04-12-2026, 01:34 PM
Hey al3x,
Thanks for following up.
You're right, the backup image does store the unlock credentials for the drive being backed up. Of course, we encrypt them inside the image. This is exactly why the software prompts the user to encrypt the backup image itself. If the image is left unencrypted, those stored credentials (even though they are encrypted) could still be at risk of leakage.
Regarding your suggestion about temporarily disabling protectors with manage-bde -protectors <drive> -disable, to be honest, it is a workable workaround. However, the behavior of re‑enabling encryption protection is not always reliable or safe, and as backup software, we shouldn't arbitrarily change the state of other drives on the user's system. Therefore, we prefer to avoid leaving a drive in an unprotected state for an extended period. In comparison, only passing the key during an automated boot into WinPE and clearing it immediately after entering WinPE is a better approach.
Thanks for the discussion!
Best regards,
Thanks for following up.
You're right, the backup image does store the unlock credentials for the drive being backed up. Of course, we encrypt them inside the image. This is exactly why the software prompts the user to encrypt the backup image itself. If the image is left unencrypted, those stored credentials (even though they are encrypted) could still be at risk of leakage.
Regarding your suggestion about temporarily disabling protectors with manage-bde -protectors <drive> -disable, to be honest, it is a workable workaround. However, the behavior of re‑enabling encryption protection is not always reliable or safe, and as backup software, we shouldn't arbitrarily change the state of other drives on the user's system. Therefore, we prefer to avoid leaving a drive in an unprotected state for an extended period. In comparison, only passing the key during an automated boot into WinPE and clearing it immediately after entering WinPE is a better approach.
Thanks for the discussion!
Best regards,