Technical support

Technical Details regarding ESET Endpoint Encryption and Windows Feature Updates (version 4.9.0+)
Article ID: KB465 email a link to this article

Windows Update and WSUS Method

See: KB379 - Installing Windows 10 Feature Updates on an Full Disk Encrypted (FDE) system

For a machine to install Windows Feature updates while Full Disk Encrypted (FDE) with ESET Endpoint Encryption (EEE), we must make the encryption drivers available to Windows during the installation of an update. To do this we create a file called SetupConfig.ini stored inside the following directory:


Please note, if you are already using a customized SetupConfig.ini file as part of your update process, then please ensure it has been fully tested alongside EEE before rolling the update out to end users.

We use the SetupConfig.ini file to pass the /reflectdrivers switch to Windows during the update process. This passes the necessary encryption driver to Windows, in order to access the disk correctly during the update. Without using this switch, Windows would not be able to read the disk correctly due to the encryption and the update process will fail.

After Windows has successfully installed an update, we use the Postoobe switch to run a script. This script creates the necessary entries to allow Windows to update correctly again in future.

Windows Media Creation tool (ISO)

See: KB462 - How to manually install Windows 10 Feature Updates on an Full Disk Encrypted (FDE) system

The EEE Windows Update utility uses the ‘/ConfigFile’ switch to point Windows in the direction of the SetupConfig.ini file. This then works as above.

Additional Information

Windows Setup Automation Overview

Windows Setup Command Line Options

We use cookies on our website to enhance your browsing experience. Read more