Technical support

Knowledgebase: Hardware
Using ESET Endpoint Encryption with Microsoft Surface devices
Article ID: KB228 email a link to this article

Windows RT

The ESET Endpoint Encryption (EEE) client only supports machines running an x86 based processor.  You cannot use the EEE software with devices that run the Windows RT operating system (i.e. Surface and Surface 2).


If you are using a Surface Pro 4 and later or a Surface Book device

You should ensure you use v4.8.4 or later of the EEE client which introduced compatibility with the NVMe storage used in these devices.

Attempts to use Full Disk Encryption to encrypt Surface 4 or Surface Book devices with v4.8.2 or v4.8.3 will be blocked because no disks will be presented for encryption. 

A managed client will show the Workstations Details 'Disk Information' as shown below:

Attempts with versions prior to that will prevent the system from booting and require the recovery CD is used to regain access.

KB346 - 'Full Disk Encryption Recovery Overview'

Surface Go

The Surface Go operating system only allows users to install applications from the Microsoft store therefore you will be unable to install the EEE client as it's an MSI package. 

If you try and run it, it will show the following error - 

To allow the system to install the EEE client you must switch your operating system out of S mode.

To do this please refer to the following Microsoft article: Switching out of S mode in Windows 10 


Full Disk Encryption

If you are using a Surface Pro or Surface Pro 2 device, the Microsoft UEFI Certification Authority certificate should be installed before initiating Full Disk Encryption on the machine.  This can be downloaded at the Microsoft website:


If you have already commenced Full Disk Encryption without updating the certificate, you will need to disable the Secure Boot option in the BIOS to allow the system to boot Windows.  With Secure Boot disabled to allow the system to load you will now be able to apply the certificate file with the machine encrypted.  If you require assistance please contact the support team by submitting a ticket.


Note : The Surface Pro referred to above is the original 2013 version, not the more recent 2017 or later version that might also report itself as a Surface Pro.


Surface Keyboards

If after encryption your Touch Cover or Type Cover is not active after reboot you may need to perform the following workaround to start the system. 

Ensure your Surface keyboard is connected.  From a powered off state, press the Power button and the volume down button at the same time.  When the EEE Full Disk Encryption pre-boot screen is shown, use the keyboard to login as usual.

In addition we have had reports that use of the Caps Lock key can cause an empty character to be entered when typing a Full Disk Encryption password.  If you experience this effect you should use the shift key together with the character requiring uppercase entry instead.


Alternatively, 'Touch Screen' Support has now been added to v4.9.0 and later. Please see our article below for more details:

KB284 - 'Pre-boot Authentication Keyboard Support'


Can I use a Wireless or Bluetooth Keyboard?

You may have a wireless or bluetooth that you use with your PC or tablet. Bluetooth keyboards cannot be used in the full disk encryption (FDE) login screen due to the required bluetooth stack not running until Windows starts.

Due to the FDE login screen launching before Windows does, a bluetooth device will not work with it.

However, a wireless keyboard may work. If the wireless keyboard works correctly in the BIOS then it should work in the pre-boot FDE login screen. You may need to ensure that the BIOS allows Legacy USB Emulation.

Alternatively, an external keyboard that is physically connected to the machine will work, such as a USB cabled keyboard.


Known Issue

Full Disk Encryption Login Screen Size

In earlier versions the pre-boot FDE login window does not fill the screen fully. The login screen is initialized as an 80x25 character screen and the graphics card will scale the screen automatically to fit the resolution. The scaling of the login screen is controlled by the firmware or the display of the Surface 4 hardware. 

From v4.9.2, support has been added to improve the graphics for high resolution screens, this has also introduced a zoom feature. Please see our article below for more information:

KB463 - 'How to adjust the graphical pre-boot FDE login screen'


Storage Spaces

Using Microsoft Storage Spaces allows you to combine multiple disks into a single pool of virtualised storage. This has been seen in recent Surface Pro 2017 Devices that have 2 x 512GB SSD's which have been combined to advertise as 1TB of storage. Therefore instead of having one physical disk, there are multiple disks that are merged.  

Please see the Microsoft article below:

Microsoft Support - Surface Laptop 1TB display two drives

Storage Spaces is essentially a software-configured RAID (redundant array of independent disks) which is not currently supported by EEE.


Keywords: surface, pro, keyboard, tablet, Microsoft, on-screen

We use cookies on our website to enhance your browsing experience. Read more