1.    4 Weeks Ago #1
    Join Date : Aug 2017
    Posts : 4
    Windows 10 Pro

    Backup the EFS encryption key file


    Yesterday I installed OneDrive app and linked it to my office 365 enterprise University account. Since then, every time I turn on my pc, I receive a warning about backup of the encryption key from EFS application. But I have never used bitlocker.
    I did some search online and I got the list of all encrypted files: there are thousands of files and belongs to Apps, like facebook, onedrive, inkscape and so on.
    So my questions are:
    • why did that message suddenly appear?
    • why are those files encrypted?
    • do those files have to be encrypted?
    • bitdefender has just found Gen:Trojan.Heur2.GZ.@FZ@bq2Abpn in temp folder. Could I have got a ransomware that is encrypting all files?

    Thanks in advance!
      My ComputerSystem Spec
  2.    4 Weeks Ago #2
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 3,994
    Windows 10 Pro Build 1703

    Hi desk77.

    Anything is possible but I think the more likely cause is your linking to your University account. You said it started right after you linked. Talk to your University IT support staff and see if they are using or enforcing through group policies.

    Assuming you have your data backed up please don't connect your back up until you either hear from IT or are 110% the infection is gone.

    Do you know what the date was on your Trojan file?
      My ComputerSystem Spec
  3.    4 Weeks Ago #3
    Join Date : Aug 2017
    Posts : 4
    Windows 10 Pro
    Thread Starter

    Quote Originally Posted by Caledon Ken View Post
    Hi desk77.

    Anything is possible but I think the more likely cause is your linking to your University account. You said it started right after you linked. Talk to your University IT support staff and see if they are using or enforcing through group policies.

    Assuming you have your data backed up please don't connect your back up until you either hear from IT or are 110% the infection is gone.

    Do you know what the date was on your Trojan file?
    I think the same thing but my university account was already linked to Windows and Office. In fact I didn't have to enter password again. So I can't explain what happens.

    About the infection, the infected file is a .tmp file that was already deleted. Given that I have just upgraded to W10 FCU, maybe it was a temp installation file... now I'm doing some system scan with malwarebytes, zemana antimalware, bitdefender and eset to verify if pc is stillinfected
      My ComputerSystem Spec
  4.    4 Weeks Ago #4
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 3,994
    Windows 10 Pro Build 1703

    Cool. Lets hope Bitdefender did its job.
      My ComputerSystem Spec
  5.    4 Weeks Ago #5
    Join Date : Oct 2017
    Posts : 13
    Win10

    Bitlocker and EFS are not the same thing. Bitlocker is full-disk encryption; EFS is per-file encryption.

    I agree that it's probably some IT policy from your university account. You should backup your key: Backup Encrypting File System Certificate and Key in Windows 10 Security System Tutorials
      My ComputerSystem Spec
  6.    4 Weeks Ago #6
    Join Date : Aug 2017
    Posts : 4
    Windows 10 Pro
    Thread Starter

    Quote Originally Posted by Caledon Ken View Post
    Cool. Lets hope Bitdefender did its job.
    Quote Originally Posted by PolarNettles View Post
    Bitlocker and EFS are not the same thing. Bitlocker is full-disk encryption; EFS is per-file encryption.

    I agree that it's probably some IT policy from your university account. You should backup your key: Backup Encrypting File System Certificate and Key in Windows 10 Security System Tutorials
    My IT support staff told me that it doesn't depend on them. So why did those message start to appear?
    Anyway, do you think I should make a copy of certificates on a external storage or try to decrypt all files?
      My ComputerSystem Spec
  7.    4 Weeks Ago #7
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 3,994
    Windows 10 Pro Build 1703

    You should definitely get a copy of the keys.

    Maybe scan your event viewer (filter) and look for the letters EFS. Hopefully your logs go back to the time when you linked OneDrive so you can see what else was happening.

    Did you do anything else around the time of the account linking?

    Ken
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Solved file encryption query
ive never bothered with file encryption before. but iam strongly considering it.. the question is, when you encrypt a file or folder, can you still download a program or images into it?:shock:
AntiVirus, Firewalls and System Security
Solved Backup Error 0x8031004A: BitLocker Drive Encryption cannot be used
Hi I'm running Win 10 Pro version 1607 (OS Build 14393.321), and I have a weird problem with my 298 GB WD in 2.5 SATA enclosure external hard drive. I have used it several times in the past to backup Windows 7 & 10, but now I can use it to...
Backup and Restore
Encryption File System
Is there EFS in Windows 10 ? If yes, where it is and how to enable?
AntiVirus, Firewalls and System Security
Random File Encryption
Hi guys, just joined because I'm having W10 issues. My computer started to randomly encrypt files, where I would have to manually decrypt them via the properties. Only issue now is that it says I have no admin rights, whereas before it was...
AntiVirus, Firewalls and System Security
Solved File encryption fails?
Hallo friends, I tried to encrypt a file located in my Dropbox account. I went to File->Properties->General->Advanced->Encrypt contents to secure data. After I did what I did, the file had a golden locker icon attached on it. I opened my other...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 15:06.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums