This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Bitlocker recovery keys not present

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Bitlocker recovery keys not present

Bruno_Alipio
L1 Bithead

‎08-10-2020 04:08 AM

Hello,

I wanted to check if someone can shed some light on this issue I had.

 

During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted the HDD (C:) and after the first reboot started asking for the bitlocker recovery key.

 

Now, the issue is that the key is not present on Active Directory and the user said that it got no other prompt to save the key on the endpoint. My question is that if XDR activated the bitlocker policy and if it was not able to save the recovery key, should it encrypt anyway? I now have a couple of workstations that have their disks encrypted and no way to rollback or unlock them.

 

Thanks in advance for any tips/help/comments.

3 REPLIES 3

dfalcon
L4 Transporter

‎08-10-2020 06:58 PM

Hi @Bruno_Alipio -

 

There are several pre-reqs that must be checked off before enabling an encryption policy.  They can be found here:  https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/harde...

 

Since you are having issues with decryption, it is best to contact Support for assistance.  


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
0 Likes Likes

Bruno_Alipio
L1 Bithead
In response to dfalcon

‎08-11-2020 01:52 AM

Hi @dfalcon, thanks for the feedback, I opened a case in support but unfortunately they where not able to help. I'm just trying to figure out the standard behavior if the prerequisites are not met. If the bitlocker process cant save the recovery keys to the AD, should it present a GUI to the user asking for USB/print/local file? Is there anyway that the XDR agent is enabling the bitlocker and asking for a silent process?
0 Likes Likes

gbagita
L1 Bithead
In response to dfalcon

‎12-09-2020 05:29 AM

Hi Dfalcon,

 

Is there a tool or some some log which can show, what prerequisites are not met? I have some PC's I think are compliant, but the Disk Encryption Visibility portal doesn't share my opinion. And I don't know what is the problem.

0 Likes Likes
  • 4856 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks