cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identifying full-disk encrypted drives

RCorbeil
Honored Sweeper II
I'm advised that our hardware people are going to start installing Symantec Endpoint on some computers and enabling full-disk encryption. I assume that I'll be able to detect the presence of the software just like any other properly-installed applications, but I'm hoping to be able to report on the encryption status of at least the boot drive. Does anyone have experience with identifying this information?
1 ACCEPTED SOLUTION

RCorbeil
Honored Sweeper II
In case anyone else runs into this, here's what I found so far: the Symantec software creates data under HKLM\Software\Encryption Anywhere\Hard Disk\EAFS\Disk0. Specifically, it creates four comma-separated lists of drives based on their status:
  • StatusEncrypted
  • StatusDecrypted
  • StatusEncryptionInProgress
  • StatusDecryptionInProgress
(source)

Unfortunately, the EAFS branch is not initially readable, so some permission-adjusting needs to be done. (source)

There's other potentially interesting information to be found under HKLM\Software\Encryption Anywhere\Hard Disk\Client Database.

View solution in original post

1 REPLY 1

RCorbeil
Honored Sweeper II
In case anyone else runs into this, here's what I found so far: the Symantec software creates data under HKLM\Software\Encryption Anywhere\Hard Disk\EAFS\Disk0. Specifically, it creates four comma-separated lists of drives based on their status:
  • StatusEncrypted
  • StatusDecrypted
  • StatusEncryptionInProgress
  • StatusDecryptionInProgress
(source)

Unfortunately, the EAFS branch is not initially readable, so some permission-adjusting needs to be done. (source)

There's other potentially interesting information to be found under HKLM\Software\Encryption Anywhere\Hard Disk\Client Database.