Skip to main content


Using Volume Encryption

The Volume Encryption module provides full disk encryption on your Windows system through policies applied by your security administrator.

Encrypting your system

When an encryption policy is applied to your Windows system:

  1. A configuration window prompts you to enter either:

    • A personal identification number (PIN) if the system has a Trusted Platform Module (TPM) chip (like newer laptops).


      If your system has a functional TPM, your security administrator can configure such a policy that encrypts the volumes automatically, without requiring PIN.

    • A password if the system does not have a Trusted Platform Module (TPM) chip. The password is also required when the TPM is not functional or detected by Bitdefender Endpoint Security Tools.

  2. Click the Save button. The encryption process starts immediately, first on the boot volume.

    You can postpone encryption by clicking Dismiss. However, the window will reappear after a while, prompting you to configure an encryption PIN or password.

You need a single PIN or password to encrypt all volumes, boot, and non-boot, on fixed disks, on desktop systems, and laptops. Removable disks are not encrypted. For details about configuring the encryption PIN or password, refer to GravityZone Full Disk Encryption FAQ.

After encryption, you may have to enter the PIN or the password each time Windows starts, in a pre-boot authentication screen, depending on the security policy applied to your system.

If you forget the encryption PIN or password, contact your security administrator.

Decrypting your system

When a decryption policy is applied, the encrypted disks are automatically decrypted, without requiring any input from you. However, you cannot decrypt the system on your own, as long as an encryption policy is active.

Checking the encryption status

This is how you check the encryption status on your system:

  1. In the system tray, double-click the B_icon.PNG icon to access the Bitdefender Endpoint Security Tools user interface.

  2. In the upper-right corner, click the Modules_icon.PNG button to open the Modules window.

  3. Go to the Volume Encryption section, where you can view which volumes are encrypted and which are not.


Changing the encryption PIN or password

This is how you change the encryption PIN or password:

  1. Click the encrypted disk name in the main window of Bitdefender Endpoint Security Tools user interface.

  2. Click the Change password option.

  3. In the configuration window, enter the new PIN or password.

  4. Click the Save button.