Overview
A security and compatibility patch for SafeGuard Enterprise Windows Client version 8.00.0.251 and SafeGuard Enterprise Windows Client 8.00.5 has been released to address numerous issues.
The 8.00.6 security and compatibility patch includes all fixes from the previous 8.00.5 Client Rollup patch.
It is highly recommended to upgrade all SafeGuard Client installations running version 8.00.0.251 or 8.00.5.x on Microsoft Windows.
Applies to the following Sophos products and versions
SafeGuard BitLocker Client 8.0
SafeGuard Cloud Storage 8.0
SafeGuard File Encryption 8.0
SafeGuard Synchronized Encryption 8.0
SafeGuard Data Exchange 8.0
Resolved issues (compared to SafeGuard version 8.00.0.251)
| Reference | Symptom / Summary |
|---|---|
| DPSGN-10618 | SGN Authentication Service crashes |
| DPSGN-12668 | SafeGuard services fail to start, referencing the WS2_32.dll |
| DPSGN-11347 | Saving encrypted files occasionally fails |
| DPSGN-12230 | Task Manager hangs during shutdown |
| DPSGN-10120 | Numerous Smartcard/Token logon related issues |
| DPSGN-11686 | Significant delay when locking the desktop |
| DPSGN-11064 | Outlook Add-In not working reliably |
| DPSGN-12036 | Outlook Add-In strips file extensions |
| DPSGN-11848 | SGN Master Service crashes |
| DPSGN-12233 | Password change for other user than logged on not possible |
| DPSGN-12033 | HTML Re-cryption not working in latest versions of Firefox and Google Chrome |
| DPSGN-11404 | BEDevCtl.exe crashes, causing a missing SafeGuard Credential Provider |
| DPSGN-10874 | Data partitions not encrypted on NVME drives (BitLocker) |
| DPSGN-11839 | BitLocker rollout improvements |
| DPSGN-10599 | BitLocker Challenge/Response: Encryption not starting if no recovery partition is available |
| DPSGN-10918 | BSOD: PAGE_FAULT_IN_NONPAGED_AREA (referencing lcencvm.sys) BugCheck 50 |
| DPSGN-12782 | LocalCache corruptions on machines running File Based Encryption |
| DPSGN-13146 DPSGN-13154 |
Improved compatibility with Sophos Endpoint and Sophos Central |
| DPSGN-12619 | BSOD: BEFlt.sys - 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA |
| DPSGN-13775 | Credential Provider issues with Windows 10 built-in VPN when using UID and Password authentication |
| DPSGN-13128 | BSOD: BugCheck 50 in combination with SafeGuard File Encryption driver (referencing lcencvm.sys) |
| DPSGN-13714 | BitLocker PIN reset not working after recovery |
| DPSGN-13748 | Encrypt according to policy option and initial encryption wizard not working |
Resolved issues (compared to SafeGuard version 8.00.5)
| Reference | Symptom / Summary |
|---|---|
| DPSGN-14137 | SGFileEncWizard.exe appears to hang when trying manually to encrypt the files |
| DPSGN-14365 | sgn_masterservicen.exe crashed due to an unhandled exception (0xc0000005) |
| DPSGN-14822 | Password change fails with the error message "The specified account does not exist" in specific scenarios. |
| DPSGN-13606 | Credential Provider interface empty after SGNAuthService crash/restart |
| DPSGN-11436 | User chooses 'Sign out' but does not get signed out (lParam = 0xC0000000) |
| DPSGN-14156 | Blue screen UNEXPECTED_KERNEL_MODE_TRAP (7f) after upgrade or installation on Windows 10 version 1803 /1809 /1903 |
| DPSGN-15312 | File encryption related issues after cumulative updates (as of July 2019) on Windows 10 version 1809 / 1903 |
Download and installation
Download:
The package can be obtained from the SafeGuard Enterprise download section on sophos.com or directly using this link: Download
Installation:
The client security and compatibility patch can be applied to SafeGuard Client version 8.00.0.251 and 8.00.5.x running on Microsoft Windows only.
Important: For clients running Windows 7 SP1, it is critical to install all Windows security patches before applying the patch.
If the SafeGuard Client 8.00.0.251 is already installed
- Copy the installer patch file to the corresponding computer(s).
- Apply the SafeGuard Client Rollup patch.
Example: msiexec /update C:\Install\SGN8006Patch1908_x64.msp - Reboot the machine for the changes to take effect. After installing, the machine gets automated reboot if installation done via command line. If you want to control the reboot, use the /norestart switch.
If the SafeGuard Client 8.00.5.x is already installed
- Copy the installer patch file and the SGN8006Patch1908.cmd to the corresponding computer(s).
- Run the SGN8006Patch1908.cmd in an administrative CMD. This will ensure that the pre-requisites are met and the Patch gets installed.
- Reboot the machine for the changes to take effect.
Installation of SafeGuard Client with the patch
- Copy the SafeGuard Client and the installer patch files to the corresponding computer(s).
- Install the SafeGuard Client with the Rollup patch.
For example: msiexec /i C:\Install\SGNClient_x64.msi PATCH=C:\Install\SGN8006Patch1908_x64.msp - Reboot the machine for the changes to take effect. After installing, the machine gets automatically rebooted if the installation is done via command line. If you want to control the reboot, use the /norestart switch.
How to verify if the patch is applied
The security and compatibility patch comes in the form of a Windows Installer Minor Upgrade Patch and updates the version number of the Sophos SafeGuard Client that is displayed in Apps & features / Programs and Features to 8.00.6.2
Additionally the version in the SafeGuard about box has been updated and the clients report the new version using the machine inventory, which can be displayed in the SafeGuard Management Center.
Limitations: This Hotfix Rollup is not compatible with SafeGuard LAN Crypt.