This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Valerio5286
Participant
‎2024-06-13 10:31 AM
Jump to solution

fde control.exe get - status result

Hello community.
I would like to know if there is documentation on the response statuses of the get-status command with the fde control tool for endpoints. I have tried to search but I can't find it, I attached an image as an example:

fdecontrol.png

It's the same result for registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Full Disk Encryption\Status\Current Boot\encryptionState = 3

Labels
Preview file
45 KB
0 Kudos
2 Solutions

Accepted Solutions
Valerio5286
Participant
‎2024-07-11 08:59 AM
Jump to solution

 

  1. HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Full Disk Encryption\Status\Current Boot\encryptionState = 3 refers to drive being encrypted with fde  (note: in case of using a recovery media it doesnt update this registry key - This is an expected behavior - sk109933 -The decryption process is performed in the preboot environment, thus the registry value in Windows will not be changed)


You may also refer to following: 

sk54740: FDE Registry Values

sk110264: How to determine that FDE installation is completed from the registry
 

Encryption State
0   Not encrypted
1   Partially encrypted
2   Encryption on all volumes
 
Encryption_X (Where X is a drive letter)
0 - 100  Percent Encrypted
 
Encryption Progress
0   Stable
1   Encrypting
2   Decrypting
 
Note: The Encryption_X key is only updated at reboot, and when reaching 25, 50, 75, and 100% of encryption for that drive.
 
Example: A machine that have just been installed and have drives undergoing encryption will have State 1 and Progress 1. During the initial encryption these will stay the same, but Encryption_X will change over time.
One that is not selected for encryption (f ex boot protection only) will be 0 and 0.
Example: A fully encrypted machine it will have State 2 and Progress 0, while Encryption_X keys will have value 100.
Example: A machine that is being decrypted (uninstalled) will have State 1 and Progress 2.
NB: All values above are listed as hexadecimal values, but are repesented by DWORDS in registry (binary). Encryption_X value of 100 is actually 0x64 (100).


View solution in original post

JonnyRabinowitz
Employee
Employee
‎2024-07-23 08:46 AM
In response to JonnyRabinowitz
Jump to solution

Following up with a copy of the section that will be updated in the user documentation and describes the fde control command and output

HTH

View solution in original post

Preview file
79 KB
7 Replies
PhoneBoy
Admin
Admin
‎2024-06-13 12:29 PM
Jump to solution

I’ll ask internally.
I would also open a TAC case, however.

0 Kudos
Valerio5286
Participant
‎2024-06-13 12:36 PM
In response to PhoneBoy
Jump to solution

Hi phone boy.

Thank you for your support, today I opened a new TAC request.

Keep in touch.

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-06-15 11:20 PM
Jump to solution

Per the following thread:
https://community.checkpoint.com/t5/Endpoint/Detecting-Check-Point-Disk-Encryption-with-NAC/m-p/2122...

encryptionState value which will contain 3 when the disk is encrypted.

Trying to see if can clarify meaning of other values

0 Kudos
Valerio5286
Participant
‎2024-07-11 08:59 AM
Jump to solution

 

  1. HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Full Disk Encryption\Status\Current Boot\encryptionState = 3 refers to drive being encrypted with fde  (note: in case of using a recovery media it doesnt update this registry key - This is an expected behavior - sk109933 -The decryption process is performed in the preboot environment, thus the registry value in Windows will not be changed)


You may also refer to following: 

sk54740: FDE Registry Values

sk110264: How to determine that FDE installation is completed from the registry
 

Encryption State
0   Not encrypted
1   Partially encrypted
2   Encryption on all volumes
 
Encryption_X (Where X is a drive letter)
0 - 100  Percent Encrypted
 
Encryption Progress
0   Stable
1   Encrypting
2   Decrypting
 
Note: The Encryption_X key is only updated at reboot, and when reaching 25, 50, 75, and 100% of encryption for that drive.
 
Example: A machine that have just been installed and have drives undergoing encryption will have State 1 and Progress 1. During the initial encryption these will stay the same, but Encryption_X will change over time.
One that is not selected for encryption (f ex boot protection only) will be 0 and 0.
Example: A fully encrypted machine it will have State 2 and Progress 0, while Encryption_X keys will have value 100.
Example: A machine that is being decrypted (uninstalled) will have State 1 and Progress 2.
NB: All values above are listed as hexadecimal values, but are repesented by DWORDS in registry (binary). Encryption_X value of 100 is actually 0x64 (100).


JonnyRabinowitz
Employee
Employee
‎2024-07-12 01:56 AM
In response to Valerio5286
Jump to solution

Many thanks for the great post. Also, driven off feedback from this post there is a corresponding update on user documentation that is in progress

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-07-23 08:46 AM
In response to JonnyRabinowitz
Jump to solution

Following up with a copy of the section that will be updated in the user documentation and describes the fde control command and output

HTH

Preview file
79 KB
Valerio5286
Participant
‎2024-07-24 11:21 AM
In response to JonnyRabinowitz
Jump to solution

Thanks for the information, Jonny, it is very valuable.

Greetings. 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events