Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Managing GuardPoints

Removing GuardPoints

search

We're moving!

A new home for CipherTrust documentation will be introduced on December 02, 2025! Visit https://docs-cybersec.thalesgroup.com for a preview.

Please Note:

Removing GuardPoints

GuardPoints can be unguarded (removed) from entire client groups or individual clients. When a GuardPoint is removed from a client group, the GuardPoint is automatically removed from all clients in the group.

Before Removing GuardPoints

The following preliminary steps need to be taken before removing a GuardPoint:

  • Encrypted data in a GuardPoint will still be encrypted when the GuardPoint is removed. If you are not going to reuse the GuardPoint for any reason, such as uninstalling the CTE Agent software from a client, do either of the following:

    • Copy the encrypted files out of the GuardPoint so that they are saved as unencrypted files.

    • Rekey the encrypted files while the GuardPoint is still applied.

  • Take the GuardPoint out of service so that no user or application is accessing the directories and files in the GuardPoint. A GuardPoint is a mounted file system. Removing a GuardPoint involves unmounting the file system. File systems cannot be unmounted when in use.

  • Remove all the GuardPoints and disable the locks for a client before deleting the client from the CipherTrust Manager. This ensures that there are no residual GuardPoints in effect on the client.

  • For LDT GuardPoints, refer to procedures described in the CTE-Live Data Transformation with CipherTrust Manager to ensure that the data in those GuardPoints remains available.

Removing a GuardPoint

To remove a GuardPoint:

  1. Open the Transparent Encryption application.

  2. Select the client or client group from which you want to remove the GuardPoint.

    • Click a client under the Client Name column (Clients > Clients).

    • Click a client group under the Client Group Name column (Clients > Client Groups).

  3. On the GuardPoints tab, select the GuardPoint to be removed.

  4. Click the delete icon (Delete Icon).

    Alternatively, click the overflow icon (Overflow Icon) corresponding to the desired GuardPoint, and click Unguard.

    A warning message appears stating that unguarding a GuardPoint is permanent and cannot be undone.

  5. Click Unguard to confirm the action.

    The GuardPoint status becomes Processing. While processing the GuardPoint removal:

    1. CipherTrust Manager notifies the CTE Agent that the GuardPoint is removed from the CipherTrust Manager.

    2. CTE Agent removes the mount point from the client.

    3. CTE Agent notifies the CipherTrust Manager about the GuardPoint removal.

    4. CipherTrust Manager removes the GuardPoint from the GuardPoints tab.

  6. Click the Refresh GuardPoints icon (Refresh GuardPoints Icon) to update the tab.

  7. Verify the mount points on the CTE Agent client.

    • On UNIX, run the command df or secfsd -status guard.

    • On Windows, click the Vormetric icon and View > File System > GuardPoints.

Removing Multiple GuardPoints

The CipherTrust Manager provides an option to remove/unguard multiple GuardPoints. A maximum of 200 GuardPoints can be removed at once.

To remove multiple GuardPoints:

  1. Open the Transparent Encryption application.

  2. Select the client or client group from which you want to remove the GuardPoints.

    • Click a client under the Client Name column (Clients > Clients).

    • Click a client group under the Client Group Name column (Clients > Client Groups).

  3. On the GuardPoints tab, select the GuardPoints to be removed.

    To select all GuardPoints visible on the page, select the top check box to the left of the Status heading.

  4. Click the delete icon (Delete Icon).

    A warning message appears stating that unguarding GuardPoints is permanent and cannot be undone.

  5. Click Unguard to confirm the action.

    The GuardPoint status becomes Processing. While processing the GuardPoint removal:

    1. CipherTrust Manager notifies the CTE Agent that the GuardPoint is removed from the CipherTrust Manager.

    2. CTE Agent removes the mount point from the client.

    3. CTE Agent notifies the CipherTrust Manager about the GuardPoint removal.

    4. CipherTrust Manager removes the GuardPoint from the GuardPoints tab.

  6. Click the Refresh GuardPoints icon (Refresh GuardPoints Icon) to update the tab.

  7. Verify the mount points on the CTE Agent client.

    • On UNIX, run the command df or secfsd -status guard.

    • On Windows, click the Vormetric icon and View > File System > GuardPoints.

On this page