Corrupt containers on unexpected close
Issue
When opening an encrypted container, created or modified with a recent version (from 2021.1) of ZED!, the following error message may appear:
« An alteration of the encrypted container was detected: a modification unauthorized by the creator of the container was performed or an unexpected interruption of the last modification of the
container occurred.
Current policies deny the access to open the container and retrieve any file.
Please contact your administrator. »
This anomaly impacts the following ZED! versions:
- ZEDFREE (Windows, macOS, Linux) 2021.1 and later
- ZEDPRO (Windows, macOS, Linux) 2021.1 and later
- ZED! Enterprise (macOS, Linux) 2021.1 and later
By default, the user cannot access the encrypted container's content with ZEDPRO and ZED ! Enterprise.
With ZEDFREE, he or she may only read the data, without the rights to modify it.
Explanation
This error message is due to failing the integrity check of the container when opening it, notifying that a modification was made by someone who doesn't have an access key to the container. Caution
must be taken with the security officer to read the container's files.
However, it is possible that it is a known ZED! issue, where the encrypted container is not correctly sealed after it is created or updated, because the user didn't manually close the application
window afterwards. Thus, after opening it following an unexpected close (computer reboot, shutdown, session close or brutal close of the application), the container will appear as corrupt.
Container data recovery
P234 settings
If you encounter any issue, please contact PRIM'X technical support to guide you through the data recovery procedure.
ZEDFREE allows by default to read and extract files.
To recover files on ZEDPRO and ZED! Enterprise, it is possible to set the P234 - Validity thresholds for encrypted data elements which determines if it is possible to open a
container whose integrity verification failed, using the keyword ZedIntegrityFailure.
By default, this policy prevents opening the container detected corrupt.
P234 configuration
With GPedit.msc (Windows only)
Administrative models are installed on ZEDPRO for Windows, therefore you can change its values of the policy here.
The policy can be found in category 6.3. Security, P234 - Validity thresholds for encrypted data elements.
Add the following value:
- Value name: ZedIntegrityFailure
- Value: AllowAndWarn
With the command line
To set policies, it is necessary to download the Admin Pack corresponding to your ZEDPRO version.
To modify a policy, here is the procedure:
- Extract all the Admin Pack data in a folder.
- Launch a command-line interface as administrator.
- Navigate in the folder where the files were extracted.
- Type the following command:
zedcmd mp -a:234;ZedIntegrityFailure;AllowReadOnly
In registry
An alternative to set the P234 policy to allow opening a container which was detected corrupt is to modify the registry:
- Save the following text in a file with the ".reg" extension:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\PrimX\Zed! Pro\Common\SecurityControl]
"ZedIntegrityFailure"="AllowAndWarn"
- Run the .reg file as administrator
Data Recovery
Once you've completed the previous steps, a new message will appear:
You will be able to extract the container files.
Once the data is recovered, it is highly recommended to put back the P234 policy to its default value to be able to detect containers which have actually been altered.
Either by command line:
- zedcmd.exe mp -d:234
- Then « y » to delete all the P234 values.
Or by deleting data from the registry:
HKEY_LOCAL_MACHINE\Software\Policies\PrimX\Zed! Pro\Common\SecurityControl
Bug correction
PRIM'X is currently working on a patch to prevent the unexpected close to corrupt encrypted containers.
This bug is fixed in version 2022.4 of ZEDPRO and ZEDFREE.