- HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Full Disk Encryption\Status\Current Boot\encryptionState = 3 refers to drive being encrypted with fde (note: in case of using a recovery media it doesnt update this registry key - This is an expected behavior - sk109933 -The decryption process is performed in the preboot environment, thus the registry value in Windows will not be changed)
You may also refer to following:
sk54740: FDE Registry Values
sk110264: How to determine that FDE installation is completed from the registry
Encryption State
0 Not encrypted
1 Partially encrypted
2 Encryption on all volumes
Encryption_X (Where X is a drive letter)
0 - 100 Percent Encrypted
Encryption Progress
0 Stable
1 Encrypting
2 Decrypting
Note: The Encryption_X key is only updated at reboot, and when reaching 25, 50, 75, and 100% of encryption for that drive.
Example: A machine that have just been installed and have drives undergoing encryption will have State 1 and Progress 1. During the initial encryption these will stay the same, but Encryption_X will change over time.
One that is not selected for encryption (f ex boot protection only) will be 0 and 0.
Example: A fully encrypted machine it will have State 2 and Progress 0, while Encryption_X keys will have value 100.
Example: A machine that is being decrypted (uninstalled) will have State 1 and Progress 2.
NB: All values above are listed as hexadecimal values, but are repesented by DWORDS in registry (binary). Encryption_X value of 100 is actually 0x64 (100).
