The best antivirus for gamers.

Maximum protection. Minimum impact. Zero Interruptions.

Your digital security is priceless

Get the best protection for your devices

-50%
Buy

Your digital security is priceless

Get the best protection for your devices

-50%
Buy

50% off!

Protect yourself against ransomware and other attacks

Renew and get 50% off*

*For home users only

Renew at a discount

Today only for Internet Day!

Protect all your devices with a 60% discount

*Home users only

-60%
Buy

Protect your devices

With a 60% discount and even more,

Get Panda Dome Family for free!

-60%
Buy
-60%
Renew

Renew and get 60% off*

Get Panda Dome Family for free!

*For home users only

Renew at a discount

Renew and get 60% off*

Only today!

*For home users only

Renew at a discount

Start the year on the right foot

Renew your protection now with this limited-time offer

-50%Renew my protection

*Home users only

Get 50% discount!

Discover the plan that suits you best!

-50%See offer

Get 50% discount!

Discover the plan that suits you best!

This Christmas will be different

but we want to continue helping you protect your loved ones

-50%Renew my protection*

*Home users only

This Christmas will be different

but we want to continue helping you protect your loved ones

-50%View offer

Get 50% discount! Discover the plan that suits you best!

See offer

Get 50% discount! Discover the plan that suits you best!

See offer

Get 40% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Are you a WatchGuard Partner or customer and need help with Panda products?

+ Info

Get 50% discount! Discover the plan that suits you best!

Click here!

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Technical Support

Need help?

 

Best practices for Lost Device security with Systems Management

Information applies to:

Products
Panda Systems Management

Safety and security of user data is always a priority when managing partner devices. When a device is lost or stolen, the data stored is often more valuable than the device itself. It is therefore imperative that, in the event of a device being lost or stolen, you ensure its data is protected or removed in such a way that it cannot be recovered.

Lost Device Security component
The Lost Device Security Suite [WIN] component for Windows devices is provided in the Systems Management ComStore. It allows users to do the following:
  • Wipe the bootloader and force a bugcheck ("blue screen of death"), immediately halting any unauthorized device usage.
  • Securely wipe the device by wiping the data, unused space on all local fixed disks, as well as the Recycle Bin in such a way that data cannot be recovered.
  • Encrypt this data so that if the device is successfully recovered, it can be decrypted again.
  • Regain access to data (if the device is successfully retrieved) by decrypting it.
IMPORTANT!

This component is designed to cause data loss and is highly destructive.
USE WITH EXTREME CAUTION!

The data set the component targets is:

  • All local profiles and locally cached roaming profiles (Desktop and Documents folders, etc.)
  • Google Chrome, Mozilla Firefox, and Microsoft Edge browser password caches
  • A single additional path if defined in a variable; for example, if you have a D:\ data drive or another path on the C:\ drive
NOTE Only one additional path is supported.

Five input variables are made available when running the component against an eligible device. Two are mandatory, one is conditional, and the remaining two are optional.
  • SayTheMagicWord: due to the highly destructive nature of this component, a specific passphrase must be typed into this variable in order for it to run successfully. The passphrase is visible by hovering over the blue i next to the variable name. The passphrase is not included here for security reasons. It must be copied verbatim.
  • SecurityOperation: allows you to specify which of the four operations you want the component to perform against your device:
    • Brick the device by wiping the boot loader so that the device cannot be booted and force a "blue screen of death."
    • Wipe the device by securely erasing the data set stated above, plus free space on all local fixed disks and the Recycle Bin.
    • Encrypt the data set stated above using a randomly generated 75-character key. This key is stored in the StdOut of the script run (and optionally in a UDF) for data retrieval in instances where the device in question is retrieved.
    • Decrypt the data set stated above using the password string from the Encrypt operation, effectively undoing it.
  • FileSyncShareDisabled: flag to confirm that there are no active file sync/share solutions on the device to avoid impacting any cloud-stored data. This must be set to TRUE if performing a Wipe or Encrypt operation; otherwise, it will instantly fail.
  • DecryptPassword: if you are performing a Decrypt operation, enter the password here. You will find this in the StdOut of the Encrypt operation, as well as in the UDF if you declared it.
  • AdditionalPath: if you have an additional path for data to Wipe, Encrypt or Decrypt (for example, a D:\ data drive or another folder on the C:\ drive), enter it here; otherwise leave blank. You may only add one additional path.
  • UDFNum: enter a number (1-30) to populate that UDF with the encryption password when running an Encrypt operation; otherwise leave blank.
The Lost Device Security Suite [WIN] component uses the following open source/freeware applications. Please note the EULAs from these:
IMPORTANT! You may need to add csrss32.exe and csrss64.exe (renamed aescrypt.exe files) to the allow list on your Antivirus solution before you run this component, as they may cause false positives. Alternatively, you can remove them if you only want to run Brick or Wipe operations.

IMPORTANT! You may find that the component instantly fails with an "Incorrect function" message in StdErr. This happens when your Antivirus solution quarantines or deletes the entire component file before the Datto RMM Agent is able to launch it. As above, you must add csrss32.exe and csrss64.exe to the allow list or remove them from the component in order to prevent this behavior.

NOTE: Due diligence should be taken with IT Security staff to ensure they are informed about this component in order to reduce the risk of false positives.

Help nº- 20210108 300180 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT