search cancel

Checking the Drive Encryption Status on systems with Symantec Endpoint Encryption

book

Article ID: 214085

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Symantec Endpoint Encryption has a few different methods to check the status of encryption.  This article will go over these methods.

Resolution

The SEE Drive Encryption client has a command line utility that you can use to check the status of encryption.  Here are some samples of the encryption status for each of these.  Different portions of the results will be bolded to point out differences and what to look for:

 

Scenario 1 of 6: Not Encrypted:

C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption>eedAdminCli.exe --status

Disk 0 is not instrumented by Drive Encryption.
Request sent to Disk status was successful

 

In the SEE Client admin portal the UI will display the following:

Encryption status (Not Encrypted) via eedadmincli.exe view:

#######################################################################################

 

Scenario 2 of 6: Encrypting

C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption>eedAdminCli.exe --status

Disk 0 is instrumented by Drive Encryption.
 Disk: Opal Disk
 Disk UUID: d1f0e58e-bf08-45de-8e50-7ccbc61f3ad6
  Encryption process is running in the background.
  Progress: 0%
  Current key is valid.
  Current disk block mode is 3
Volume Status - 1
Volume C:\ on partition 3  : Encrypting.
  Total sectors: 135926480 highwatermark: 596992
  Progress: 0%
  Cipher Algorithm used: AES256
Request sent to Disk status was successful

 

In the example above, the disk is "instrumented", which means a preboot screen is configured.
Highwatermark indicates how many sectors are encrypted.

Total sectors indicate how many sectors exist on the drive.  

Highwatermark/Total Sectors = Percentage Status of encryption

The encryption process is currently running in this scenario.

The UI would show the following during encryption:

Encryption status via eedadmincli.exe view:

#######################################################################################

 

 

Scenario 3 of 6: Encryption process is Paused

C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption>eedAdminCli.exe --status

Disk 0 is instrumented by Drive Encryption.
 Disk: Opal Disk
 Disk UUID: d1f0e58e-bf08-45de-8e50-7ccbc61f3ad6
  Encryption process interrupted by user request
  Progress: 4%
  Current key is valid.
  Current disk block mode is 3
Volume Status - 1
Volume C:\ on partition 3 :  Encryption interrupted by user request
  Total sectors: 135926480 highwatermark: 6396928
  Progress: 4%
  Cipher Algorithm used: AES256
Request sent to Disk status was successful

If the system is encrypting The equation to find out how many sectors are encrypted

As you can see, the system is encrypted, but is not fully encrypted looking at the highwatermark and total sectors.
The encryption process was paused (possibly due to loss of AC power), or was done manually by a SEE Client Admin.
Encryption can also pause if it encounters a bad sector.

Paused while encrypting:

Encryption Paused status via eedadmincli.exe view:

 

#######################################################################################

 

Scenario 4 of 6: Decrypting


C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption>eedAdminCli.exe --status

Disk 0 is instrumented by Drive Encryption.
 Disk: Opal Disk
 Disk UUID: d1f0e58e-bf08-45de-8e50-7ccbc61f3ad6
  Decryption process is running in the background.
  Progress: 96%
  Current key is valid.
  Current disk block mode is 3
Volume Status - 3
Volume C:\ on partition 3 : Decrypting.
  Total sectors: 135926480 lowwatermark: 307200 highwatermark: 6396928
  Progress: 96%
  Cipher Algorithm used: AES256
Request sent to Disk status was successful

As you can see, there is a "lowwatermark", which indicates how many sectors are decrypted.  The highwatermark indicates how many sectors were encrypted total.
For this example, 
To perform the math: (Highwatermark - Lowwatermark)/Total Sectors = Percentage encrypted. 
Since this drive was never fully encrypted, the highwatermark never reached the same value of "Total Sectors".

 

The UI would show the following during Decryption (exact values don't match the command line values):

Decrypting status via eedadmincli.exe view:


Scenario 5 of 6: Decryption process is Paused

Paused while decrypting:

Decryption Paused status via eedadmincli.exe view:

 

 

Scenario 6 of 6: Encryption fully completed (100%)

Attachments