Skip to main content

Why is VC messing with Windows EFI?

Thread needs solution
Beginner
Posts: 3
Comments: 3

@Bootrec Why is VeraCrypt messing around with the Windows EFI folder? On installation, VeraCrypt is installing its own EFI boot folder. This is, of course, fine and to be expected. What is not to be expected is the fact that VeraCrypt isn't just installing its own EFI folder but reaching into other EFI /fixboot access is denied folders to put its bootloader in them too. It is going into the Windows EFI folder, renaming the old Windows EFI bootloader, and then putting its own bootloader in the Windows EFI folder.

0 Users found this helpful
Legend
Posts: 105
Comments: 25764

David, sorry but this forum is focused on Acronis True Image and I have no experience in using VeraCrypt so cannot guess at how that application works!

Forum Hero
Posts: 55
Comments: 9018

This thread is a bit old but for anyone interested VeraCrypt from an operational standpoint has embarked on its own alternative Trusted Platform Module (TPM) campaign and has spoken out criticism of the TPM standard as being entirely redundant.  To that end what the OP states here can be attributed to this position taken by VeraCrypt.  

Below is an excerpt from Wikipedia on the matter:

The TrueCrypt disk encryption utility does not support TPM. The original TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardware keystroke logger, by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. As such, the condemning text goes so far as to claim that TPM is entirely redundant.

Beginner
Posts: 3
Comments: 3

I'm having issues with "icacls"  I had users that wanted folder permissions changed to certain rights like full for some read right for others so I used icacls something like the bottom. Of course there are other groups as well added to the line.

icacls "\\Server\Engr_Svcs\HYDR\ZZ_Drafting Services" /grant:r "system-admins":(OI)(CI)F /T /C /grant:r "Administrators":(OI)(CI)F /T /C

After I go to the folders in question or subfolders I find there are no permission on files in folders

like \\server\location\folder .... the files have no permissions at all but folder shows all group permissions.

while the icacls is running I see processed file: \\server\location\folder\filename.pdf or others

I go to the folder check file no permissions! but if I add my group to file remove cut and paste check file its good.