Re: Detecting Check Point Disk Encryption with NAC

Mike-H · ‎2024-04-23

Hello,

We're in the process of deploying a NAC solution, and would it to flag machines with/without check point disk encryption, installed via Check Point Endpoint.

Are there any "markers" we could check for to confirm the disk is encrypted? (Reg keys, services, log files in folders etc)

Thanks

Mike

PhoneBoy · ‎2024-04-23

There are two ways to encrypt the disk: with Bitlocker or with our own implementation.
Our own implementation will have a unique boot partition (our pre-boot environment).

Mike-H · ‎2024-04-23

Thanks,

We're migrating away from Bitlocker, and over to the CP Implementation. I'll see if we can do something to check for the partition.

yuris · ‎2024-04-24

Hello Mike,
Encryption status easy to see in Endpoint UI on client and on management server as well.
Can you please clarify your request?
What exactly you mean when you say "markers"? Are you want to check for encryption status programmatically or from script?
Thanks,
Yuri

Mike-H · ‎2024-04-25

Hi Yuris,

You're correctly, we're aiming to check encryption status pragmatically via a script. This is to surface any devices which are not yet encrypted and flag them as at risk.

Thanks

Mike

yuris · ‎2024-04-25

Hi Mike,

One of the possible options is to run client side utility called fdecontrol.exe and get-status command line parameter and check output for encryptionState value which will contain 3 when the disk is encrypted.

Thanks,
Yuri

Mike-H · ‎2024-04-26

Thank you Yuris,

We will give that a go and feedback.

Valerio5286 · ‎2024-06-10

Hi Yuris.

Is there documentation where I can consult the meaning of each of the get-status responses?

Thanks.

Are you a member of CheckMates?

Detecting Check Point Disk Encryption with NAC