Scroll down to learn more about each feature


Encrypt System and Boot Volumes

Encrypts the volume from which Windows boots from, as well as the volume where Windows stores system files.


Support for UEFI-based Computers - Secure Boot Included

Supports computers with operating systems loaded according to the Unified Extensible Firmware Interface (UEFI) between an operating system and platform firmware.


Encrypt RAID and All Types of Volumes Residing on Fixed and Removable Disks

  • Simple volume, i.e. volume consisting of one disk partition.
  • Mount point - volume mounted as a sub-folder on NTFS-formatted volume.
  • Multipartition volume, i.e. volume consisting of several disk partitions
  • Spanned volumes
  • Mirrored volumes
  • Striped volumes
  • RAID-5 volumes
  • Storage Spaces introduced in Windows 8


Pre-Boot Authentication

User authentication before operating system loads. Customizable Pre-Boot Authentication text.


Supports Tokens for Secure Hardware Storage of Encryption Keys

Supports hardware tokens SafeNet (former Aladdin) eToken PRO and eToken Java. Learn more


Two-Factor Authentication with Removable Disk Drives

The software provides Two-Factor Authentication also with regular removable disks(like USB sticks). Learn more


User-friendly Encryption

Initial encryption is transparent both for running applications and for Windows system modules. Initial encryption process can be paused and the user can continue the process or decrypt back at any time. Partially encrypted volumes are workable and can be dismouned and mounted again.


Option to Boot Encrypted Volumes only from Trusted Network

Encryption keys can be stored on a network server. It opens an additional security level for enterprise use of the software. Since encryption keys are stored on remote server, access to encrypted computer will be possible only if it is connected to enterprise network. Learn more


Supports Trusted Platform Module (TPM) for Unattended Reboot

The feature is used to manage servers that are required to function around-the-clock. If such a server has boot/system volume encrypted, every reboot of the server requires pre-boot authentication. To solve the problem BCVE uses TPM hardware module for unattended reboot. Learn more


Secure Hibernation

If the user encrypts volume where Windows stores Hibernate File, BestCrypt Volume Encryption encrypts all write operations when Windows goes into Hibernate state and decrypts read operations when the computer wakes up from Hibernate state. Since pre-boot authentication is necessary at wake-up time, only the user who knows the proper password (and has hardware token, if used) can run computer from Hibernate mode.


Rescue Functions to Decrypt Volumes in Emergency Case

  • Bootable CD/DVD
  • Bootable USB
  • Rescue decryption of non-system volumes with Rescue File
  • Windows bootable Live CD
    Learn more


Central Management for Deployment, Monitoring, Encryption Policy Distribution and Password Recovery