BestCrypt Volume Encryption software (or BCVE) allows the user to encrypt all data on existing disk partitions and disk volumes. This includes both basic and dynamic disk volumes as well as boot/system partitions. The main window of BCVE program is pictured below.
When the software works as Enterprise Client managed by Jetico Central Manager, its behavior depends on the encryption policy assigned by JCM administrator. If the policy forces encryption, before starting the process the user will be asked to enter a password twice. As soon as the encryption process is started, the user will have to enter the password at boot time.
If the policy forces encryption or decryption process, the process is running in the background, but the progress is displayed:
User on the client computer can stop (pause) the process, but it will be automatically resumed after a while. As well, it will be resumed after restarting or hibernating the system.
If the policy forces encryption or decryption process, the BCVE main window can be opened, but most of the functions are not active. The following commands are available in this mode:
If the policy does not force encryption/decryption and is set to Manage locally, all the standard BCVE commands are available on the client computer. The user can encrypt/decrypt volumes, change or add passwords, etc. As soon as the policy becomes 'Encrypt' again, the program will ask user to enter boot-time password and volume password to make all volumes encrypted with single master password. If they were encrypted with different encryption algorithms, it won't be changed, but the computer will be considered as 'policy non-compliant' even after encryption process is finished. The same behavior is applied in case if the client computer was previously encrypted with standalone version of BCVE (not managed by JCM).
To reduce the risk of losing encrypted data, BCVE always creates and updates the rescue file necessary to recover encrypted disk volumes in case of an emergency. With Jetico Central Manager, all the rescue information from client computers is saved securely in the JCM Database. As a result, the JCM administrator can run a recovery process on client computers encrypted by BCVE without any user's activity.
Encryption policy also includes the option for removable devices. If it is set to force the encryption, then when inserting a non-encrypted USB drive, the user will be asked to enter the password to encrypt the device. If the user refuses to encrypt it, access to the device will be blocked or restricted. If the policy does not force encryption of removable devices, then when inserting encrypted USB disk the user will be asked if the device should be decrypted or not.