A security and compatibility patch for SafeGuard Enterprise Windows Client version and SafeGuard Enterprise Windows Client 8.00.5 has been released to address numerous issues.

The 8.00.6 security and compatibility patch includes all fixes from the previous 8.00.5 Client Rollup patch.

It is highly recommended to upgrade all SafeGuard Client installations running version or 8.00.5.x on Microsoft Windows.

Applies to the following Sophos products and versions
SafeGuard BitLocker Client 8.0
SafeGuard Cloud Storage 8.0
SafeGuard File Encryption 8.0
SafeGuard Synchronized Encryption 8.0
SafeGuard Data Exchange 8.0

Resolved issues (compared to SafeGuard version

Reference Symptom / Summary
DPSGN-10618 SGN Authentication Service crashes
DPSGN-12668 SafeGuard services fail to start, referencing the WS2_32.dll
DPSGN-11347 Saving encrypted files occasionally fails
DPSGN-12230 Task Manager hangs during shutdown
DPSGN-10120 Numerous Smartcard/Token logon related issues
DPSGN-11686 Significant delay when locking the desktop
DPSGN-11064 Outlook Add-In not working reliably
DPSGN-12036 Outlook Add-In strips file extensions
DPSGN-11848 SGN Master Service crashes
DPSGN-12233 Password change for other user than logged on not possible
DPSGN-12033 HTML Re-cryption not working in latest versions of Firefox and Google Chrome
DPSGN-11404 BEDevCtl.exe crashes, causing a missing SafeGuard Credential Provider
DPSGN-10874 Data partitions not encrypted on NVME drives (BitLocker)
DPSGN-11839 BitLocker rollout improvements
DPSGN-10599 BitLocker Challenge/Response: Encryption not starting if no recovery partition is available
DPSGN-10918 BSOD: PAGE_FAULT_IN_NONPAGED_AREA (referencing lcencvm.sys) BugCheck 50
DPSGN-12782 LocalCache corruptions on machines running File Based Encryption
Improved compatibility with Sophos Endpoint and Sophos Central
DPSGN-13775 Credential Provider issues with Windows 10 built-in VPN when using UID and Password authentication 
DPSGN-13128 BSOD: BugCheck 50 in combination with SafeGuard File Encryption driver (referencing lcencvm.sys)
DPSGN-13714 BitLocker PIN reset not working after recovery
DPSGN-13748 Encrypt according to policy option and initial encryption wizard not working

Resolved issues (compared to SafeGuard version 8.00.5)

Reference Symptom / Summary
DPSGN-14137 SGFileEncWizard.exe appears to hang when trying manually to encrypt the files
DPSGN-14365 sgn_masterservicen.exe crashed due to an unhandled exception (0xc0000005)
DPSGN-14822 Password change fails with the error message "The specified account does not exist" in specific scenarios. 
DPSGN-13606 Credential Provider interface empty after SGNAuthService crash/restart
DPSGN-11436 User chooses 'Sign out' but does not get signed out (lParam = 0xC0000000)
DPSGN-14156 Blue screen UNEXPECTED_KERNEL_MODE_TRAP (7f) after upgrade or installation on Windows 10 version 1803 /1809 /1903
DPSGN-15312 File encryption related issues after cumulative updates (as of July 2019) on Windows 10 version 1809 / 1903

Download and installation


The package can be obtained from the SafeGuard Enterprise download section on sophos.com or directly using this link: Download


The client security and compatibility patch can be applied to SafeGuard Client version and 8.00.5.x running on Microsoft Windows only.

Important: For clients running Windows 7 SP1, it is critical to install all Windows security patches before applying the patch.

If the SafeGuard Client is already installed

  1. Copy the installer patch file to the corresponding computer(s).
  2. Apply the SafeGuard Client Rollup patch.
    Example: msiexec /update C:\Install\SGN8006Patch1908_x64.msp
  3. Reboot the machine for the changes to take effect. After installing, the machine gets automated reboot if installation done via command line. If you want to control the reboot, use the /norestart switch.

If the SafeGuard Client 8.00.5.x is already installed

  1. Copy the installer patch file and the SGN8006Patch1908.cmd to the corresponding computer(s).
  2. Run the SGN8006Patch1908.cmd in an administrative CMD. This will ensure that the pre-requisites are met and the Patch gets installed.
  3. Reboot the machine for the changes to take effect.

Installation of SafeGuard Client with the patch

  1. Copy the SafeGuard Client and the installer patch files to the corresponding computer(s).
  2. Install the SafeGuard Client with the Rollup patch.
    For example: msiexec /i C:\Install\SGNClient_x64.msi PATCH=C:\Install\SGN8006Patch1908_x64.msp
  3. Reboot the machine for the changes to take effect. After installing, the machine gets automatically rebooted if the installation is done via command line. If you want to control the reboot, use the /norestart switch.

How to verify if the patch is applied

The security and compatibility patch comes in the form of a Windows Installer Minor Upgrade Patch and updates the version number of the Sophos SafeGuard Client that is displayed in Apps & features / Programs and Features to

Additionally the version in the SafeGuard about box has been updated and the clients report the new version using the machine inventory, which can be displayed in the SafeGuard Management Center.

Limitations: This Hotfix Rollup is not compatible with SafeGuard LAN Crypt.

Related information