Bitlocker recovery keys not present

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Bitlocker recovery keys not present

L1 Bithead

Hello,

I wanted to check if someone can shed some light on this issue I had.

 

During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted the HDD (C:) and after the first reboot started asking for the bitlocker recovery key.

 

Now, the issue is that the key is not present on Active Directory and the user said that it got no other prompt to save the key on the endpoint. My question is that if XDR activated the bitlocker policy and if it was not able to save the recovery key, should it encrypt anyway? I now have a couple of workstations that have their disks encrypted and no way to rollback or unlock them.

 

Thanks in advance for any tips/help/comments.

3 REPLIES 3

L4 Transporter

Hi @Bruno_Alipio -

 

There are several pre-reqs that must be checked off before enabling an encryption policy.  They can be found here:  https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/harde...

 

Since you are having issues with decryption, it is best to contact Support for assistance.  


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Hi @dfalcon, thanks for the feedback, I opened a case in support but unfortunately they where not able to help. I'm just trying to figure out the standard behavior if the prerequisites are not met. If the bitlocker process cant save the recovery keys to the AD, should it present a GUI to the user asking for USB/print/local file? Is there anyway that the XDR agent is enabling the bitlocker and asking for a silent process?

Hi Dfalcon,

 

Is there a tool or some some log which can show, what prerequisites are not met? I have some PC's I think are compliant, but the Disk Encryption Visibility portal doesn't share my opinion. And I don't know what is the problem.

  • 4853 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!