What is: Encrypting File System ‘efs’

Kevin ArrowsUpdated on March 10, 2023
Kevin is a certified Network Engineer

A lot of Windows 10 users are facing the issue of Encrypting File System Popups. Usually, seeing an Encrypting File System popup shouldn’t be an issue since the purpose of the popup is to simply remind the user to back up their encrypted files. The issue here is that users who haven’t encrypted any of their files and haven’t used bitlocker or any other encryption software. In fact, a lot of users are seeing this popup on a freshly installed Windows 10.

What is Encrypting File system?

Encrypting File System (EFS) is a Windows built-in feature that lets users encrypt their important files to help keep the files safe from any intruders. This file encryption technology can be used on NTFS volumes. Usually, there isn’t any difference for the user who encrypted the file in using an encrypted file. The file will automatically be decrypted before opening and the encryption will be reapplied when the owner closes or stops using the encrypted file. So, the Windows EFS provides a seamless way of encrypting your important files and sensitive information.

What causes the EFS pop ups?

The main purpose of this prompt is to remind you to backup your encrypted files. If you are seeing the popups and you haven’t encrypted any files then the reasons might be:

  • You might have downloaded an already encrypted file from the internet that might have triggered this popup issue. This is the most likely reason if the popups started appearing all of a sudden.
  • You installed a software/application and it created a certain encrypted file during the installation process.
  • Your system is compromised by a Trojan that has forcefully encrypted your files or it already came up with its file encrypted.

Method 1: Check Which Files Are Encrypted

The easiest and the most common solution is to simply check if you have encrypted files on your system. If you do find some encrypted files then you can simply check when they were created and which application they belong to. You can then simply decide whether to keep the files/certificates or delete them. Follow the steps given below to locate the encrypted files on your system.

  1. Press Windows key once
  2. Type command prompt in the Start Search bar
  3. Right click command prompt from the results and select Run as administrator

  1. Type CIPHER.EXE /U /N and press Enter. Note: This command might take a while. It might seem that command prompt is stuck but just wait a while.

Once you see the list of encrypted files, navigate to their locations and check if the file was created by you or something else. You can look at the time of creation or the associated application. If you don’t see anything suspicious then simply delete the file. You can also just decrypt the file and the popup will stop appearing. You can decrypt the file by right clicking and select File Ownership > Personal or Right click > Properties > General > Advanced > Uncheck Encrypt contents to secure data > Ok.

On the other hand, if you do notice something suspicious or do you feel like the file was created on its own then we will suggest a full PC scan. You can use any anti-virus application and perform a full system scan to make sure there isn’t anything harmful on your system.

Method 2: Use Certificate Manager

You can use the certificate manager to have a look at the certificates created on your system. These certificates can automatically be created by other applications during the installation period and cause this popup to trigger. Once you locate these certificates, simply delete them and you should be good to go. Follow the steps given below to locate these certificates.

  1. Hold Windows key and press R
  2. Type certmgr.msc and press enter

  1. Double click Personal from the left pane
  2. Select Certificates and check if there are any certificates listed on the right pane. If there are and the timing of their creation doesn’t look suspicious (you can look at the Issues By section to check which application issued the certificate) then simply right click and select Delete. You can also just leave the certificate their and backup the certificate when the popup appears again. Delete the certificate only if you are sure. The purpose of this is the to check whether the encrypted file is legitimate or not.

  1. Now, locate and double click Trusted People from the left pane
  2. Select Certificates and check if there are any certificates listed on the right pane. If there are and the timing of their creation doesn’t look suspicious (you can look at the Issues By section to check which application issued the certificate) then simply right click and select Delete. You can also just leave the certificate their and backup the certificate when the popup appears again. Delete the certificate only if you are sure. The purpose of this is the to check whether the encrypted file is legitimate or not.

Once done, you should be good to go.

Kevin ArrowsUpdated on March 10, 2023
Kevin is a certified Network Engineer
ABOUT THE AUTHOR
Photo of Kevin Arrows

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.