https://github.com/osquery/osquery logo
Title
j

Jigar Shah

02/13/2023, 6:46 AM
Hi team... while running query "SELECT * FROM bitlocker_info" on my windows machine, I found protection_status 0 and percentage_encrypted is 100. I am not getting if protection_status is 0 means not protected than how encryption % can be 100? How to read this status to understand the actual reason of it?
s

Stefano Bonicatti

02/13/2023, 12:20 PM
The data is taken from WMI and this page has some insight. Although the page is for Win32 APIs the source of data it’s the same and for EncryptedPercentage it says that’s rounded and even if it’s at 100% doesn’t necessarily means that it’s actually fully encrypted, the ConversionStatus value (
conversion_status
) has to be checked. On that page you can also see the meaning of the values. https://learn.microsoft.com/en-us/windows/win32/secprov/getconversionstatus-win32-encryptablevolume
j

Jigar Shah

02/13/2023, 5:14 PM
Thanks. it is helpful to get idea.