Guardian Edge 8.7 upgrade saga

Recently I decided to look at upgrading our Guardian Edge Hard Disk Encryption to version 8.7. I was hoping it would resolve some of the flakiness with the version we currently have deployed.
What I found instead was more flakiness and tech support that I’m pretty sure must be sent through the babelfish before it sent to me.
One of the first things I ran into is that when upgrading you need to copy the old installation MSIs into the new installation directory. I sent Guardian Edge support an email and asked them:

  • Why are the old files needed?
  • Isn’t it normal for a MSI install to keep the installation files cached locally for repair and/or uninstall
  • Isn’t it normal if the original install files are needed and they aren’t cached locally to silently check the original install source?
  • Isn’t it normally to then prompt the user for the needed files rather than exiting the install with a “file not found” error
  • If some clients are on 8.2.4 and others are on 8.5 and I’m upgrading to 8.7 can I just put the 8.5 install files in the directory or do I need to make a separate install package for upgrading from 8.2.4 (since 8.2.4 and 8.5 install files use the same name.

Which one of these questions was answered by support? If you answered not a one, you are correct.
Next I ran into a couple of strange issues. On a few XP computers, the Guardian Edge Framework upgraded to 8.7 but the Guardian Edge Hard Disk did not upgrade.
On my Vista computer, it would not install at all. I opened a ticket about the second case and was told that when creating the MSI install package the destination folder needs to be “full control”. Having read the install/upgrade guide, I had seen that. I asked what is meant by full control. The install directory already had permissions of Administrators:Full Control and System: Full Control. Guardian Edge support then wanted to set up a phone call for followup. I felt I’d asked a rather vanilla question, and decided to review the manuals. I found that the permissions on the folders where the MSI files are created is actually incorporated into the MSI. I’ve never seen anything like that before! I set the destination folder for the MSIs to Everyone:Full Control and recreated the install packages. This time I was able to install Guardian Edge Hard Disk Encryption onto my Vista computer.
At this point I thought everything was ok, in spite of the lack of support I’d received from Guardian Edge. A reasonable explanation was found for my install errors. I’d be able to go forward with a 8.7 upgrade.
Monday morning came and I booted the Vista laptop on which I had installed GE 8.7. Instead of booting I received an error “The EAFS volumes contain errors. Run Recover.”
I booted to a USB drive and ran “recover /a” to repair the Guardian Edge databases. This did not solve the problem so I opened another case with Guardian Edge. First I attempted to call their 866 number. That resulted in a long pause followed by a fast busy signal. Next I opened a case through salesforce.com. I described the error and what I had done thus far and asked if it was ok to use the 8.2.0 Hard Disk Access Utility on a 8.7 client. The response I got was to use the latest version but it didn’t answer what is the latest version or where to get it. I’m following up on that. I’m concerned because last time I asked for this utility they sent it FedEx rather than providing a ISO download.
I was so hoping to write something positive about Guardian Edge this month.

4 Comments

  1. lol … I thought I was the only one with Guardian Edge support issues. Have you had performance issues with your encrypted computers, like 30-60% hard drive CPU utilizations? I have had this performance case open for 2 years now. Hope this makes you feel better..lol

  2. Are you guys still experiencing perfromance impacts with the latest versions of GuardianEdge / Symantec Endpoitn Encryption 7 ? I see a heavy impact during initial encryption process. Also it took nearly 7 hours to encrypt a 75gig volume with onl 6gigs of data on the primary 30 gig partition. I’d expected much better perfromance.
    I am now worried about the level of support going from bad to worse with the Symantec Acquisition and all ? Any thoughts ?

  3. For the most part since I got everyone upgraded to 8.7, I haven’t had to put a lot of thought into support for GuardianEdge. That is about to change as I’m upgrading to 9.5.1. I’m sure you’ll see posts from me ranting about that shortly.
    I dont know how the Symantecized version numbers line up with GuardianEdge version numbers.
    Generally speaking I only encrypt the entire disk including white space when I am doing a new deployment to computers that have been in use without encryption. When it is a new deployment I would encrypt the data only. There is also a setting pertaining to initial encryption. If you’re incredibly paranoid about losing one block of data if someone pulls the plug on the computer during encryption than you can backup each block while encrypting. That of course slows things down as well. (off the top of my head I dont recall the name of either setting).
    I’m not sure support could be any worse with the Symantec, so I’m less worried about that.

  4. Pingback: » GuardianEdge 9.5.1, Windows 7 and Me - Roger's Information Security Blog

Comments are closed.