of endpoints (peak deployment) you had in your environment? This will help with prioritization. 

Regarding CmgDecryptAgent.exe. This service is installed as part of the removal process. During uninstall you have an option to install or not. You will need to install CmgDecryptAgent.exe to:

• Provide pass through rights to data encrypted with Common or User keys.
  • SDE Key will still have access as that data is released early in the boot cycle. 

-Brian 

L4 | Dell Endpoint Security #IWork4Dell

• Trigger a decryption sweep using the provided credentials. 
  • CmgDecryptAgent.exe gets removed after no encrypted files are left on the system during the next reboot cycle. 
  • Decryption sweep process can typically take from several hours to over a day. Depends on the amount of data encrypted. 

If you choose to not install CmgDecryptAgent.exe and need to decrypt, it won't be possible to decrypt until:

• Using CMGAU/CMGALU with the driver active to decrypt on-the-fly.
• Reinstall product and remove with decryption (CmgDecryptAgent.exe) agent. 

Hi Brian,

Yes, if I unchecked "Prevent Service Shutdown from Device", force a policy update and restart a device then the uninstall process starts/finishes OK.

To avoid making changes in the console (and committing policy changes each time) and save on restarting endpoints I have a script that automatically disables Cylance protection.

This line is used to remove the encryption and install the removal agent:

msiexec.exe /X { Encryption_IdentifyingNumber } CMG_DECRYPT=2 DA_KM_PATH="path_to_key" DA_KM_PW="passphrase" NOREBOOT /silent

I have previously downloaded a key bundle using CmgAd.exe and copied it in the same folder where the script is. All you have to do is specify the passphrase of they key and the program removes Prerequisites, Advance Threat Protection plugins, Advance Threat Protection (Cylance), Encryption and Management Agent (but the hard drive drive remains encrypted at next boot)

Thanks

@josebilbao 

I'm going to be limited on what I can help you further with on the automated removal process of Cylance using your current process as it is not supported by Cylance nor Dell. 

Back to your original question, since CMGAD doesn't have CLI interface, could you shoot me a private message with the amount of seats in your environment and your customer number (or order number from one of the licenses)? I will provide a tracking number you can reference moving forward for your enhancement request. 

-Brian

L4 | Dell Data Security #IWork4Dell

Thanks Brian, I have sent you a separate email

Hi @gurugi !

We have started hosting the Dell Encryption Administrative Utilities on support.dell.com to ensure that customers are more easily able to access these files.

You can find the latest version under the Drivers and Downloads section of Dell Encryption, here: Support for Dell Encryption | Drivers & Downloads | Dell US

Here's a direct link to the latest (10.9.0) Administrative Utilities: https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=mw0nk

And a link to the documentation for how to leverage these utilities, incase you need it or have any questions on syntax: Dell Encryption Admin Utilities

Let us know if you have any additional questions that we can help out with!

I hope your holidays are filled with cheer!