Specifications

Endpoint Encryption for Files and Folders Policy Settings

24 |

Allow explicit decrypt

Enables the Decrypt… option in the user’s context menu (displayed when right-

clicking a folder or file). This allows the user to manually decrypt files and folders. If a

file or folder is encrypted according to a centrally set policy, the user cannot decrypt it.

The option will be visible, but grayed out (inaccessible).

Enable padlock icon visibility

Adds padlock icons to encrypted files and folders icons. This makes it easier to

recognize encrypted objects.

Enable search encrypted

Enables the Search encrypted… option in the user’s context menu (displayed when

right-clicking a folder only, or the Windows Start button), such that the user can

manually search for encrypted data on specified locations. The search may also be

based on a particular encryption key, or all encrypted objects (all keys).

Allow creation of Self-Extractor

If enabled, users will be able to create password encrypted Self-Extractors. These are

files that have been encrypted with a dedicated password (according to PKCS#5).

Self-Extractors may be read from any other machine without having Endpoint

Encryption for Files and Folders installed. The user must know the password in order

to extract and decrypt the file. This feature is further described in section Create Self-

Extractor–

of this guide.

NOTE:ThepasswordrulesforSelf‐ExtractorsfollowtheEndpointEncryptionpasswordqualityrestrictions

thatareappliedtotheuser,e.g.minimumlength.SeetheEndpointEncryptionManagerAdministration

Guide‐>Passwordtemplatesectionfordetails.

Options - E-mail Integration

Enable sending of encrypted e-mail attachments

Enables the client context menu option for sending encrypted e-mail attachments.

NOTE:TherecipientoftheattachmentmusthaveEndpointEncryptionforFilesandFoldersinstalle

dand

alsoaccesstotheencryptionkeyusedtoencrypttheattachment.Ifyouuseanencryptionkeyfromthe

centraldatabasetoencrypttheattachment,thentherecipientmustalsobeabletoaccessthesame

database.Ifyouuseauserlocalkeytoencrypttheattachment,thenthatkeymustbeexportedtothe

recipientusingthelocaluserkeymanagementfunctions.SeesectionLocaluserkeymanagementfor

details.Inbothcases,therecipientmusthaveEndpointEncryptionforFilesandFoldersinstalled.Ifthisis

notthecase,considerusingtheSelf‐Extractorfunctioninste ad. SeesectionCreateSelf‐Extractorforde

tails.

NOTE:Encryptede‐mailattachmentscreatedwithEndpoint EncryptionforFilesandFolders2.xcannotbe

openedwithaEndpointEncryptionforFilesandFolders3.xclient.However,encryptedattachments

createdwithEndpointEncryptionforFilesandFolders3.xcanbereadbyaEndpointEncryptionforFiles

andFolders2.x

client.

Options - System Tray