CLOUD SOLUTIONS

Troubleshooting

Full Disk Encryption on Microsoft Surface devices

This section describes how to troubleshoot Full Disk Encryption on Microsoft Surface devices.

Full Disk Encryption is a GravityZone feature designed to keep safe your sensitive data by providing central management of Windows BitLocker and macOS FileVault and diskutil.

Issue

When Full Disk Encryption is enabled on Microsoft Surface devices, the users may be repeatedly prompted to enter a PIN to start the encryption process. In this case, the PIN is not saved and the drives are not encrypted.

Solution

To address this issue, you have to enable BitLocker authentication for devices that lack keyboards in the preboot environment (such as tablets), in the Policy Group settings:

  1. Open the Search box and execute gpedit.msc. The Local Group Policy Editor window shows up.

  2. Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

  3. Click to edit the setting Enable use of BitLocker authentication requiring preboot keyboard input on slates.

  4. Select Enabled, click Apply, then click OK.

Additional information about Full Disk Encryption in GravityZone is available here.GravityZone Full Disk Encryption

Allow full disk access to Bitdefender Endpoint Security for Mac in macOS Mojave (10.14) and later

Starting with macOS Mojave (10.14), Apple has introduced certain privacy protections that by default block applications’ access to specific system application folders and resources, such as Mail, Messages, Safari, Time Machine backups.

In order for Endpoint Security for Mac to scan such protected folders, the user must allow full disk access for the BDLDaemon or BDLDaemon.app, and Endpoint Security for Mac application files. The Endpoint Security for Mac user interface will show a critical issue until access is granted.

Issue

On systems running macOS Mojave (10.14), the Endpoint Security for Mac user interface displays a critical issue prompting the user to add the following application files to the Full Disk Access list in the Security & Privacy > Privacy.

On macOS Mojave (10.14) and Catalina (10.15), the following files require full disk access:

  • BDLDaemon

  • EndpointSecurityforMac.app

On macOS Big Sur (11.x), the following files require full disk access:

  • BDLDaemon.app

  • EndpointSecurityforMac.app

Note

In case of a network with various macOS versions, it is recommended to allow all BDLDaemon, BDLDaemon.app, and EndpointSecurityforMac.app files.

The path to these files is /Library/Bitdefender/AVP.

Solution

To allow full disk access to the Endpoint Security for Mac files and fix the issue:

  1. In the View Issues window, click the Open Privacy button to go to the Security & Privacy window > Privacy tab > Full Disk Access folder.

  2. Click the lock to make changes and enter an administrator password.

  3. Click the + button to manually add the EndpointSecurityforMac.app, BDLDaemon and BDLDaemon.app files to the Full Disk Access list.

    15446_2.png

Note

  • The above steps apply for Endpoint Security for Mac 4.4.85.179550 and later.

  • To be fully functional, Endpoint Security for Mac also requires kernel extension approval in macOS High Sierra (10.13), Mojave (10.14), and Catalina (10.15). For details, refer to this topic.

  • In macOS Big Sur (11.x), Apple replaced kernel extensions with a new generation of system extensions. To accommodate this change, Endpoint Security for Mac requires additional approvals from users. For details, refer to this topic.Changes to Bitdefender Endpoint Security for Mac in macOS Big Sur

  • For details on how to configure Jamf Pro for macOS Big Sur 11.0 and later, including system extensions, traffic proxy and full disk access, refer to this topic.