Using the ESET Endpoint Encryption Command Line Tool
The ESET Endpoint Encryption (EEE) Command Line Tool allows access to specific EEE functions through a command line interface. This can be useful if you need to automate actions within the EEE client software.
The EEE Command Line Tool is now contained as part of the client install from v4.9.2 onwards. It can be found in the %PROGRAMFILES%\ESET Endpoint Encryption\ directory. On 32-bit platforms the executable is called dlpcmd.exe and on 64-bit platforms the executable is called dlpcmd64.exe.
For clients prior to v4.9.2 the tool can be downloaded below. There are two versions of the tool available appropriate to the platform being used:
Download 64bit Command Line Tool
Download 32bit Command Line Tool
Note: This software requires DESlock+ v4.3.45 or later installed to function.
It is possible to login or logout of the user's key-file from the command line.
To login to the Key-File use the login command and supply the -p switch followed by the Key-File password as shown below.
To logout of the Key-File use the -p switch with no password as shown in the example below.
Encrypted File and Text Operations
The EEE Command Line Tool can be used to encrypt and decrypt files from a command prompt, using a EEE encryption key or a password.
The current user must have a setup Key-File and be logged in to EEE. These operations will not work from an elevated command prompt, as the users key-file cannot be accessed from the elevated task.
There are 2 encryption methods supported:
Text mode encryption
This mode is compatible with EEE Email and Text encryption.
Simply provide a text file to the tool and it will create an encrypted copy of the contained text so that it can be included in an email or document. This text can then be decrypted by the tool or by using EEE Email or Text Encryption. You will need to specify a destination filename when using this method.
File mode encryption
This mode is compatible with EEE File Encryption (.dlp files)
Simply provide any type of file and it will be encrypted, creating a new file with a .dlp extension. This file can then be decrypted by the tool or by using EEE File Encryption.
File mode decryption
Using the decrypt switch allows encrypted files to be decrypted.
You will need to pass the type of decryption to perform (file or text) and the source filename. If you are decrypting a text mode file then an output filename is also required.
Encrypted Folder Operations
The Command Line Tool can be used to create an encrypted folder or display the encryption status of a folder.
Create Encrypted Folder
To create an encrypted folder, pass the path of the required new folder name and either the encryption key name or encryption key serial number. If you wish to hide the folder from view when the user is not logged in then pass the -h switch.
Important: The destination folder must not already exist or the command will be rejected.
Display Encrypted Folder Status
The encryption status of a folder and how it is encrypted can be shown by passing the folder path without any encryption key name or serial number.
Example usage and output:
Virtual Disk Operations
The Command Line Tool can be used to perform mount and unmount operations on a virtual disk file.
Using the mount switch allows an encrypted virtual disk to be mounted for access.
When a virtual disk is mounted through the normal user interface or using the mount switch detailed above, it will only be available to access by processes running under the current Windows user context. This means that software which runs as another Windows user account will be unable to access the container. Please see here for further information: KB244 - Windows User context and encryption
In order to work around this the global mount switch can be used. Using this switch means all users on the system will be able to access the containers contents when it is mounted. This facility is only available through the command line tool and not the normal client UI.
To enable the global mount option simply add a -g switch to the command.
When mounting the file globally you will need to confirm the operation interactively. To avoid this, pass the additional -i switch.
This command will unmount a mounted disk. You can use either the currently mounted drive letter or the path to the disk to indicate which disk you would like to unmount.
The command line tool can be used to securely delete a file using the EEE shredder.
Please note: using the shred option with securely erase the file and the data CANNOT be recovered.
This will shred the file using the default options.
You will be prompted to confirm that you want to shred the file, and the file will be shredded using the Cryptographic Random Number method.
To bypass the confirmation and shred the file with no prompt, add the -i switch
To change the mode used to shred the file use one of the following switches:
Full Disk Encryption Status Operations
The Full Disk Encryption status of the system disks in the workstation can be displayed using the query command. The command can also be used to obtain a JSON formatted system report containing full details of the disks on the system and additional machine details.
Display status all disks
The full disk encryption status of all connected hard disks can be displayed using the -l switch as shown below:
Example usage and output:
Display status of a specific drive or disk
You can display the encryption status of a specific drive by passing the drive letter as shown below:
Alternatively, to show the encryption status of a specific disk pass the disk number as shown below:
The query command call using the -l parameter have the following possible exit codes:
Save detailed system information
By supplying the -f switch and filename a JSON formatted file containing disk and system information will be produced.
This is a command that can temporarily allow a Full Disk Encrypted system to boot without authentication. Please see this article for details: KB471 - Full Disk Encryption Maintenance Mode
To obtain help from the tool simply run without any parameters. Include the command for help about a specific command.
KB244 - Windows User context and encryption
KB220 - What are the encryption size constraints?
Keywords : file encryption email text commandline dlpcmd mountfile mount file virtualdisk automation scheduled task user context shredder