Skip to main content

Using Encryption

The Full Disk Encryption module provides encryption for your Windows system through policies applied by your security administrator.

Encrypting your system

When an encryption policy is applied to your Windows system:

  1. A configuration window prompts you to enter either:

    • A personal identification number (PIN), if the system has a Trusted Platform Module (TPM) chip (applicable for newer devices).

      best_encryption_pin.png

      Note

      If your system has a functional TPM, your security administrator can configure a policy that encrypts the volumes automatically, without requiring a PIN.

    • A password, if the system does not have a Trusted Platform Module (TPM) chip. The password is also required when the TPM is not functional or not detected by Bitdefender Endpoint Security Tools.

      best_encryption_password.png

      Note

      The password must be compliant with the settings set by your administrator.

  2. Click the Save button. The encryption process starts immediately, with the boot volume.

    You can postpone encryption by clicking Cancel. However, the window will appear again after a set period of time, prompting you to configure an encryption PIN or password.

You need a single PIN or password to encrypt all volumes (boot and non-boot), on fixed disks, on desktop systems, and laptops. Removable disks are not encrypted. For details about configuring the encryption PIN or password, refer to GravityZone Full Disk Encryption FAQ.

After encryption, depending on the security policy applied to your system, you may have to enter the PIN or the password in a pre-boot authentication screen each time Windows starts.

If you forget the encryption PIN or password, you must contact your security administrator.

Decrypting your system

When a decryption policy is applied, the encrypted disks are automatically decrypted, without requiring any other input. However, you cannot decrypt the system on your own, as long as an encryption policy is active.

Checking the encryption status

To check the encryption status of your system, follow these steps:

  1. In the system tray, double-click the best_tray_icon.png icon to access the main window of BEST.

  2. On the Overview page, scroll to the Modules area.

  3. Go to the Encryption section, where you can view the encryption status.

Changing the encryption PIN or password

To change the encryption PIN or password, follow these steps:

  1. In the system tray, double-click the best_tray_icon.png icon to access the main window of BEST.

  2. On the Overview page, scroll to the Modules area.

  3. Go to the Encryption section.

    best_encryption_status.png

  4. Click Change PIN or Change password.

  5. Once you've set your pin or password, click Save.

In this section: