Files are corrupted after you encrypt them with ECC certificates by using the EFS feature in Windows 7 or in Windows Server 2008 R2 (2024)

Symptoms

Issue 1

Consider the following scenario:

You encrypt the Favorites folder (%userprofile%/Favorites) with an Elliptic curve cryptography (ECC) certificate by using the Encrypting Files System (EFS) feature on a computer that is running Windows 7 or Windows Server 2008 R2.
You add a webpage that has a shortcut icon (favicon.ico) to the Favorites folder.
You restart the computer.

In this scenario, some characters in the webpage file of the webpage that you added are displayed incorrectly. Additionally, you cannot access the webpage through the file in the Favorites folder.

Issue 2

Consider the following scenario:

You encrypt two files with ECC certificates by using the EFS feature on a computer that is running Windows 7 or Windows Server 2008 R2.
You copy one of the files, and then you paste the file that you copied to overwrite the other file.
You restart the computer.

In this scenario, the file that you overwrote is corrupted.

Cause

The EFS encryption feature encrypts file data in chunks of 512 bytes, and each chunk has a 16-byte initialization vector (IV). The Advanced Encryption Standard (AES) cipher algorithm in the Cipher Block Chaining (CBC) mode is used for encryption. These issues occur because the first 16 bytes of every 512-byte chunk are corrupted during encryption.

Resolution

Hotfix information

How to obtain this hotfix

This hotfix is available from the Microsoft Update website:

http://update.microsoft.comThe following files are available for download from the Microsoft Download Center:

Operating system	Update
All supported x86-based versions of Windows 7	Download the update package now.
All supported x64-based versions of Windows 7	Download the update package now.
All supported x64-based versions of Windows Server 2008 R2	Download the update package now.
All supported IA-64-based versions of Windows Server 2008 R2	Download the update package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this hotfix, you must be running one of the following operating systems:

Windows 7
Windows 7 Service Pack 1 (SP1)
Windows Server 2008 R2
Windows Server 2008 R2 Service Pack 1 (SP1)

For more information about how to obtain a Windows 7 or Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2

Registry information

To apply this hotfix, you do not have to make any changes to the registry.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows 7 and Windows Server 2008 R2 file information notes

Important Windows 7 hotfixes and Windows Server 2008 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 7/Windows Server 2008 R2" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.

The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

Version

Product

Milestone

Service branch

6.1.760
0.21xxx

Windows 7 and Windows Server 2008 R2

RTM

LDR

6.1.760
1.17xxx

Windows 7 and Windows Server 2008 R2

SP1

GDR
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows 7 and for Windows Server 2008 R2" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

Version	Product	Milestone	Service branch
6.1.760 0.21xxx	Windows 7 and Windows Server 2008 R2	RTM	LDR
6.1.760 1.17xxx	Windows 7 and Windows Server 2008 R2	SP1	GDR

For all supported x86-based versions of Windows 7

File name	File version	File size	Date	Time	Platform
Ntfs.sys	6.1.7600.17119	1,210,736	31-Aug-2012	17:21	x86
Ntfs.sys	6.1.7600.21316	1,210,736	31-Aug-2012	17:20	x86
Ntfs.sys	6.1.7601.17945	1,211,760	31-Aug-2012	17:18	x86
Ntfs.sys	6.1.7601.22104	1,212,272	31-Aug-2012	17:01	x86

For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2

File name	File version	File size	Date	Time	Platform
Ntfs.sys	6.1.7600.17119	1,656,688	31-Aug-2012	18:02	x64
Ntfs.sys	6.1.7600.21316	1,680,240	31-Aug-2012	18:19	x64
Ntfs.sys	6.1.7601.17945	1,659,760	31-Aug-2012	18:19	x64
Ntfs.sys	6.1.7601.22104	1,687,408	31-Aug-2012	17:57	x64

For all supported IA-64-based versions of Windows Server 2008 R2

File name	File version	File size	Date	Time	Platform
Ntfs.sys	6.1.7600.17119	3,553,648	31-Aug-2012	17:02	IA-64
Ntfs.sys	6.1.7600.21316	3,553,648	31-Aug-2012	17:09	IA-64
Ntfs.sys	6.1.7601.17945	3,556,208	31-Aug-2012	16:54	IA-64
Ntfs.sys	6.1.7601.22104	3,557,232	31-Aug-2012	16:46	IA-64

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information

Additional file information for Windows 7 and for Windows Server 2008 R2

Additional files for all supported x86-based versions of Windows 7

File name	X86_17f4b32e327330a2fd2ea33d07dbefec_31bf3856ad364e35_6.1.7600.21316_none_397959f6c0050407.manifest
File version	Not applicable
File size	692
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	X86_3224d4367283c12e1df948df721ba0e7_31bf3856ad364e35_6.1.7600.17119_none_6d1d4b39a07876ae.manifest
File version	Not applicable
File size	692
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	X86_e3073b3081ed777af47bf209f7550ea4_31bf3856ad364e35_6.1.7601.22104_none_4814395731906c71.manifest
File version	Not applicable
File size	692
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	X86_e468c7e9bdf07a234cff8bca053d9561_31bf3856ad364e35_6.1.7601.17945_none_54310e4c44ec2354.manifest
File version	Not applicable
File size	692
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	X86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a69715e87e02f01c.manifest
File version	Not applicable
File size	14,508
Date (UTC)	31-Aug-2012
Time (UTC)	17:38
Platform	Not applicable

File name	X86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71db3bb97234108.manifest
File version	Not applicable
File size	14,508
Date (UTC)	31-Aug-2012
Time (UTC)	17:36
Platform	Not applicable

File name	X86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464.manifest
File version	Not applicable
File size	14,508
Date (UTC)	31-Aug-2012
Time (UTC)	18:56
Platform	Not applicable

File name	X86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55.manifest
File version	Not applicable
File size	14,508
Date (UTC)	31-Aug-2012
Time (UTC)	17:23
Platform	Not applicable

Additional files for all supported x64-based versions of Windows 7 and of Windows Server 2008 R2

File name	Amd64_044f76ed3d5c810a899826463f9c84e8_31bf3856ad364e35_6.1.7600.21316_none_f92a8d43de62fa91.manifest
File version	Not applicable
File size	696
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Amd64_7fc780bf6a7dd7a2fce0384108b295b5_31bf3856ad364e35_6.1.7601.17945_none_56cdf7fd7eeb0060.manifest
File version	Not applicable
File size	696
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Amd64_8582a74e88483421d7f591f0f3ea5a06_31bf3856ad364e35_6.1.7600.17119_none_6efbfc795beb1c27.manifest
File version	Not applicable
File size	696
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Amd64_e304853851ed4ac79ce5221e486990c1_31bf3856ad364e35_6.1.7601.22104_none_08b017440c5ca821.manifest
File version	Not applicable
File size	696
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_02b5b16c36606152.manifest
File version	Not applicable
File size	14,514
Date (UTC)	31-Aug-2012
Time (UTC)	18:38
Platform	Not applicable

File name	Amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_033c4f3f4f80b23e.manifest
File version	Not applicable
File size	14,514
Date (UTC)	31-Aug-2012
Time (UTC)	18:43
Platform	Not applicable

File name	Amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a.manifest
File version	Not applicable
File size	14,514
Date (UTC)	31-Aug-2012
Time (UTC)	18:42
Platform	Not applicable

File name	Amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b.manifest
File version	Not applicable
File size	14,514
Date (UTC)	31-Aug-2012
Time (UTC)	18:21
Platform	Not applicable

Additional files for all supported IA-64-based versions of Windows Server 2008 R2

File name	Ia64_23c0310ba068846ed9616a8a9a185732_31bf3856ad364e35_6.1.7601.17945_none_2f225afab6589b42.manifest
File version	Not applicable
File size	694
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Ia64_2a0afb03db9b0f87c61e0862bd14fb2d_31bf3856ad364e35_6.1.7600.21316_none_603be0ac0364d82f.manifest
File version	Not applicable
File size	694
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Ia64_2bd5c500da68d61c8634f2b449ded802_31bf3856ad364e35_6.1.7601.22104_none_0fee982f603085d6.manifest
File version	Not applicable
File size	694
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Ia64_999be73f05927d9174338976f9c75948_31bf3856ad364e35_6.1.7600.17119_none_a23b3e42345bfa67.manifest
File version	Not applicable
File size	694
Date (UTC)	02-Sep-2012
Time (UTC)	08:13
Platform	Not applicable

File name	Ia64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a698b9de7e00f918.manifest
File version	Not applicable
File size	14,511
Date (UTC)	31-Aug-2012
Time (UTC)	18:36
Platform	Not applicable

File name	Ia64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71f57b197214a04.manifest
File version	Not applicable
File size	14,511
Date (UTC)	31-Aug-2012
Time (UTC)	18:36
Platform	Not applicable

File name	Ia64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a85acfbc7b431d60.manifest
File version	Not applicable
File size	14,511
Date (UTC)	31-Aug-2012
Time (UTC)	18:27
Platform	Not applicable

File name	Ia64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90e840f94416751.manifest
File version	Not applicable
File size	14,511
Date (UTC)	31-Aug-2012
Time (UTC)	18:12
Platform	Not applicable

Files are corrupted after you encrypt them with ECC certificates by using the EFS feature in Windows 7 or in Windows Server 2008 R2 (2024)

FAQs

How to open an EFS encrypted file? ›

The EFS encrypted files have a lock displayed on the icon. To unlock these files, all you need to do is to log into your computer using the password. The contents of a pfx file can be viewed in the GUI by right-clicking the PFX file and selecting Open (instead of the default action, Install).

