System Data Encryption Issues with Applications using Microsoft Shadow Copy
Summary: Applications that are SDE encrypted and use Microsoft's Shadow Copy to create a virtual snapshot of a volume (hard drive) are not supported.
Symptoms
Affected Products:
- Dell Encryption
- Dell Data Protection | Encryption
Affected Versions:
- v7.0 and Later
Microsoft Shadow Copy, which first became available with Microsoft Vista, may move all the files on a single volume to a virtual version of the volume. The Shadow Copy driver works below the level of the Dell Data Protection | Encryption Enterprise driver, which means Shadow Copy can successfully move both encrypted files and any special files that track the state of each encrypted file (CredDB.CEF files) if they are on the same volume.
SDE encryption ties the key files to specific hardware and operating system and then places the key files on a different volume from the encrypted files.
When Shadow Copy creates a virtual snapshot of a volume with SDE-encrypted files, only the encrypted files are moved. This renders the SDE-encrypted files inaccessible on the virtual volume because it cannot find the key files.
An essential feature of SDE protection is that the data, and the key files in particular, are tied to specific hardware and operating system. Allowing Shadow Copy to move the key files would violate SDE encryption protection. As a result, Dell Encryption (formerly Dell Data Protection | Encryption) does not support applications that use the Microsoft Shadow Copy service for volumes using SDE protection.
Cause
Not Applicable
Resolution
There are no plans to support this.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.