By default, files encrypted by Microsoft’s EFS (encrypted file system) and Bitlocker will be decrypted to plain text and then encrypted using your backup encryption key.   This is so that you can restore these files on any machine/operating system (assuming you have the backup/restore encryption key) and you can take full advantage of the backup client’s block differential and compression methods to save you backup time and vault storage space.  There is a new INI setting (also configurable on the Expert tab in the user interface) called doubleencrypt released in version  When doubleencrypt is activated, the backup client will use the Microsoft-specific API for backing up and restoring EFS encrypted files in their already encrypted state.  The ramifications of this are you’ll need to have pre-configured EFS on the machine to restore to, and you should expect that there to be zero savings with the backup client’s block differential and compression methods.  If using doubleencrypt  be sure to follow all instructions for EFS (or your third party encryption application) including backing up your EFS certificate and restoring EFS certificate and configuring EFS first on a new machine before restoring files — this is beyond the scope of our technical support organization can provide you so doubleencrypt should only be used by experts.  See the following link for additional information: