Hardening Against Cold Boot Attacks

Secure encryption keys in Windows Connected Standby mode

Read Solution Brief


Drive encryption incorporates a feature to protect systems in Windows Connected Standby mode. Introduced in Windows 8, Connected Standby mode provides an iPad-like experience for both PCs and tablets. Upon pressing the power button, the device immediately responds by either entering standby mode or resuming an up-and-running state.

When a device is in Connected Standby mode, encryption keys are always in memory, creating some exposure to cold boot attacks. Someone could steal encryption keys residing in memory, making the data on the device accessible to unauthorized users. To help prevent this exposure, McAfee software removes the key from memory and places it in a secure area on Intel hardware when the system is going into Connected Standby mode. The sequence is reversed when the device comes out of Connected Standby mode.

Key Benefits

  • Protects Microsoft Windows 8 laptops, tablets, and desktop PCs.
  • Provides transparent security that does not require any action from the end user.
  • Leverages the McAfee ePolicy Orchestrator (McAfee ePO) console, the same software used to deploy and manage all McAfee encryption products.

Related Products

Enable data protection with drive, file, folder, removable media encryption, and data protection for cloud storage. This suite includes data encryption integrated with centralized management and encryption for Apple FileVault and Microsoft BitLocker to prevent unauthorized access and loss or theft of sensitive data.

Learn More >

Block unauthorized access to your sensitive information and prevent exfiltration—anytime, anywhere. Strong encryption, DLP, policy-driven security, management of Apple FileVault and Microsoft BitLocker native encryption, and data protection for cloud storage combine with a centralized management platform in our most robust data protection suite.

Learn More >