Introduction

What is ESET Endpoint Encryption (EEE)?

ESET Endpoint Encryption (EEE) is a feature-rich Windows data encryption utility capable of encrypting hard drives, folders, files, data and emails. Entire disks can also be encrypted using Full Disk Encryption or Removable Media Encryption (subject to appropriate product license).

Files can be encrypted individually or as the content of an encrypted folder, drive or compressed archive. Email messages can be encrypted directly from the Outlook plug-in or from the Windows Clipboard.

The ESET Endpoint Encryption Shredder provides secure drag-and-drop file deletion with the additional option to securely delete the contents of the recycle bin, temporary files, Internet Explorer history and other information with just a mouse click.

In a corporate environment, EEE can be managed using the ESET Endpoint Encryption Server software. This allows complete remote management of encryption features and policy for individual workstations and users. Encryption policy can be enforced, and encryption keys issued and revoked, keeping data secure and preventing loss and leakage of sensitive information.

EEE can also be used in stand-alone mode with all licensed features available to the user.

How does it work?

ESET Endpoint Encryption encrypts data using either an encryption key stored in a secure Key-File or a user-generated password or passphrase. Encryption keys are used in conjunction with trusted industry-standard encryption algorithms to encrypt the data to be secured. Encryption keys are unique so data encrypted with a specific key can only be decrypted with that same key.

Up to 64 different encryption keys can be generated, stored and available when the user is logged into EEE with a defined password or phrase. The number of stored keys depends on the product license type.

Encryption keys can easily be issued and transferred securely between EEE users using a public/private key exchange process without restriction on the number of users. This enables encrypted data to be accessed and shared by multiple users, provided they have the appropriate encryption key.

The generation and management of encryption keys is controlled using protected settings within the user Key-File. Encryption keys can be generated, shared and backed up by the user. Unique and patented key propagation methods enable to control the range and scope of key sharing within a workgroup.

The EEE software has many industry accreditations and approvals and also incorporates a FIPS 140-2 certified cryptographic core which uses the highly secure 256-bit AES algorithm for encrypting data.

ESET Endpoint Encryption user types

There are two main types of ESET Endpoint Encryption users:

Managed User - the user under the full control of an Administrator. The Administrator controls which EEE functions the user has access to and can impose a wide range of operational policies onto that user. A Managed User may not have access to all the functions described in this manual.

Stand-alone User - the user has full control of all the EEE options, features and usages depending on the purchased license type (Standard or Pro).

 

Operating System Requirements

Client OS

Windows 7 SP1 (requires KB4474419)

Windows 8

Windows 8.1

Windows 10

Windows 11

Server OS

Windows Server 2008 R2 (requires KB4474419)

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

Windows Server 2022

 

Other requirements:

Windows XP and Server 2003 are no longer supported from ESET Endpoint Encryption 5.0.8.4.

Windows Vista and Server 2008 are no longer supported from ESET Endpoint Encryption 5.1.0.9.

Full Disk Encryption is not supported on dual-boot or software RAID systems.

ESET Endpoint Encryption can be used in a virtual machine environment on a PC or Mac. Hypervisors that we tested succesfully include VMWare Workstaion v9.0.4 for Windows, Parallels Desktop v10.2.1 for Mac OS X and VMWare Fusion v8.1 for Mac OS X.

Use of the Outlook email encryption add-in requires Outlook 2003 and later.

RT editions of Windows are not compatible.

Full Disk Encryption is not compatible with Apple Mac systems using Apple Boot Camp to software to dual-boot Windows and OSX.


important

IMPORTANT

Installing ESET Endpoint Encryption on a machine which has Terminal Services installed, MUST be installed from the Add/ Remove Programs applet in the Control Panel. Failure to do this will result in EEE not working

Encryption Algorithms

ESET Endpoint Encryption supports three algorithms to perform encryption of granular data, such as files and folders. The Key Generation Wizard enables the algorithm type to be selected from the following.

3DES

3DES (Triple DES) is a variant form of the DES (Data Encryption Standard) algorithm, originally developed by IBM in 1974. 3DES uses 256-bit keys, giving an effective key length of 112 bits, and performs DES encryption on the data three times using these keys.

Blowfish

The Blowfish algorithm was developed in 1993 by Bruce Schneier, President of a consulting firm specializing in computer security and author of Applied Cryptography. Blowfish is a 64-bit block cipher with a single 128-bit encryption key.

AES

AES (Advanced Encryption Standard) was developed to replace DES as a new encryption standard. Rijndael was accepted as the AES algorithm on October 2, 2000. The Rijndael algorithm was developed by Joan Daemen and Vincent Rijmen, Belgian cryptographers who gained PhDs at the computer security and industrial cryptography labs at Universiteit Leuven. ESET Endpoint Encryption supports AES with a key length of up to 256 bits.

Key Exchange Algorithm

ESET Endpoint Encryption also uses the RSA algorithm and Public Key cryptography techniques for all key transfer operations. This enables encryption keys to be securely transferred even via insecure communication channels e.g., the Internet.

RSA

The RSA asymmetric algorithm was named after Ronald Rivest, Adi Shamir and Leonard Adelman, Computer Science researchers at the Massachusetts Institute of Technology, who developed and patented the algorithm in 1977.

Full Disk Encryption

Full Disk Encryption uses a FIPS 140-2 certified AES 256-bit algorithm.