Bitlocker management

[Bob]

HI. I configured bitlocker on users's computers and configured Group policy on windows server. Then I heard about Kaspersky Bitlocker management functionality.By the way I also use Kaspersky as antivirus. Is it possible to see bitlocker events from Kaspersky endpoint agent?

[Dmitry Parshutin]

Hello! Please find more information in this article https://help.kaspersky.com/KESWin/10SP2/en-US/130689.htm Thank you!

[Bob]

Thanks for reply. I want to say that we have already configured bitlocker on computers localy.And created GPO on windows server. The question is that we are not able to monitor bitlocker events. the link shows that I have to configure bitlocker using Kaspersky Bitlocker management. But I have alrady configured it and only think I want is to monitor the bitlocker event from computers. Hope I could make it clear. Let me give you deep explanation. Suppose we have 30 users and I am asked to encrypt their hdd. First I created Group Policy on windows server and applied to 30 computers. Help desk technician approached to 30 users to start bitlocker each computer. After completing Bitlocker on computers we needed to monitor whether all of the computers had been encrypted or not. So, I began looking for a way to monitor events from that 30 computers. I heard about Kaspersky agent that is capable of sending events to Kaspersky Security center. I don't want to configure same policy on Kaspersky security center that has already been configured on windows server. I am afraid it could lead to conflict between policies. Please if something is unclear to you let me know

[Nikolay Arinchev]

Hi,

But I have alrady configured it and only think I want is to monitor the bitlocker event from computers.

Could you please clarify is it correct that you configured bitolcker before you decided to control it by KSC?

[Bob]

Hi. Could you please clarify is it correct that you configured bitolcker before you decided to control it by KSC? Yes Exactly.

[Nikolay Arinchev]

If a user independently enables encryption using BitLocker, KES will correctly transmit KSC information that the computer is encrypted, but will not be able to transfer the master key to KSC. Without master key, encryption management cannot be considered full-fledged, because KSC will not be able to recover access to encrypted information in case of OS failure. In such a situation, it is recommended decrypt the hard drive and re-encrypt so BitLocker generates a new key and transfers it to KSC. You can decrypt a disk remotely - you need to enable the Decrypt mode in the KES policy all hard drives and KES will instruct BitLocker to decrypt the drive, even if encryption included by other means.

[Bob]

Hi If a user independently enables encryption using BitLocker, KES will correctly transmit KSC information that the computer is encrypted, now could you please tell me how can I configure KES to tell me whether computer is encrypted?

[Nikolay Arinchev]

You can figure out is the PC encrypted or not at host Properties-Programs-Kaspersky endpoint security-Statistics.

[Alexey]

Bob can you give article how to set up GPO settings of bitlocker? I want to do the same integration bitlocker+kes

[Bob]

Hi Nikolay I enter the Kaspersky security center and chose a computer that bitlocker enabled. but nothing shown with regard to encryption.

[Bob]

Hi Alexey https://www.rootusers.com/configure-bitlocker-group-policy-settings/ this link would help you

[Alexey]

Hi Alexey https://www.rootusers.com/configure-bitlocker-group-policy-settings/ this link would help you

Thanks a lot!

[Nikolay Arinchev]

I enter the Kaspersky security center and chose a computer that bitlocker enabled. but nothing shown with regard to encryption.

Could you please confirm that KES has bitocker management component installed? Please provide us with GSI log from one of the hosts, that are not shown as encypted.

[Bob]

Hello Nikolay

sorry for late reply. One more think i want to ask. if i do as you said, would i be able to see encrypted devices dashbord? or i have to enter computername one by one in order to see whether computer is encrypted?