Skip to main content

Using Volume Encryption

The Volume Encryption module provides full disk encryption of your Windows system through policies applied by your security administrator.

Encrypting your system

When an encryption policy is applied to your Windows system:

  1. A configuration window prompts you to enter either:

    • A personal identification number (PIN), if the system has a Trusted Platform Module (TPM) chip (applicable for newer laptops).


      If your system has a functional TPM, your security administrator can configure a policy that encrypts the volumes automatically, without requiring a PIN.

    • A password, if the system does not have a Trusted Platform Module (TPM) chip. The password is also required when the TPM is not functional or not detected by Bitdefender Endpoint Security Tools.

  2. Click the Save button. The encryption process starts immediately, with the boot volume.

    You can postpone encryption by clicking Dismiss. However, the window will appear again after a set period of time, prompting you to configure an encryption PIN or password.

You need a single PIN or password to encrypt all volumes (boot and non-boot), on fixed disks, on desktop systems, and laptops. Removable disks are not encrypted. For details about configuring the encryption PIN or password, refer to GravityZone Full Disk Encryption FAQ.

After encryption, depending on the security policy applied to your system, you may have to enter the PIN or the password in a pre-boot authentication screen each time Windows starts.

If you forget the encryption PIN or password, contact your security administrator.

Decrypting your system

When a decryption policy is applied, the encrypted disks are automatically decrypted, without requiring any other input. However, you cannot decrypt the system on your own, as long as an encryption policy is active.

Checking the encryption status

Follow these steps to check the encryption status of your system:

  1. In the system tray, double-click the B_icon.PNG icon to access the main window of BEST.

  2. In the upper-right corner, click the Modules_icon.PNG button to open the Modules window.

  3. Go to the Volume Encryption section, where you can view which volumes are encrypted and which are not.


Changing the encryption PIN or password

Follow these steps to change the encryption PIN or password:

  1. Click the encrypted disk name in the main window of BEST.

  2. Click the Change password option.

  3. In the configuration window, enter the new PIN or password.

  4. Click the Save button.