How to check the FileVault status on Mac OS 10.13 & 10.14

Hi BigFix expert,

I found the analysis to check the FileVault enable/disable for MacOS.
It works well below MacOS version 10.12.

Does somebody know how to check it?

I want to use the anaysis only. I do not want to use output file.

The below is my output.

Computer Name OS FileVault 2
CL5049 Mac OS X 10.13.1 (17B1003)
CL4964 Mac OS X 10.13.1 (17B1003)
RANG Mac OS X 10.13.1 (17B1003)
BeeMac Mac OS X 10.13.1 (17B1003)
L4080 Mac OS X 10.13.1 (17B1003)
James Mac Book Mac OS X 10.13 (17A405)
MacBook Pro Mac OS X 10.13 (17A405)
MacBook Pro Mac OS X 10.12.6 (16G29) True
L5458 Mac OS X 10.12.6 (16G29) True
L5263 Mac OS X 10.12.6 (16G29) False
Toyo의 Mac OS X 10.12.6 (16G29) False
L4770 Mac OS X 10.12.6 (16G29) True
L5079 Mac OS X 10.12.6 (16G29) True

I used below script.
booleans of values of entries whose(“CoreStorage Encrypted” = key of it) of dictionaries whose( exists entries whose(“BSD Name” = key of it AND “disk1” = string of value of it) of it ) of nodes of nodes of nodes “CoreStoragePhysical” of nodes of nodes “IOGUIDPartitionScheme” of nodes of nodes “IOBlockStorageDriver” of nodes “IOAHCIBlockStorageDevice” of nodes “AppleAHCIDiskDriver” of nodes “IOAHCIDevice” of (it; nodes of nodes “AppleAHCI” of it) of nodes of nodes of nodes of nodes “AppleACPIPCI” of nodes whose(name of it starts with “PCI”) of nodes “AppleACPIPlatformExpert” of service plane of iokit registry.

Have a nice day^^

1 Like

I know that you said you don’t want to use an output file, but you’re really going to have a bad time if you try to use the iokit registry inspector to figure this out. There are so many models/types of hard drives in Mac laptops that all store the information in slightly different places in the hierarchy that you are going to constantly be playing catch up with your relevance as new models are released.

In my environment we ended up just running an action that reapplies every 6 hours that outputs fdesetup status to a file, then we have an analysis property that reads the first line of that file.

1 Like

That snippet looks really familiar…

I would agree that you should utilize the output file. The original worked, and you could get it to work again, but Apple will change their procedures and you’ll be back to fighting the same battle over and over again. It’s not worth your cycles to try to get Apple to play by BigFix rules.

Doing things the Apple way is a frustration. Apple won’t share it’s plans and it won’t play with businesses to integrate nicely. But if you play by Apple’s rules it does get a bit easier, but not easy.

Typed on an iMac. So I know the pain you feel.

I have tried the above script, but is not working for me, most of my environment is 10.13 and 10.14
any suggestions

The approach of outputting fdesetup to a file and then creating an analysis property to report on the lines of the file is still the best approach.

To create the file:
wait /bin/sh -c "fdesetup status >> /myfoldername/filevault_status.txt"

Property relevance:
lines of file "/myfoldername/filevault_status.txt"

You can modify this to get specific lines of the file into a property such as:
line 1 of file "/myfoldername/filevault_status.txt"

2 Likes

If I already have the text file being generated by another source then all I have to do is to read 1 line from the text file? right! how should the relevance should look like.

thanks numana

@amelgares listed it above.

Line 1 of file "/myfoldername/filevault_status.txt"

Just replace “/myfoldername” with the path to your file, and “filevault_status.txt” with your filename. The Relevance, as listed, will return the first line of the file. If you need a different line, adjust the “1” to match what you need.

Put it into an Analysis that is in a site that the computer is subscribed to and wait.

If your file is more complicated than just the output of the fdesetup, give us a sample of the contents of your file and we can adjust the Relevance to suit it.

Great, got it working

Thanks Tim