Advice Request Bootable AV that works with BitLocker ?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Hi,

I was wondering is there a bootable AV that works with BitLocker ?

AV companies tend to give these as free products but would they work with a hard drive that’s encrypt with BitLocker ?
 
  • Like
Reactions: vtqhtr413
E

Eddie Morra

If a bootable AV can access the decrypted contents of the encrypted hard drive (e.g. by knowing the password for decryption) then it would be a security flaw. If an AV can do it, so can anyone else.

Bootable AV (e.g. via recovery disk) will not be able to access the decrypted contents of the hard disk which is protected - there won't be any decrypted contents for it to try and access because you'd need to firstly know it was encrypted before you attempt to decrypt and would need to calculate a key to use for the decryption using a password.

However, if you're referring to simply a normal AV solution starting up at boot, then it will work fine because that is after the initial decryption procedure at boot (since only after the decryption procedure will Windows truly start up properly -> eventually you reach the AV kernel-mode software starting up early -> user-mode services for Session 0 -> login and the auto-spawned GUI in the background if it does that).

So unless you meant like those bootable scanners, then everything should work fine in theory.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
If a bootable AV can access the decrypted contents of the encrypted hard drive (e.g. by knowing the password for decryption) then it would be a huge security flaw.

Bootable AV (e.g. via recovery disk) will not be able to access the decrypted contents of the hard disk which is protected - there won't be any decrypted contents for it to try and access because you'd need to firstly know it was encrypted before you attempt to decrypt and would need to calculate a key to use for the decryption using a password.

However, if you're referring to simply a normal AV solution starting up at boot, then it will work fine because that is after the initial decryption procedure at boot (since only after the decryption procedure will Windows truly start up properly -> eventually you reach the AV kernel-mode software starting up early -> user-mode services for Session 0 -> login and the auto-spawned GUI in the background if it does that).

So unless you meant like those bootable scanners, then everything should work fine in theory.

Thanks- I am referring to whether there is an AV which can operate from a USB stick after the disk has been decrypted ( and thus boot choice already has been made ) but before windows kernel begins loading or at least just a minimal part has been loaded. This should be feasible if the AV has also been installed instead of using it first time via a usb stick.

As the boot is not from a usb it could equally well be a hidden disk partition that has the AV but a fresh USB is less likely to be compromised ( leaving open to vulnerability only the AV’s kernel modules ) - so not referring to booting via usb.
 
E

Eddie Morra

As long as the decryption procedures have been completed then anything after that should in theory work fine to my knowledge... however anything before the decryption procedures, instant no to it working properly in terms of being able to access the contents of the protected hard disk in an non-encrypted state as far as I am aware.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
As long as the decryption procedures have been completed then anything after that should in theory work fine to my knowledge... however anything before the decryption procedures, instant no to it working properly in terms of being able to access the contents of the protected hard disk in an non-encrypted state as far as I am aware.

Indeed before encryption it’s impossible, which is what complicates things - in principle what we say is doable , is there any AV vendor consumer product currently in the market that does it though ?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top