5 Replies Latest reply on Mar 1, 2016 9:38 AM by mitch_reid

    manually check encryption status

    mcdave

      How can I manually check the Endpoint Encryption status (via regkey for example) and in case of how can I mannually de-activate EE Clients (EE Version 6.1.2.314)

       

       

      I got 2 clients from which I can't remove the EEPC (the EE product settings policy has been set to disable (unmarked the "Enable Policy" setting & Encryption set to "none" for more then 2 months)

      The eposerver reports no EE details for both clients ("No details are available")

      and local logfiles on both clients report EEPC is still active???

       

      McAfee Endpoint Encryption for PC is currently active. Please de-activate before uninstalling.

      === Logging stopped: 2/27/2014  12:19:52 ===

       

      regards,

      Dave

        • 1. Re: manually check encryption status
          odedb

          You can check the status of EE PC on your system using this registry key

          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfeeEndPoint Encryption\MfeEpePc\Status

          I suggest you look at the "Activated" value which can be set to "Yes" or "No" (to what I've seen)

           

          You can also check the system status by clicking on the McAfee icon in the system tray -> "Quick Settings" -> "Show Endpoint Encryption Status", but this is not programmatically (like a registry value).

           

          Might seem obvious, but happened to me a lot in the past - Make sure your system reports to the same ePO you think it is, if you have more than one.
          What's the last communication date ePO shows for these systems ?

          • 2. Re: manually check encryption status
            mcdave

            The suggested key does  not exist but I found another similar one
            HKEY_LOCAL_MACHINE\SOFTWARE\McAfee EndPoint Encryption\MfeEpePC\Status

            the value of "Activated" is "Yes"

            3-03-2014 12-59-57.png

            The systems still report to the (one and only) correct eposerver (last ASCI was 5 minutes ago) I even tried forced re-installing the epoagent

             

            How can get proper control again of EE on these clients?
            Can I edit one of the regkeys to start the decryption and get rid of EE?

            • 3. Re: manually check encryption status

              first thing to check is the EEPC log file to see if there are any error states reported.

               

              No, you can't control EEPC by manipulating the registry.

               

              The key you found is the same one the original poster mentioned, just he is using a 64bit OS, you're using a 32bit.

               

              Message was edited by: SafeBoot on 3/3/14 9:52:59 AM EST
              • 4. Re: manually check encryption status
                Moe Hassan

                If you are using a script, you can try this command also: (for 32bit systems, simply omit \wow6432node\ part)

                 

                reg query "hklm\software\wow6432node\mcafee endpoint encryption\mfeepepc\status" /v cryptstate

                 

                output looks something like:  cryptstate    REG_SZ    Volume=C:,State=Decrypted;

                • 5. Re: manually check encryption status
                  mitch_reid

                  I have used this command in the past:

                   

                  C:\Program Files\McAfee\Endpoint Encryption Agent>MfeEpeHost.exe -status all