One of our departments wants to use a few hardware encrypted flash drives, Kingston IronKey D300 specifically, to transfer some internal data. This device mounts a small virtual CD-ROM and a flash drive as two separate drive letters. The unlocking software is contained on this small virtual disc, and without running it, the drive is unusable.
Adding the device to the trusted devices list allows the virtual CD-ROM device to mount and even allows me to browse its files, but when I run the unlock software, the splash screen shows then the program silently closes.
Running this unlock program on a computer with optical drives unrestricted allows full normal operation, and allowing all optical drives on the initial computer also allows it to run without issue. While the virtual CD-ROM is trusted but not working, the autorun.ini file does not process properly, as the drive letter icon remains default. While functioning properly it shows a custom drive icon applied by the autorun.inf.
I can't see any other devices added outside of the virtual CD and base storage device, and I haven't been able to find anything in the system logs nor in the KSC Event logs being blocked when it fails. Am I missing something, or is this a compatibility issue with the KES device control driver?
Best answer by Nikolay arinchev
Have you tried to add a decrypting software to KES trusted zone?
Please attach an export of KES active policy to your answer as well.