For example, to run the Windows utility Check Disk, open a command prompt and run chkdsk /f /r. Windows will perform Check Disk on the next restart.
If bad sectors are found, fix or replace the hard drive depending on your enterprise hardware policy.
If the User Account Control windows displays, click Yes to allow the installer to make changes to the Endpoint Encryption device.
Specify the PolicyServer IP address, host name, or FQDN and include the port number assigned to that configuration.
Specify the Enterprise. Only one Enterprise is supported.
Specify the user name of an account with permission to add devices to the Enterprise.
Specify the password for the user name.
Encryption Management for Microsoft BitLocker installation begins. After a moment, the installation completes and the installer closes.
For information about understanding and managing the Endpoint Encryption agent, see the Endpoint Encryption Administrator's Guide.
Encryption Management for Microsoft Bitlocker requires separate boot and system partitions on the local endpoint. On Microsoft Windows 7 and later versions, a system partition and a boot partition are both typically created during the installation process. If you attempt to install or upgrade Encryption Management for Microsoft Bitlocker and receive an error regarding system and boot partitions, you may need to create a system partition.
Perform the following procedure to check whether the endpoint has separate boot and system partitions. If the endpoint does not have separate partitions, this procedure also shows how to use BitLocker Drive Encryption to create a system partition.
The following is an example of an endpoint that contains separate system and boot partitions:
If you attempted to install or upgrade Encryption Management for Microsoft Bitlocker and received an error regarding system and boot partitions, check Computer Management. If you find that you already have separate system and boot partitions, do not continue this task. Contact Trend Micro Support.
The following is an example of an endpoint that contains a combined system and boot partition:
If your system and boot partitions are both in the same disk, continue the rest of this procedure.
This step is only necessary if you were attempting to upgrade Encryption Management for Microsoft BitLocker to a newer version.
The following steps include using BitLocker to change the structure of your primary drive. Any changes to system structure may result in errors. Trend Micro strongly recommends backing up important files before continuing.
The BitLocker Drive Encryption window appears.
Creating the system partition may take a long time depending upon the drive size.
After restarting your endpoint, BitLocker will display the following screen:
BitLocker will request that you back up your recovery key.
Endpoint Encryption will create a recovery key during the encryption process, so backing up the recovery key at this point is unnecessary.
The system partition has been created.
At this point you may re-install the Encryption Management for Microsoft BitLocker agent.
After installing Encryption Management for Apple FileVault and restarting the endpoint, Apple FileVault attempts to encrypt the disk.
If the password specified during installation did not match the specified user account, the following window appears:
For endpoints with hard drives not using APFS (Apple File System), restart the endpoint again after specifying the correct password. If the password was the issue, Apple FileVault encrypts the endpoint after restarting.
For endpoints running Mac OS High Sierra (10.13) with SSDs using APFS, a restart is not required. Apple FileVault encrypts the endpoint after specifying the correct password.
If this problem persists, or if the encryption status displays that the endpoint is not encrypting, then another issue is restricting Apple FileVault functionality. Do the following procedure to determine the location of the issue and whether to send the issue to Trend Micro Support.
A window appears that asks for your password.
If your user account has permission to turn on FileVault, your credentials are correct, and FileVault is working properly, FileVault begins encrypting the disk.