Read On ›

How do I encrypt files with EFS? ›

Encrypt a File or Folder with EFS

Start Microsoft Explorer.
Insert your smart card.
Select the file or the folder to encrypt.
Update your file or folder properties to enable encryption (click Advanced and then select the Encrypt contents to secure data option).
Enter your smart card PIN and click OK.

Discover More Details ›

What is EFS encrypted files? ›

Encrypting File System provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS. EFS is a functionality of New Technology File System (NTFS) and is built into a device via the OS.

What purpose is encrypting file system EFS primarily for on a Windows machine? ›

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

See Details ›

How do I recover files from EFS? ›

Restore an EFS file system using AWS Backup

Navigate to the backup vault that you selected in the backup plan. Then, select the latest completed backup. To restore the file system, choose the recovery point ARN, and then select the Restore button.

Find Out More ›

How to remove EFS encryption from files? ›

Right-click on the Desktop folder and select Properties. Go to the General tab and click Advanced. Untick that option “Encrypt contents to secure data” and click OK. Hope above information can help you.

Tell Me More ›

How do I encrypt an EFS folder? ›

To Decrypt Folder in Advanced Attributes

Right click or press and hold on a folder you want to decrypt, and click/tap on Properties.
In the General tab, click/tap on the Advanced button. ( ...
Uncheck the Encrypt contents to secure data box, and click/tap on OK. ( ...
Click/tap on OK. (

More items...

Feb 13, 2017

Show Me More ›

Which command line tool encrypts files using EFS? ›

Encrypt File or Folder Using Command Prompt

To encrypt a folder, type the following command: cipher /e "the full path to your folder" . To encrypt a folder with subfolders and files, type: cipher /e /s:"the full path to your folder" . To encrypt a single file, run the command cipher /e "the full path to the file" .

Explore More ›

How do I manually encrypt a file? ›

How to encrypt a file

Right-click (or press and hold) a file or folder and select Properties.
Select the Advanced button and select the Encrypt contents to secure data check box.
Select OK to close the Advanced Attributes window, select Apply, and then select OK.

How do I access files from EFS? ›

To access your file system, you mount the file system on an Amazon EC2 Linux-based instance using the standard Linux mount command and the file system's DNS name. To simplify accessing your EFS file systems, we recommend using the EFS mount helper utility.

Show Me More ›

Is Windows EFS safe? ›

The Encrypted File System, or EFS, provides an additional level of security for files and directories. It provides cryptographic protection of individual files on NTFS file system volumes using a public-key system.

Read The Full Story ›

What file system does EFS use? ›

Amazon EFS supports Network File System (NFS) versions 4.0 and 4.1 (NFSv4) protocol, and control access to files through Portable Operating System Interface (POSIX) permissions.

See Details ›

Can EFS be used with Windows? ›

Access EFS via Windows Subsystem for Linux

Windows now includes a subsystem that runs Linux at the same time as Windows. You can use it to mount the EFS volume as a folder accessible to Windows: sudo mount -t nfs4 -o rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport MY_IP_ADDRESS:/ efs.

Get More Info Here ›

What is Windows EFS abuse? ›

Encrypting File System (EFS) is a Microsoft Windows feature that's available in Windows operating systems. EFS allows encryption of files on a per-user basis. Signature 6148 detects abuse of the EFS feature by an attacker to gain control over user data. Signature 6148 restricts the deletion of encryption key files.

Which types of files cannot be encrypted? ›

2 Answers. No, any data can be encrypted. There are some types of data it doesn't make much sense to encrypt (e.g. data which is already encrypted), but there is nothing that inherently prevents you from doing it. Remember that most encryption algorithms don't work on files internally - they work on streams of bits.

How do I open a file that is encrypted? ›

If you've used EFS or third-party software to encrypt a file, you may be able to unlock it using the file's properties.

Right-click on the file in “File Explorer”;
Select “Advanced”;
then uncheck the “Encrypt content in protected data” checkbox.

View Details ›

How do I read an EFS file? ›

To simplify accessing your Amazon EFS file systems, we recommend using the Amazon EFS mount helper utility. Once mounted, you can work with the files and directories in your file system like you would with a local file system.

How do I open an encrypted SSA CD? ›

Opening the CD-ROM

Insert the CD into your computer's disk drive. If using Windows, go to “My Computer”; select the disk drive to display the contents of the CD.
Double-click on the pme.exe file located on the CD.
You will be asked to enter an Account Name and Password.

Learn More ›

Can you open an encrypted file without a password? ›

If you want to decrypt files, the certificate or password is indispensable. If you haven't exported and backed up the file encryption certificate before or if you have forgotten the password, you cannot decrypt encrypted files if you have done one of the following: Reinstalling Windows OS.

Discover More Details ›