Encrypting File System (EFS) encrypted file data corrupt after shutdown and restart
I'm running Windows 7 Pro 64-bit on an HP dv7-3085dx laptop (Core I7). Every time I create EFS encrypted files, they are fine until I shutdown and power off. After power on and start up, the EFS file(s) data is corrupt. For example, if it's a text file, the content looks like raw binary data--all scrambled with graphic symbols, foreign symbols, etc.--with nothing recognizable from the original text. The odd thing is, sometimes some of the EFS encrypted files will return to normal after power down/power up, while the rest of the EFS encrypted files remain corrupted. Then, after the next power down/power up all of the EFS encrypted files are scrambled again. With files other than text files, the apps that try to load them just report that they are unrecognizable and/or corrupt. Is anybody else experiencing this? Does anyone have a pointer or suggestion that might set me in the right direction?
May 15th, 2010 10:12am

Hi, Based on my test on several machines, I would like to answer you that the encrypted txt files still can be accessed normally after rebooting the system. This issue may occur by incorrect settings or disk errors. To troubleshoot the issue, please try the following steps. 1. Open the command prompt with administrative privileges by typing cmd in the search box in the Start Menu and right-click cmd.exe in the search results and then select Run as Administrator. 2. Type chkdsk followed by one or a combination of switches listed below in the command prompt. chkdsk C: /F /R The check disk command shown above will fix any errors it finds and also attempt to recover bad sectors of the C: drive if any are found. Let's see if there is any error on the hard disk. Thanks, Novak
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2010 5:56am

Novak, Thanks for that. I had a little trouble getting Chkdsk to work right--on the first attempt (run after reboot), Chkdsk only ran for a few seconds before continuing to restart Windows; on the second attempt, Chkdsk froze up at 1 second to go during the countdown prior to running (after reboot); on third attempt, it only ran a few seconds again. After some research, I finally realized that when using the /F option, whether with or without the /R option, chkdsk will not scan the entire disk. You have to use the /R option alone to get the full scan/repair. Also, by rebooting while pressing F8, I was able to select the Repair option and get to the recovery console Command Prompt and run Chkdsk on the disks without having to reboot every time (although I did have to unmount the drives). Chkdsk Result: various problems were found and fixed. Effect: after finishing repairs with Chkdsk and rebooting, the data in one of the EFS encrypted files returned to normal; however, several other EFS encryted files were still corrupted. So, going along with the theory that this was originally caused by disk errors and perhaps the data in these particular files was permanently corrupted, I deleted the corrupted files and recreated them with EFS encryption. After the first shut-down/power-down and subsequent power-up/start-up, all of the EFS encrypted files are still normal and OK. Before declaring this a solution, I'd like to verify that everything remains normal through several iterations of shut-down and restart and that there are no other disk errors throughout the test period. If I continue to get disk errors, I'll have to get that repaired before I can confirm success or not. Thanks again. Dave Kelly
May 28th, 2010 2:21am

Novak, Before declaring this a solution, I'd like to verify that everything remains normal through several iterations of shut-down and restart and that there are no other disk errors throughout the test period. If I continue to get disk errors, I'll have to get that repaired before I can confirm success or not. Well, after a couple of shut-down/start-up cycles, some of the EFS encrypted files were corrupted again. Then, after a subsequent shut-down/start-up, they returned to normal (again). Very odd. However, I found a HP boot-time system diagnostic utility that does a Disk Surface Test--it fails every time, so there does appear to be a problem with the disk. I'll have to get that fixed and report back on the results afterward...Dave Kelly
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2010 1:20am

...This issue may occur by incorrect settings or disk errors. To troubleshoot the issue, please try the following steps... chkdsk C: /F /R ...Let's see if there is any error on the hard disk. Novak, I finally got the disk replaced under warranty. Also had the entire system (motherboard, controllers, etc.) tested, which passed all the tests. The new disk passes Chkdsk /R with no errors or problems reported. However, EFS encrypted files are still getting corrupted after shutdown/restart. Not all EFS encrypted files are corrupted, just some at random. They are accessible, but the data appears scrambled. Here's another crazy aspect of this problem. The EFS encrypted files which appear to be corrupted are on my HP Notebook Windows 7 system disk. I have the same X.509 encryption certificate that's installed on the Win7 Laptop also installed on my Dell Desktop PC which is running Windows Server 2008 Std. I can access the EFS encrypted files on the Win7 Laptop remotely from the Server 2008 PC and they appear to be normal. When viewed on the Laptop however, they are corrupted. This really appears to be a Windows 7 Pro (64-bit) problem as far as I can tell. You mentioned that this issue may occur by incorrect settings. Exactly what incorrect settings are you referring to? Dave Kelly
June 15th, 2010 9:55am

I'm happy to report that I've finally found out what was causing the problem: Comodo Antivirus Free x64 version 4.0.135239.742 running on Windows 7 Pro 64-bit causes data corruption of EFS encrypted files. I found this after reading a posting at another security forum by someone who was having exactly the same problem, but reported that it was being caused by Symantec anti-virus software. I have used only Comodo anti-virus and my system is completely clean of anti-virus software from any other vendors. So, I removed the Comodo anti-virus software, and sure enough, the problem has gone away. I have been through a dozen shutdown/restarts now and have had no further corruption of EFS encrypted files since I removed the Comodo anti-virus software. I hope this helps somebody else too. Dave Kelly
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2010 3:18am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics