Using ESET Endpoint Encryption with Microsoft Surface devices
The ESET Endpoint Encryption (EEE) client only supports machines running an x86 based processor. You cannot use the EEE software with devices that run the Windows RT operating system (i.e. Surface and Surface 2).
If you are using a Surface Pro 4 and later or a Surface Book device
You should ensure you use v4.8.4 or later of the EEE client which introduced compatibility with the NVMe storage used in these devices.
Attempts to use Full Disk Encryption to encrypt Surface 4 or Surface Book devices with v4.8.2 or v4.8.3 will be blocked because no disks will be presented for encryption.
A managed client will show the Workstations Details 'Disk Information' as shown below:
Attempts with versions prior to that will prevent the system from booting and require the recovery CD is used to regain access.
Full Disk Encryption
If you are using a Surface Pro or Surface Pro 2 device, the Microsoft UEFI Certification Authority certificate should be installed before initiating Full Disk Encryption on the machine. This can be downloaded at the Microsoft website:
If you have already commenced Full Disk Encryption without updating the certificate, you will need to disable the Secure Boot option in the BIOS to allow the system to boot Windows. With Secure Boot disabled to allow the system to load you will now be able to apply the certificate file with the machine encrypted. If you require assistance please contact the support team by submitting a ticket.
Note : The Surface Pro referred to above is the original 2013 version, not the more recent 2017 or later version that might also report itself as a Surface Pro.
If after encryption your Touch Cover or Type Cover is not active after reboot you may need to perform the following workaround to start the system.
Ensure your Surface keyboard is connected. From a powered off state, press the Power button and the volume down button at the same time. When the EEE Full Disk Encryption pre-boot screen is shown, use the keyboard to login as usual.
In addition we have had reports that use of the Caps Lock key can cause an empty character to be entered when typing a Full Disk Encryption password. If you experience this effect you should use the shift key together with the character requiring uppercase entry instead.
Alternatively, 'Touch Screen' Support has now been added to v4.9.0 and later. Please see our article below for more details:
Can I use a Wireless or Bluetooth Keyboard?
You may have a wireless or bluetooth that you use with your PC or tablet. Bluetooth keyboards cannot be used in the full disk encryption (FDE) login screen due to the required bluetooth stack not running until Windows starts.
Due to the FDE login screen launching before Windows does, a bluetooth device will not work with it.
However, a wireless keyboard may work. If the wireless keyboard works correctly in the BIOS then it should work in the pre-boot FDE login screen. You may need to ensure that the BIOS allows Legacy USB Emulation.
Alternatively, an external keyboard that is physically connected to the machine will work, such as a USB cabled keyboard.
Full Disk Encryption Login Screen Size
In earlier versions the pre-boot FDE login window does not fill the screen fully. The login screen is initialized as an 80x25 character screen and the graphics card will scale the screen automatically to fit the resolution. The scaling of the login screen is controlled by the firmware or the display of the Surface 4 hardware.
From v4.9.2, support has been added to improve the graphics for high resolution screens, this has also introduced a zoom feature. Please see our article below for more information: