Encryption options

Full Disk Encryption Mode

• Enable Encryption—This setting enables/disables the encryption on the device. If a policy with the Disabled setting is applied to an encrypted workstation, it will be decrypted.

• Encrypt used space only—This option encrypts/decrypts only the disk space containing data. This option is only available for ESET Full Disk Encryption 2.1 and later on supported computers.

• Time before user is reprompted to perform encryption setup action (hours)—The maximum value is 24 hours. Defines the interval in hours how often is user prompted to setup the encryption password on his workstation.

• Encrypt Options:

oEncrypt All Disks—Encrypts all physical disks on the workstation. External HDD and USB drives are not affected.

oEncrypt Boot Disk Only—Encrypts only the physical disk that is used as a current Windows boot drive.

• Enable single sign-on—This setting enables/disables single sign-on (SSO) for the user´s computer. This option is only available for ESET Full Disk Encryption 2.0 and later on supported computers.

• Disable FDE Authentication—This setting enables/disables the pre-boot password authentication requirement for the workstation.

Trusted Platform Module (TMP) Support

Policy setting	Supported on OS	Description
Use TPM		Enabling the use of TPM will initialize and take ownership of the Trusted Platform Module (TPM). It is your responsibility to ensure that the TPM is not being used by any other software, as this can result in data loss.
TPM Mode		•Use TPM if possible - Encryption process will attempt to use TPM for the encryption. If the TPM version is not supported or not present, encryption will continue without TPM. •Must use TPM - Encryption requires TPM. If TPM is not present or running an unsupported version, the encryption will fail to start.

Policy setting

Supported on OS

Description

Use TPM

Enabling the use of TPM will initialize and take ownership of the Trusted Platform Module (TPM). It is your responsibility to ensure that the TPM is not being used by any other software, as this can result in data loss.

TPM Mode

•Use TPM if possible - Encryption process will attempt to use TPM for the encryption. If the TPM version is not supported or not present, encryption will continue without TPM.

•Must use TPM - Encryption requires TPM. If TPM is not present or running an unsupported version, the encryption will fail to start.

From version 1.2.4, ESET Full Disk Encryption does not clear the TPM before use.

TPM version 2.0 is required.

OPAL Self-Encrypting Drive Support

Policy setting	Supported on OS	Description
Use Opal		If enabled, encryption will be performed using OPAL encryption support. This is a disk's hardware functionality.
Opal Mode		•Use Opal if possible - Encryption process will attempt to use OPAL hardware encryption support for the encryption. If OPAL version is not supported or OPAL encryption support is not present, encryption will continue without OPAL. •Must use Opal - Encryption requires OPAL. If OPAL is not present or it is running in an unsupported version, the encryption will fail to start.

Policy setting

Supported on OS

Description

Use Opal

If enabled, encryption will be performed using OPAL encryption support. This is a disk's hardware functionality.

Opal Mode

•Use Opal if possible - Encryption process will attempt to use OPAL hardware encryption support for the encryption. If OPAL version is not supported or OPAL encryption support is not present, encryption will continue without OPAL.

•Must use Opal - Encryption requires OPAL. If OPAL is not present or it is running in an unsupported version, the encryption will fail to start.

˄˅