Installing or upgrading the Drive Encryption client packages in FIPS mode

For the Drive Encryption client to operate in FIPS mode, install the Drive Encryption client package in FIPS mode before activating Drive Encryption on the client.

This is to make sure that encryption keys are generated in a FIPS-certified manner during the activation process.

If Drive Encryption is already installed on systems without enabling the FIPS mode, perform these tasks to make it operate in the FIPS mode.

  1. Decrypt the client systems.
  2. Deactivate Drive Encryption on the client systems.
  3. Remove the Drive Encryption product from the client systems.
  4. Reinstall Drive Encryption in the FIPS mode.

Deploying Drive Encryption through a McAfee ePO deployment task

When installing or upgrading Drive Encryption client packages in FIPS mode using a McAfee ePO deployment task, make sure to add the keyword FIPS on the command line of the Drive Encryption deployment task in McAfee ePO.

Deploying Drive Encryption through a third-party deployment software

When installing or upgrading Drive Encryption client packages in FIPS mode using third-party deployment software, make sure to add the parameter FIPS_MODE=1 when you install the Drive Encryption client package, as in the following command:

  • 32-bit system — msiexec.exe/q/i MfeEEPc32.msi FIPS_MODE=1
  • 64-bit system — msiexec.exe/q/i MfeEEPc64.msi FIPS_MODE=1