Encrypting the Pagefile

In high-secure environments the Windows system pagefile may pose a risk to confidentiality and integrity of sensitive data. Sensitive data may still reside in the system pagefile which can be exfiltrated by attackers with the help of specialized tools. In such high-security scenarios, one would need to take the proper measures to safeguard systems pagefiles.

Although, the best approach to safeguard your system files from unauthorized access is to encrypt the system partition, there is a quick and easy way to encrypt just the pagefile without deploying any software. You can achieve this by modifying a register value called NtfsEncryptPagingFile and this triggers a mechanism that uses a temporary key to encrypt the pagefile. The key is discarded at shutdown which makes it even harder for attackers to try and decrypt the scrambled pagefile.

To start the registry editor, type regedit in the Start menu search text box and press enter.

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

REG_DWORD (32-bit) Value name: NtfsEncryptPagingFile

Value: 1 (1=enable, 0=disable)

Note that pagefile encryption is not enabled by default on Windows 7.

A word of caution – incorrectly editing the registry may severely damage your system. The above modifications are intended for Windows advanced users who are familiar with the registry editor. Users are also reminded to back up the registry before making any critical changes.