Encryption and decryption on macOS computers

The encryption process begins when the console administrator enables encryption in the settings profile associated with the target computer. For more information, see Encryption settings.

  • The Advanced EPDR agent installed on the selected computer receives settings from the encryption module. The settings establish the encryption of all internal storage devices installed.

  • A message appears on the user computer prompting them to enter administrator credentials. Encryption does not start until the user enters administrator credentials.

    The computer status is Encryption pending user action, as indicated on the computer details page. See Details section (3) and Computer notifications section (2)Details section (3)

  • When the encryption process is complete, a recovery key associated with the computer is generated. Advanced EDR stores the recovery key on the Cytomic servers.

Disabling encryption

  • In the management console, assign the computer a settings profile that has encryption disabled. For more information, see Encryption settings.

  • The Advanced EPDR agent installed on the selected computer receives settings from the encryption module. The settings establish the decryption of all internal storage devices installed.

  • A message appears on the user computer prompting them to enter administrator credentials. Decryption does not start until the user enters administrator credentials.

  • When the decryption process is complete, the recovery key associated with the computer and stored on the Cytomic servers is removed.

Encryption and decryption processes

You cannot stop or pause encryption or decryption processes. For example, if an encryption process is in progress and the computer receives a decryption task, the latter has to wait until the first process is complete.

Protection of the encryption settings on the user computer

  • If the user enables or disables FileVault manually on their computer, Cytomic Encryption prompts the user again for administrator credentials to restore the settings configured in the management console. If required, the recovery key is generated again.

  • If the user modifies or deletes the recovery key, Cytomic Encryption prompts the user again for administrator credentials and generates a new recovery key that replaces the original key on the Cytomic servers.

Accessing an encrypted computer without the recovery key

There are occasions when a user might try to access an encrypted computer without knowing the recovery key. This can be because the user lost the password to access their computer, there has been a change to the computer boot sequence, or the user wants to access the computer in recovery mode because the computer has had a failure.

In such cases, the computer login screen provides the user with the ID of the recovery key associated with the computer to contact the system administrator. There is a single key for the entire computer, regardless of the drives it has. See Obtaining a recovery key.