
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-10-2014 03:17 PM
The report below lists Windows computers that are missing hard drive encryption. Not all of the Hard drive encryption vendors show up in add/remove programs. You will need to setup some custom file and registry scans to cover particular vendors.
The report will only list assets that meet all of the following criteria:
Custom Scanning - File Scanning
%programfiles%\mcafee\eepc\sbsetup.exe
%programfiles(x86)%\mcafee\eepc\sbsetup.exe
%programfiles%\McAfee\Endpoint Encryption\EpePcMonitor.exe
%programfiles(x86)%\McAfee\Endpoint Encryption\EpePcMonitor.exe
Custom Scanning - Registry Scanning
Rootkey: HKEY_LOCAL_MACHINE
RegPath: SOFTWARE\SafeBoot International\SafeBoot Device Encryption
Value: ClientDir
Rootkey: HKEY_LOCAL_MACHINE
Regpath: SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EEADMIN_1000
Value: InstallDir
Thank you,
Jeffrey
The report will only list assets that meet all of the following criteria:
- Asset is a Laptop, Notebook, or Portable
- Bitlocker Encryption
- McAfee Encryption v4,v5,v6, and v7
- Hard drive Encryption Status (Via WMI)
Custom Scanning - File Scanning
%programfiles%\mcafee\eepc\sbsetup.exe
%programfiles(x86)%\mcafee\eepc\sbsetup.exe
%programfiles%\McAfee\Endpoint Encryption\EpePcMonitor.exe
%programfiles(x86)%\McAfee\Endpoint Encryption\EpePcMonitor.exe
Custom Scanning - Registry Scanning
Rootkey: HKEY_LOCAL_MACHINE
RegPath: SOFTWARE\SafeBoot International\SafeBoot Device Encryption
Value: ClientDir
Rootkey: HKEY_LOCAL_MACHINE
Regpath: SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EEADMIN_1000
Value: InstallDir
Select Top 1000000 A1.AssetID,
A1.AssetName,
A1.Domain,
tblAssetCustom.Model,
tblEncryptableVolume.DriveLetter,
Case When tblEncryptableVolume.ProtectionStatus = 0 Then 'Off'
When tblEncryptableVolume.ProtectionStatus = 1 Then 'On'
End As [Protection Status],
Upper(A1.Userdomain + '\' + A1.Username) As [Last User],
tblADusers.Name,
tblADusers.email,
tblADusers1.Name As Manager,
A1.Lastseen
From tblAssets As A1
Inner Join tblAssetCustom On A1.AssetID = tblAssetCustom.AssetID
Inner Join tblSystemEnclosure On A1.AssetID = tblSystemEnclosure.AssetID
Inner Join TsysChassisTypes On tblSystemEnclosure.ChassisTypes =
TsysChassisTypes.Chassistype
Left Outer Join tblEncryptableVolume
On A1.AssetID = tblEncryptableVolume.AssetId
Inner Join tblADusers On tblADusers.Username = A1.Username And
tblADusers.Userdomain = A1.Userdomain
Left Outer Join tblADusers tblADusers1 On tblADusers1.ADObjectID =
tblADusers.ManagerADObjectId
Where A1.AssetID Not In (Select tblRegistry.AssetID From tblRegistry
Where A1.AssetID = tblRegistry.AssetID And tblRegistry.Regkey Like
'%\SOFTWARE\SafeBoot International\SafeBoot Device Encryption') And
A1.AssetID Not In (Select tblSoftware.AssetID
From tblSoftware Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblSoftware.softID Left Outer Join tblEncryptableVolume
On tblEncryptableVolume.AssetId = tblSoftware.AssetID
Where tblSoftwareUni.softwareName Like 'MBAM%' And
tblEncryptableVolume.ProtectionStatus = 1) And
A1.AssetID Not In (Select tblSoftware.AssetID
From tblSoftware Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblSoftware.softID Left Outer Join tblEncryptableVolume
On tblEncryptableVolume.AssetId = tblSoftware.AssetID
Where tblSoftwareUni.softwareName Like 'MDOP MBAM%' And
tblEncryptableVolume.ProtectionStatus = 1) And
A1.AssetID Not In (Select tblSoftware.AssetID
From tblSoftware Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblSoftware.softID
Where tblSoftwareUni.softwareName Like 'McAfee Agent%') And
A1.AssetID Not In (Select tblFileVersions.AssetID From tblFileVersions
Where A1.AssetID = tblFileVersions.AssetID And tblFileVersions.FilePathfull
Like '%sbsetup.exe' And tblFileVersions.Found = 1) And
A1.AssetID Not In (Select tblFileVersions.AssetID From tblFileVersions
Where A1.AssetID = tblFileVersions.AssetID And tblFileVersions.FilePathfull
Like '%EpePcMonitor.exe' And tblFileVersions.Found = 1) And
(tblEncryptableVolume.DriveLetter Like '[C-D]:' Or
tblEncryptableVolume.DriveLetter Is Null) And
(tblEncryptableVolume.ProtectionStatus = 0 Or
tblEncryptableVolume.ProtectionStatus Is Null) And
(TsysChassisTypes.ChassisName = 'Laptop' Or TsysChassisTypes.ChassisName =
'Notebook' Or TsysChassisTypes.ChassisName = 'Portable') And
tblAssetCustom.State = '1'
Order By A1.AssetName
Thank you,
Jeffrey
Thank you,
Jeffrey Smith
Enterprise Applications Security
(319) 499-6310
JefSmith@geico.com
Labels:
- Labels:
-
Finished Reports
-
Report Center
0 REPLIES 0
