FDE Status Query
FDE Status Query
Use the FDE status query module of the Control Center to identify the status of a hard disk protected by the Matrix42 Full Disk Encryption. The following information can be identified:
- Status of the installation
- Status of the boot protection
- Encryption status of the drives
This module can also be used transparently by administrators to log (and consequently audit) the status of the Matrix42 Full Disk Encryption.
FDE status query GUI
The FDE status query GUI is an easy and quick way to view information about the status of the local Matrix42 Full Disk Encryption installation. Every time the FDE Status Query application is started, it will generate an entry in the log file NBSTATUS.LOG, by default located directly under the C: drive. The name and location of the log file can be changed (see FDE query log file).
Follow the steps below to query the status of the Matrix42 Full Disk Encryption installation on your computer:
- Open the Control Center (as described in section 1.5).FDE Status Query
- Double-click the FDE Status Query icon.
- The following dialog appears:
- The application automatically gathers and displays information about the Matrix42 Full Disk Encryption installation on your computer. This dialog displays the encryption status of the first six partitions. If there are more than six drives available, the sum of the values is displayed.
- The dialog displays the following FDE characteristics:
Characteristic | Details |
---|---|
Product installed |
Is Matrix42 Full Disk Encryption installed? NOTE: Matrix42 Full Disk Encryption may be installed but is not yet active. |
Boot security installedz |
Is boot security installed? In other words, is the FDE component active? |
TPM Protection activated |
Shows the status of the TPM protection for Matrix42 Full Disk Encryption. |
Encrypted drives |
The total number of encrypted partitions on the hard disk. |
Unencrypted drives |
The total number of unencrypted partitions on the hard disk. |
Partly encrypted drives |
The total number of partitions on the hard disk that have only been partly encrypted. This may be due to a loss of power during the encryption of a partition. |
Drive (x) |
Encryption status for a specific partition: fully encrypted, just used sectors, or unencrypted. |
The icons you may encounter in the status dialog have the following meaning:
Icon | Description |
Yes / OK / Active. | |
No / Not OK / Not enabled. | |
Drive unencrypted. | |
Drive encrypted. | |
Encryption status of drive cannot be determined. | |
Activating or activation error (TPM only). |
Status query via the command line
The command line functionality for the status query application is primarily for administrators that need frequent information about the status of the Matrix42 Full Disk Encryption installations in the company. When the command line syntax is executed, it will generate an entry in the log file NBSTATUS.LOG, by default located directly under the C: drive. The name and location of the log file can be changed (for details, see FDE query log file).
Follow these steps to start a status query via the command line:
- Open a Command Prompt window.
- The Command window opens.
- To start the application, enter the following string in the Command window: nbstatus [-NOGUI]
Command line option | Details |
---|---|
-NOGUI |
Hide the GUI. The current status is written to the log file and provided as return value. If you do not enter this option, the GUI will be displayed. |
- Example: C:\WINDOWS\NAC\nbstatus –nogui
FDE query log file
This section details how to interpret log file entries as well as how to define a log file path.
Log file interpreation
The Nbstatus application, via GUI or command line, updates the log file each time it is execution. When opened, a typical log file entry appears as follows:
Error status = 0 Driver letter = C Encrypt status = 0x1 Algorithm: ---------------------------------------------------------------- ---------------------------------------------------------------- Error status = 0 Driver letter = E Encrypt status = 0x1 Algorithm: ---------------------------------------------------------------- ---------------------------------------------------------------- Computer name: MB-WINXP-02 Date: 20090429 Exit code = 9 FDE installed: Yes Boot security installed: Yes Unencrypted drivers = 2 Encrypted drivers = 0 Partly encrypted drivers = 0 Boot security errors = 0 Encrypted errors = 0 ---------------------------------------------------------------- MB-WINXP-02 20090429 9 1 1 2 0 0 0 0
The last line of an entry can be broken down into the following:
- Computer name
- Date
- Exit code
- FDE installed
- Boot security installed
- Number of unencrypted partitions
- Number of encrypted partitions
- Number of partly encrypted partitions (process of initial encryption or decryption is ongoing)
- Boot security error code
- Encrypted error code
The listed entries are as follows:
Log file entry | Details |
---|---|
Error Status
|
0 = Error found 1 = No errors found |
Driver letter |
Partition/drive letter for which information has been gathered |
Encrypt Status
|
0x0= Status unknown 0x1= Partition is unencrypted 0x2= The whole partition is encrypted 0x3= The encryption of the whole partition is not yet completed 0x4= The decryption of the whole partition is not yet completed 0x102=The used sectors of the partition are encrypted 0x103= The encryption of used sectors on the partition is not yet completed 0x104=The decryption of used sectors on the partition is not yet completed |
Algorithm |
The algorithm used to encrypt the partition |
Computer name |
Name of the computer |
Date |
Date on which the status query was run |
Exit code
|
Exit codes have the following meaning: 1 – Unencrypted partitions exist 2 – Encrypted partitions exist 4 – Partly encrypted partitions exist 8 – Boot protection is installed 16 – The encryption status of some partitions could not be obtained 32 – The status of the Boot protection could not be obtained 64 – FDE is not installed
In the example, The value 9 (8+1) has the following meaning: Boot protection is installed + Unencrypted partitions exist The value 11 (8 + 2 + 1) has the following meaning: Boot protection is installed Unencrypted partitions exist Encrypted partitions exist |
FDE installed
|
0= no 1= yes |
Boot security installed
|
0= no 1= yes |
Unencrypted drivers |
The number of partitions that are unencrypted |
Encrypted drives |
The number of partitions that are encrypted |
Partly encrypted drivers |
The number of partitions that are only partly encrypted |
Boot security errors |
0 = no error |
Encrypted errors |
0 = no error |
Defining log file path and name
This section details how to tweak the log file location for NBSTATUS.LOG. By default, the log file is written to C:\NBSTATUS.LOG. You may however, want to save the log file to a specific directory. To specify an alternate log file location:
- Open the Windows Registry Editor by either selecting Start -> Run and entering regedit into the Open field, or by opening the editor directly from the directory: C:\WINDOWS\regedit.exe
- In the Registry Editor open the entry: HKEY_LOCAL_MACHINE\SOFTWARE\Mobsec_NB\Notebook\General\
- Make a new entry by right-clicking the mouse in an open space on the right-hand panel and choose New -> String Value from the menu:
- Define the string name: StatusLogfilePath.
- Double-click the new entry.
- The Edit String window opens:
- Enter the path and filename, to which the log file will be saved (for example: C:\Matrix42 Log\nb status log files\), into the Value Data field:
- If you do not want Nbstatus to write a log file, then simply enter NOLOG into the Value Data field. Click OK to apply the value.
If, at any time after you have made this change, you decide to revert to the default log file destination (C:\NBSTATUS.LOG), just delete the entry made in this section from the registry.