DriveLock Disk Protection

Windows Inplace Upgrade

If you have enabled a certain number of automatic logins for the PBA (dlfdecmd ENABLEAUTOLOGON <n>) before updating to a current Windows 10 version, the automatic logon is active throughout the upgrade process. However, since the <n> counter cannot be updated during the process, we recommend that you just set it to 1 so that after upgrading, after another reboot, there is only one automatic login followed by another user login to the PBA.

Antivirus software

Antivirus protection software may cause the DriveLock Disk Protection installation to fail if the antivirus software quarantines files in the hidden C:\SECURDSK folder. If this occurs, please disable your antivirus protection for the duration of the Disk Protection installation. We recommend that you configure your virus scanner with an exception for the folder.

Application Control

We strongly recommend that you disable Application Control as long as it is active in whitelist mode for the duration of the Disk Protection installation to prevent programs required for the installation from being blocked.

Hibernation

Hibernation will not work while a disk is encrypted or decrypted. After complete encryption or decryption windows has to be restarted once to make hibernate work again.

UEFI mode

Not all hardware vendors implement the complete UEFI functionality. You should not use the UEFI mode with UEFI versions lower than 2.3.1.

  • The PBA provided by version 2019.2 is only available for Windows 10 systems, because the driver signatures from Microsoft required for the hard disk encryption components are only valid for this operating system.

  • The PBA for UEFI mode may cause issues with PS/2 input devices (e.g. built-in keyboards).

  • With VMWare Workstation 15 and also with a few hardware manufacturers, our test results revealed conflicts with mouse and keyboard drivers of the UEFI firmware, so that keyboard input in the PBA is not possible. By pressing the "k" key, you can prevent the Drivelock PBA drivers from loading once when starting the computer. After logging in to Windows on the client, you can then run the dlsetpb /disablekbddrivers command in an administrator command line to permanently disable the Drivelock PBA keyboard drivers. Be aware that the standard keyboard layout of the firmware is loaded in the PBA login mask, which usually is an EN-US layout, so special characters may differ.

    Introducing the combined driver as of version 2020.1 solves the issue on some systems (including VM Ware Workstation 15).

    For more information on hotkeys and function keys, see the corresponding chapter in the BitLocker Management documentation at DriveLock Online Help.

Note the following information:

  • DriveLock 7.6.6 and higher supports UEFI Secure Boot.
  • If you update the firmware, the NVRAM variables on the mainboard that DriveLock requires may be deleted. We strongly recommend that you install the firmware updates for the mainboard /UEFI before installing DriveLock PBA / FDE ( this also applies to recently purchased devices or to bug fixes).
  • A 32 bit Windows operating system or 32 bit DriveLock cannot be installed on 64 bit capable hardware. Please use a 64 bit version of a Windows operating system and DriveLock instead.
  • There is still a limitation to disks up to a maximum of 2 TB disk size.
  • Some HP computers always have Windows in position 1 of the UEFI boot order and the DriveLock PBA has to be selected manually in the UEFI boot menu. In this case fast boot has to be switched off in UEFI to keep the DriveLock PBA at position one.

BIOS mode

On a small number of computer models the default DriveLock Disk Protection pre-boot environment configuration may not work correctly and cause the computer to become unresponsive. If this occurs turn off the computer and restart it while pressing the SHIFT-Taste key. When prompted select the option to use the 16-bit pre-boot operating environment.

Due to an issue in Windows 10 Version 1709 and newer, DriveLock Disk Protection for BIOS cannot identify the correct disk if more than one hard disk is connected to the system. Therefore Disk Protection for BIOS is not yet released for Windows 10 1709 systems with more than one hard disk attached until Microsoft provides a fix for this issue.

An additional technical whitepaper with information on updating to a newer Windows version with DriveLock Disk Protection installed is available for customers in our Support Portal.

Workaround for Windows Update from 1709 to 1903 while encrypting drive C: with Disk Protection:

Reference: EI-686)

  1. Decrypt drive C:
  2. Update Windows 10 from 1709 to 1903
  3. Encrypt drive C:

Requirements for Disk Protection:

Disk Protection is not supported for Windows 7 on UEFI systems.

Restart after installation of PBA on Toshiba PORTEGE Z930:

Reference: EI-751)

After activating Disk Protection with PBA and restarting the above-mentioned notebooks, Windows cannot be started and so the notebook cannot be encrypted. Our team is working on a solution.

Workaround for DriveLock update from 7.7.x with Disk Protection with PBA enabled to version 2019.2 or newer

First, update from 7.7.x to version 7.9.x. Only then do you update to version 2019.2. Please contact our support for further questions.