Skip to main content
Matrix42 Self-Service Help Center

FDE Status Query

FDE Status Query

Use the FDE status query module of the Control Center to identify the status of a hard disk protected by the Matrix42 Full Disk Encryption. The following information can be identified:

  • Status of the installation
  • Status of the boot protection
  • Encryption status of the drives

This module can also be used transparently by administrators to log (and consequently audit) the status of the Matrix42 Full Disk Encryption.

FDE status query GUI

The FDE status query GUI is an easy and quick way to view information about the status of the local Matrix42 Full Disk Encryption installation. Every time the FDE Status Query application is started, it will generate an entry in the log file NBSTATUS.LOG, by default located directly under the C: drive. The name and location of the log file can be changed (see FDE query log file).

Follow the steps below to query the status of the Matrix42 Full Disk Encryption installation on your computer:

  • Open the Control Center (as described in section 1.5).FDE Status Query
  • Double-click the FDE Status Query icon.

clipboard_eb75337f4df265f5b8fb7ec54049f1fd4.png

  • The following dialog appears:

clipboard_ed33acdb15bb3f125f0de25cd79f44ad4.png

  • The application automatically gathers and displays information about the Matrix42 Full Disk Encryption installation on your computer. This dialog displays the encryption status of the first six partitions. If there are more than six drives available, the sum of the values is displayed.
  • The dialog displays the following FDE characteristics: 
Characteristic Details

Product installed

Is Matrix42 Full Disk Encryption installed?

NOTE: Matrix42 Full Disk Encryption may be installed but is not yet active.

Boot security installedz

Is boot security installed? In other words, is the FDE component active?

TPM Protection activated

Shows the status of the TPM protection for Matrix42 Full Disk Encryption.

Encrypted drives

The total number of encrypted partitions on the hard disk.

Unencrypted drives

The total number of unencrypted partitions on the hard disk.

Partly encrypted drives

The total number of partitions on the hard disk that have only been partly encrypted. This may be due to a loss of power during the encryption of a partition.                                          

Drive (x)

Encryption status for a specific partition: fully encrypted, just used sectors, or unencrypted.

The icons you may encounter in the status dialog have the following meaning:

Icon Description
clipboard_ee75097b22d5aa8c34ced4c611307fe1b.png Yes / OK / Active.
clipboard_e83baf7018a2406b6e4f4261d36c28726.png No / Not OK / Not enabled.
clipboard_e48e675b15203d1029eba57a7745f03e2.png Drive unencrypted.
clipboard_e7f66f5a53b0ed4494b1e48fb681b2d81.png Drive encrypted.
clipboard_ebd9db0868c3cd971f844516592a9a17c.png Encryption status of drive cannot be determined.
clipboard_eb3f404d27d1864c0f422892bc9a87318.png Activating or activation error (TPM only).

Status query via the command line

The command line functionality for the status query application is primarily for administrators that need frequent information about the status of the Matrix42 Full Disk Encryption installations in the company. When the command line syntax is executed, it will generate an entry in the log file NBSTATUS.LOG, by default located directly under the C: drive. The name and location of the log file can be changed (for details, see FDE query log file).

Follow these steps to start a status query via the command line:

  • Open a Command Prompt window.
  • The Command window opens.
  • To start the application, enter the following string in the Command window: nbstatus [-NOGUI]
Command line option Details

-NOGUI

Hide the GUI. The current status is written to the log file and provided as return value. If you do not enter this option, the GUI will be displayed.
  • Example: C:\WINDOWS\NAC\nbstatus –nogui

FDE query log file

This section details how to interpret log file entries as well as how to define a log file path.

