I wanted to check if someone can shed some light on this issue I had.
During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted the HDD (C:) and after the first reboot started asking for the bitlocker recovery key.
Now, the issue is that the key is not present on Active Directory and the user said that it got no other prompt to save the key on the endpoint. My question is that if XDR activated the bitlocker policy and if it was not able to save the recovery key, should it encrypt anyway? I now have a couple of workstations that have their disks encrypted and no way to rollback or unlock them.
Thanks in advance for any tips/help/comments.
Hi @Bruno_Alipio -
There are several pre-reqs that must be checked off before enabling an encryption policy. They can be found here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/harde...
Since you are having issues with decryption, it is best to contact Support for assistance.
Is there a tool or some some log which can show, what prerequisites are not met? I have some PC's I think are compliant, but the Disk Encryption Visibility portal doesn't share my opinion. And I don't know what is the problem.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!