Loading...

Knowledge Center

Certificate requirements for File and Removable Media Protection
Technical Articles ID:   KB79286
Last Modified:  5/21/2019
Rated:

Environment

McAfee File and Removable Media Protection (FRP) 5.x, 4.3.x
McAfee Removable Media Protection (offsite access options) 5.x, 4.3.x

For details of FRP supported environments, see KB81149.
 

Summary

The certificate must comply with the x509 v3 standard, and in particular, a certificate to be used with FRP must be valid (not expired or revoked) and must have Key Encipherment as the key usage. For more information about certificate standards, see http://www.ietf.org/.

IMPORTANT: Do not create a Windows 2008-based certificate, only Windows 2003-based certificates work with removable media encryption.
 

Certificate Usage for FRP
The Certificate to be used for FRP can be a smart card/token and must be stored in the certificate manager (certmgr.msc) on the local system. If the certificate is either present on the network or a USB device, the user has to import it to certmgr.msc (on the local system) to be able to use the certificate. The available certificates can be viewed in the Certificate Store.

Solution

Using Certificates for FRP Authentication and Recovery
A user can use the available certificates for FRP for Authentication and Recovery.

NOTE: The options Authentication Certificate and Recovery Certificate are available depending on the removable media policy settings set by the ePolicy Orchestrator (ePO) administrator.
 
FRP Certificate Options Description
Authentication through certificate 
User can access the FRP protected area of the removable media only on systems having the certificate.
Recovery through certificate
User can recover the FRP device through certificate recovery only on systems having the certificate.
 

To initialize the removable media device for FRP protection with certificate authentication and certificate recovery:

  1. At the client, insert the removable media device.
  2. Click Yes when prompted to initialize the removable media device.
  3. On the initialization window, under the Authentication group, select Authentication certificate. All available certificates are listed in the Certificate drop-down list.
  4. Select a certificate to be used for authentication.
  5. Under the Recovery group, select Recovery certificate. All available certificates are listed in the Certificate drop-down list.
  6. Select a certificate to be used for FRP recovery.

    IMPORTANT: Certificate used for FRP Recovery cannot be the same as the one selected for FRP Authentication.
     
  7. Click the Initialize option to initialize the removable media device for FRP protection.

Solution

Using Certificates for FRP User Local Keys Authentication
A user can use the issued certificate for FRP user local keys authentication. The user local keys options are available depending on the user based policy (UBP) settings set by the ePO administrator.

A user is able to use user local keys options and access the user local keys only when the certificate that was set as the mode of authentication for user local keys is available.

To set certificate authentication for user local keys:
  1. On the Create Local Key wizard window, click Next.
  2. Select the desired volume from the drop-down list, then click Next.
  3. Select the Certificate protected option, then click Next.
  4. From the available list of certificates, select the desired certificate to be used as authentication for user local keys, then click Next.
  5. Provide a name for the user local key to be generated, then click Next.
  6. Click Next, then Finish.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.