Log file interpreation

The Nbstatus application, via GUI or command line, updates the log file each time it is execution. When opened, a typical log file entry appears as follows:

Error status = 0
Driver letter = C
Encrypt status = 0x1
Algorithm:
----------------------------------------------------------------
----------------------------------------------------------------
Error status = 0
Driver letter = E
Encrypt status = 0x1
Algorithm:
----------------------------------------------------------------
----------------------------------------------------------------
Computer name: MB-WINXP-02
Date: 20090429
Exit code = 9
FDE installed: Yes
Boot security installed: Yes
Unencrypted drivers = 2
Encrypted drivers = 0
Partly encrypted drivers = 0
Boot security errors = 0
Encrypted errors = 0
----------------------------------------------------------------
MB-WINXP-02 20090429 9 1 1 2 0 0 0 0 

The last line of an entry can be broken down into the following:

  • Computer name
  • Date
  • Exit code
  • FDE installed
  • Boot security installed
  • Number of unencrypted partitions
  • Number of encrypted partitions
  • Number of partly encrypted partitions (process of initial encryption or decryption is ongoing)
  • Boot security error code
  • Encrypted error code

 The listed entries are as follows:

Log file entry Details

Error Status

 

0 = Error found

1 = No errors found

Driver letter

Partition/drive letter for which information has been gathered

Encrypt Status

 

0x0= Status unknown

0x1= Partition is unencrypted

0x2= The whole partition is encrypted

0x3= The encryption of the whole partition is not yet completed

0x4= The decryption of the whole partition is not yet completed

0x102=The used sectors of the partition are encrypted

0x103= The encryption of used sectors on the partition is not yet completed

0x104=The decryption of used sectors on the partition is not yet completed

Algorithm

The algorithm used to encrypt the partition

Computer name

Name of the computer

Date

Date on which the status query was run

Exit code

 

Exit codes have the following meaning:

1 – Unencrypted partitions exist

2 – Encrypted partitions exist

4 – Partly encrypted partitions exist

8 – Boot protection is installed

16 – The encryption status of some partitions could not be obtained

32 – The status of the Boot protection could not be obtained

64 – FDE is not installed

 

In the example,

The value 9 (8+1) has the following meaning:

Boot protection is installed +

Unencrypted partitions exist

The value 11 (8 + 2 + 1) has the following meaning:

Boot protection is installed

Unencrypted partitions exist

Encrypted partitions exist

FDE installed

 

0= no

1= yes

Boot security installed

 

0= no

1= yes

Unencrypted drivers

The number of partitions that are unencrypted

Encrypted drives

The number of partitions that are encrypted

Partly encrypted drivers

The number of partitions that are only partly encrypted

Boot security errors

0 = no error

Encrypted errors

0 = no error

Defining log file path and name

This section details how to tweak the log file location for NBSTATUS.LOG. By default, the log file is written to C:\NBSTATUS.LOG. You may however, want to save the log file to a specific directory. To specify an alternate log file location:

  • Open the Windows Registry Editor by either selecting Start -> Run and entering regedit into the Open field, or by opening the editor directly from the directory: C:\WINDOWS\regedit.exe
  • In the Registry Editor open the entry: HKEY_LOCAL_MACHINE\SOFTWARE\Mobsec_NB\Notebook\General\
  • Make a new entry by right-clicking the mouse in an open space on the right-hand panel and choose New -> String Value from the menu:

clipboard_e73ed36654792284fd019a21ace29699a.png

  • Define the string name: StatusLogfilePath.

clipboard_ecd33eb6c2d69f5c700c636f0169accb0.png

  • Double-click the new entry.
  • The Edit String window opens:

clipboard_edc3827bd9e0c4b9fab4eb92dd96ad55b.png

  • Enter the path and filename, to which the log file will be saved (for example: C:\Matrix42 Log\nb status log files\), into the Value Data field:

clipboard_e4379c94e234e709b72ce6a2db5a0d951.png

  • If you do not want Nbstatus to write a log file, then simply enter NOLOG into the Value Data field. Click OK to apply the value.

If, at any time after you have made this change, you decide to revert to the default log file destination (C:\NBSTATUS.LOG), just delete the entry made in this section from the registry.

  • Was this article helpful?