Laptops: No Encryption ()

sukaitsu · ‎12-10-2014

The report below lists Windows computers that are missing hard drive encryption. Not all of the Hard drive encryption vendors show up in add/remove programs. You will need to setup some custom file and registry scans to cover particular vendors.

The report will only list assets that meet all of the following criteria:

Asset is a Laptop, Notebook, or Portable
Bitlocker Encryption
McAfee Encryption v4,v5,v6, and v7
Hard drive Encryption Status (Via WMI)

Custom Scanning - File Scanning

%programfiles%\mcafee\eepc\sbsetup.exe
%programfiles(x86)%\mcafee\eepc\sbsetup.exe
%programfiles%\McAfee\Endpoint Encryption\EpePcMonitor.exe
%programfiles(x86)%\McAfee\Endpoint Encryption\EpePcMonitor.exe

Custom Scanning - Registry Scanning

Rootkey: HKEY_LOCAL_MACHINE
RegPath: SOFTWARE\SafeBoot International\SafeBoot Device Encryption
Value: ClientDir

Rootkey: HKEY_LOCAL_MACHINE
Regpath: SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EEADMIN_1000
Value: InstallDir

Select Top 1000000 A1.AssetID,
  A1.AssetName,
  A1.Domain,
  tblAssetCustom.Model,
  tblEncryptableVolume.DriveLetter,
  Case When tblEncryptableVolume.ProtectionStatus = 0 Then 'Off'
    When tblEncryptableVolume.ProtectionStatus = 1 Then 'On'
  End As [Protection Status],
  Upper(A1.Userdomain + '\' + A1.Username) As [Last User],
  tblADusers.Name,
  tblADusers.email,
  tblADusers1.Name As Manager,
  A1.Lastseen
From tblAssets As A1
  Inner Join tblAssetCustom On A1.AssetID = tblAssetCustom.AssetID
  Inner Join tblSystemEnclosure On A1.AssetID = tblSystemEnclosure.AssetID
  Inner Join TsysChassisTypes On tblSystemEnclosure.ChassisTypes =
    TsysChassisTypes.Chassistype
  Left Outer Join tblEncryptableVolume
    On A1.AssetID = tblEncryptableVolume.AssetId
  Inner Join tblADusers On tblADusers.Username = A1.Username And
    tblADusers.Userdomain = A1.Userdomain
  Left Outer Join tblADusers tblADusers1 On tblADusers1.ADObjectID =
    tblADusers.ManagerADObjectId
Where A1.AssetID Not In (Select tblRegistry.AssetID From tblRegistry
  Where A1.AssetID = tblRegistry.AssetID And tblRegistry.Regkey Like
    '%\SOFTWARE\SafeBoot International\SafeBoot Device Encryption') And
  A1.AssetID Not In (Select tblSoftware.AssetID
  From tblSoftware Join tblSoftwareUni On tblSoftwareUni.SoftID =
      tblSoftware.softID Left Outer Join tblEncryptableVolume
      On tblEncryptableVolume.AssetId = tblSoftware.AssetID
  Where tblSoftwareUni.softwareName Like 'MBAM%' And
    tblEncryptableVolume.ProtectionStatus = 1) And
  A1.AssetID Not In (Select tblSoftware.AssetID
  From tblSoftware Join tblSoftwareUni On tblSoftwareUni.SoftID =
      tblSoftware.softID Left Outer Join tblEncryptableVolume
      On tblEncryptableVolume.AssetId = tblSoftware.AssetID
  Where tblSoftwareUni.softwareName Like 'MDOP MBAM%' And
    tblEncryptableVolume.ProtectionStatus = 1) And
  A1.AssetID Not In (Select tblSoftware.AssetID
  From tblSoftware Join tblSoftwareUni On tblSoftwareUni.SoftID =
      tblSoftware.softID
  Where tblSoftwareUni.softwareName Like 'McAfee Agent%') And
  A1.AssetID Not In (Select tblFileVersions.AssetID From tblFileVersions
  Where A1.AssetID = tblFileVersions.AssetID And tblFileVersions.FilePathfull
    Like '%sbsetup.exe' And tblFileVersions.Found = 1) And
  A1.AssetID Not In (Select tblFileVersions.AssetID From tblFileVersions
  Where A1.AssetID = tblFileVersions.AssetID And tblFileVersions.FilePathfull
    Like '%EpePcMonitor.exe' And tblFileVersions.Found = 1) And
  (tblEncryptableVolume.DriveLetter Like '[C-D]:' Or
    tblEncryptableVolume.DriveLetter Is Null) And
  (tblEncryptableVolume.ProtectionStatus = 0 Or
    tblEncryptableVolume.ProtectionStatus Is Null) And
  (TsysChassisTypes.ChassisName = 'Laptop' Or TsysChassisTypes.ChassisName =
    'Notebook' Or TsysChassisTypes.ChassisName = 'Portable') And
  tblAssetCustom.State = '1'
Order By A1.AssetName

Thank you,

Jeffrey

Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com

Archive

New to Lansweeper?

Try Lansweeper For Free