IBM File and Folder Encryption Version 2.1 |
This file contains the latest information about the IBM(R) Client Security File and Folder Encryption (FFE) utility. The FFE utility provides a powerful way to protect the files and folders stored on your computer. Before using the FFE utility, it is important to understand the protection capabilities provided by the product and any limitations.
IBM Client Security Software Release 5.3 or later on TPM systems
The FFE utility is fully compatible with the IBM Rescue and Recovery program.
When a file is copied from a protected folder into an unprotected folder, the file is automatically decrypted. Likewise, when a file is copied from an unprotected folder into a protected folder, the file is automatically encrypted.
FFE incompatibility with hot-swappable hard disk drives
In certain cases on computers running FFE, hard disk drives that are hot-added (i.e. inserted while Windows is running) might not be properly recognized, and might appear to Windows as being unformatted. To correct this, reboot the computer with the hard drive connected to the computer. To allow for proper use of hot-added hard disk drives, ensure that the file system (i.e. FAT32 or NTFS) on drive C: and the partitions on your hot-added hard disk drive are the same.
File count after right-click encryption
When attempting to encrypt multiple files using the right-click encryption function, the operation might fail if any of the files being encrypted are of a prohibited type, such as DLL, VxD, SYS, etc. When the right-click operation fails, the number of files not encrypted displayed in the error window might be incorrect.
The File and Folder Encryption or Password Manager utilities do not permit access to a guest user even though the guest user account is displayed in the Administrator Utility.
The File and Folder Encryption (FFE) utility counts the files that are encrypted. It also counts files that are not encrypted because they have prohibited file extensions. When a file is not encrypted, the FFE utility counts it twice in the summary of Files Not Encrypted.
IBM Rapid Restore PC and IBM Rapid Restore Ultra are backup and restore applications that protect users from data loss due to an operating-system failure. The Client Security File and Folder Encryption utility is not compatible with either of these applications. These applications are not supported when installed on the same computer. FFE is compatible with IBM Rapid Restore Ultra 4.0 and later.
Important: Data loss is likely if files and folders protected by FFE are backed-up up with IBM Rapid Restore PC or IBM Rapid Restore Ultra 3.0 or earlier.
MS Office files in protected folders might not be decrypted correctly when Grisoft AVG anti-virus software is installed. To resolve the issue, disable "Check Macro Viruses" in the AVG Control Center application on AVG version 6.x, and disable "Scan Documents" of the "AVG Resident Shield" in the AVG Control Center application on AVG version 7.x.
Do not disable FFE without first decrypting any files or folders that were protected with FFE. If any FFE-encrypted files or folders are renamed after FFE is disabled, the seed data required for unprotecting the files or folders will be lost.
In addition to FFE, IBM Client Security Software also provides the ability to protect individual files with the right-click encryption function. Users should not copy files protected by the right-click encryption function into protected folders. If files protected by the right-click encryption function are copied into FFE-protected folders, data loss might occur. Do not perform any right-click encryption operation while protecting or unprotecting with FFE.
The IBM FFE utility does not support:
If you attempt to perform either of these unsupported Move operations, an Access Denied message will be displayed by the operating system. This message is normal and simply provides notification that this Move operation is not supported. If you attempt to move an unprotected folder into a protected folder, an empty folder is created in the protected location, but then an Access Denied message is displayed.
As an alternative to using a Move operation, do the following:
To ensure that no sensitive files or folders are left unencrypted in the Recycle Bin, you should use the Shift+Del key combination to delete protected files and folders. The Shift+Del key sequence performs an unconditional delete operation and does not attempt to put deleted files in the Recycle Bin.
IBM File and Folder Encryption (FFE) and the Microsoft Encrypted File System (EFS) provide similar but different file encryption functions. Unexpected results might occur if EFS-protected files are copied into FFE-protected folders. Do not use both solutions on the same system.
When using a command prompt, you might experience problems changing the active directory to a protected subfolder. It is best to use Microsoft(R) Windows(R) Explorer to access protected folders and subfolders.
The Client Security File and Folder Encryption utility does not support applications that are dependent on short file names, for example when the long file name longfilename.txt gets abbreviated to the short file name of longfi~1.txt.
When you attempt to protect a folder using the IBM FFE utility or attempt to copy a file or folder from an unprotected folder to a protected folder, you might receive a One or more path names are too long message from the FFE utility. If you receive this message, you have one or more files or folders that have a path that exceeds the maximum character-length allowed. To correct the problem, either rearrange the folder structure to shorten its depth or shorten some folder or file names.
You might encounter this problem even if your displayed path name is shorter than the operating system-specific character limitation. That is because each file and folder that is protected by FFE has eight characters appended to its file or folder name, beginning at the protected folder and extending onward in the protected path. These characters are not visible in normal operation, but these characters count toward the maximum path length. For this reason, it is best to keep all protected folders as close to the root as possible.
When a folder is protected or unprotected using Microsoft Explorer, the folder might temporarily disappear from the display. During this process, all protected files and folders are temporarily locked. To display the folder, refresh Explorer. If you try to access a protected file or folder while protecting or unprotecting a file or folder, an Access Denied message will be displayed.
You can use the IBM FFE utility to encrypt or decrypt files and folders on the C drive only. The IBM FFE utility does not support encryption on any other hard-disk partition or physical drive.
The IBM FFE utility does not support running applications from a protected folder. For example, if you have an executable named PROGRAM.EXE, you cannot run that application from a protected folder.
If you attempt to protect a folder and receive a message stating that The folder cannot be protected. One or more files may be in use, log off and then log onto FFE. If this does not solve the problem, verify the following:
CSS might request a passphrase after the security chip has been disabled. Click Cancel to proceed.
Before you uninstall the IBM FFE utility, make sure you complete the following tasks: