FileVault2 Encryption Status all partitions
Log In or Register to download the BES file, and more.

0 Votes

Description

Returns the names and FileVault2 encryption status of the volume partitions.

Property Details

ID2998453
StatusBeta - Preliminary testing ready for more
TitleFileVault2 Encryption Status all partitions
DomainBESC
Keywordsfilevault, filevault2, partition, mac, mac OS X, macos, OSX, encryption, disk, partition
Added by on 10/6/2016 9:59:40 AM
Last Modified by on 10/6/2016 10:00:19 AM
Counters 5298 Views / 19 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

FileVault2
Period Every Report
 
  * Results in a true/false
Show indented relevance
(names of it, (if (not exists (booleans whose (it) of values of entries whose ("CoreStorage Encrypted" = key of it) of dictionaries of nodes of nodes of nodes "CoreStoragePhysical" of it)) then "Not Encrypted" else "Encrypted")) of nodes of nodes "IOGUIDPartitionScheme" of nodes of nodes "IOBlockStorageDriver" of nodes "IOAHCIBlockStorageDevice" of nodes "AppleAHCIDiskDriver" of nodes "IOAHCIDevice" of (it; nodes of nodes "AppleAHCI" of it) of nodes of nodes of nodes of nodes "AppleACPIPCI" of nodes whose(name of it starts with "PCI") of nodes "AppleACPIPlatformExpert" of service plane of iokit registry

Relevance

Used in 222 fixlets and 99 analyses   * Results in a true/false
Show indented relevance
mac of operating system

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
Trevinh -
Hey @jgstew, I am using the below query to check FileVault statuses and noticed it does not return values (returns none) for newer macs with the m1 processor. However, older macs with intel processors return expected boolean values. booleans of values of entries whose("Encrypted" = key of it) of dictionaries of nodes of nodes of nodes of nodes "AppleAPFSContainerScheme" of nodes of nodes "IOGUIDPartitionScheme" of nodes of nodes "IOBlockStorageDriver" of nodes of (nodes of it; nodes of nodes of it) of nodes of nodes of nodes of nodes "AppleACPIPCI" of nodes whose(name of it starts with "PCI") of nodes "AppleACPIPlatformExpert" of service plane of iokit registry
Bp9906 -
I modified the above to support APFS, though I havent tried merging (all in one). booleans of values of entries whose("Encrypted" = key of it) of dictionaries of nodes of nodes of nodes of nodes "AppleAPFSContainerScheme" of nodes of nodes "IOGUIDPartitionScheme" of nodes of nodes "IOBlockStorageDriver" of nodes of (nodes of it; nodes of nodes of it) of nodes of nodes of nodes of nodes "AppleACPIPCI" of nodes whose(name of it starts with "PCI") of nodes "AppleACPIPlatformExpert" of service plane of iokit registry
jgstew -
Related: https://forum.bigfix.com/t/bigfix-checking-for-filevault-2-without-writing-output-files-on-the-endpoint/14709/4
jgstew -
Related: https://www.bigfix.me/analysis/details/2998121
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as