fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.11k stars 431 forks source link

Support non Bitlocker encryption status #13237

Open quinten-lp opened 1 year ago

quinten-lp commented 1 year ago

Fleet version: (head to the "My account" page in the Fleet UI or run fleetctl --version)

fleet version 4.35.0

Operating system: (e.g. macOS 11.2.3)

Server : Debian 11 Client : windows 10 pro 22h2

Web browser: (e.g. Chrome 88.0.4324) firefox 102.13.0esr (64 bits)


🧑‍💻  Expected behavior

I have installed msi package on my windows host. On the console, for my windows host, fleet tells me the disk is unencrypted. However, my C drive is fully encrypted with veracrypt software.

💥  Actual behavior

I see disk unencrypted instead of crypted.

👣 Reproduction steps

To see if my disk is encrypted, in veracrypt, when I check the properties of c:\, I have this information :

encrypted portion : 100% (fully encrypted)

I have also this informations with verastatus.exe :

.\VeraStatus.exe /sysenc

System Encryption: Yes
Encryption State: Full
Encrypted Portion: 100%
Bootloader version: 1.25
Drive mounted: Yes
Drive encrypted: Yes
Volume Header present: Yes
Hidden System: No
Setup in progress: No
Boot drive size: 512110190592 Bytes
Configured Encrypted Area Start: 658505728
Encrypted Area Start: 658505728
Configured Encrypted Area End: 506991738879
Encrypted Area End: 506991738879

Encryption Algorithm: AES
PKCS-5 PRF: HMAC-SHA-512
Custom PIM used: No
Iterations number: 500000
Data Read Since Mount: 13628766720 Bytes
Data Written Since Mount: 13144926720 Bytes

Also :

.\VeraStatus.exe /sysenc | findstr "State"
Encryption State: Full

More info

I don't know if we can have this informations with another tool like powershell command or wmi command. I will be interested to have disk encrypt information with tool like veracrypt/truecrypt, not just Bitlocker.

xpkoala commented 1 year ago

@quinten-lp Thank you for the suggestion! This does appear to be a feature request and not a bug so we have modified the ticket a bit and have moved it to the product team for evaluation.

quinten-lp commented 1 year ago

Yes, it's not really a bug, thank you for moving this to a feature.