Please note: Advisory: SafeGuard File Encryption Engine - build 29 withdrawn

Overview

With the introduction of the mini file filter driver, which is part of SafeGuard Enterprise as of version 8.10, Sophos provides regular File Encryption Engine updates that just contain improved filter drivers. These updates are provided as Windows Installer Patch files (*.msp) to allow an easy installation and deployment. As these updates are cumulative, Sophos recommends using the latest version.

In this post you can download build version 29 of the filter driver engine. An overview of all File Encryption Engine Updates is available here

Resolved issues (new in File Encryption Engine build 29)

Reference Symptom / Summary
DPSGN-15338 Sporadic file corruptions when storing XLS files using Microsoft Office 2003 or 2007 
DPSGN-15014 Generic improvements to prevent file locks during shutdown/restart.
DPSGN-15436 Deleted encrypted files occasionally cannot be recovered and show huge size in recycle bin
DPSGN-15441 Bluescreen / BSOD (Bugcheck 0xd4) on endpoints with Xerox Docushare software installed
DPSGN-15431 Windows subsystem for linux no longer working (lxssmanager does not start) on Windows 10 version 1903 (19H1)

Resolved issues (already part of File Encryption Engine build 28)

Reference Symptom or Summary
DPFEE-1173 Local cache corruptions during an update to Windows 10 October 2018 update (W10 version 1809)
DPSGN-14307 Explorer performance issues in combination with cached files from Windows Quick Access
DPSGN-14462 Increased saving time for files located on network locations (specific applications).
DPSGN-14525 Access rights issues when running specific applications.
DPSGN-14639 Bluescreen Bugcheck 0x3b (SYSTEM_SERVICE_EXCEPTION) on Windows 10 version 1809 endpoints
DPSGN-14511 Performance improvements (boot and runtime)
DPSGN-14853 Cannot open encrypted Quickbooks project (other applications potentially affected as well),
when SafeGuard File Encryption filter driver is active.
DPSGN-14771
DPSGN-14806
DPSGN-14842
Several boot performance improvements.
DPSGN-14995 High performance impact when accessing files on network shares which are not covered by an encryption rule (requires BypassFilesWithoutPolicyVolumes registry key - see KB132922 for details).
DPSGN-14945 User is unable to save file certain file types (e.g. docx, xlsx).
DPSGN-14987
DPSGN-15016
User gets file in use error when opening or saving xlsx files on network location.
DPSGN-14513 License check of 3rd party application (Dataflex) fails - (requires BypassFilesWithoutPolicyVolumes registry key)
DPSGN-14856
DPSGN-15051
File Encryption driver slows down Windows explorer and search operations on network shares.
DPSGN-15186
DPSGN-15188
DPSGN-15189
DPSGN-15190
Important security fixes and improvements.
DPSGN-15245 Files located on a WebDAV share, occasionally cannot be deleted when file encryption minifilter is active.
DPSGN-15014 Compatibility improvements (requires additional registry modification) 
DPSGN-15265 System might become unresponsive after re-inserting an encrypted optical media
DPSGN-15261 SGPortable.exe (and msvcr71.dll and msvcp71.dll) get encrypted by initial encryption
DPSGN-15241 SafeGuard Services not running after update to Windows 10 version 1903 (19H1). This only affects installations of File Encryption Engine build 26.
DPSGN-15209 Compatibility improvement for Sophos Central Intercept X with EDR.
DPSGN-15267 Potential file corruptions when creating PDFs from Catia (Dassault Systèmes).
DPSGN-15306 File encryption filter removes SmartScreen block functionality from file properties.

Download and installation 

The File Encryption Engine Update build 29 can be applied to SafeGuard Client version 8.10.0.323, 8.10.2.55 and 8.20.0.83. It automatically updates previously installed File Encryption Engine Updates.

The installers for version 8.10.x can be obtained from this download link

The installers for version 8.20.x can be obtained from this download link.

Installation for 32-bit OS

If the SafeGuard Client is already installed

  1. Copy the installer patch files to the corresponding endpoint(s)
  2. Apply the SafeGuard File Encryption Engine update. Example (based on version 8.10): msiexec /update "C:\Install\File Encryption Engine for SGN 8.1 Build 29.msp"
  3. Reboot the endpoint for the changes to take effect

Installation together with SafeGuard Client

  1. Copy the SafeGuard Client and the installer patch files to the corresponding endpoint(s)
  2. Install the SafeGuard Client together with the File Encryption Engine update. Example (based on version 8.10): msiexec /i C:\Install\SGNClient.msi PATCH="C:\Install\File Encryption Engine for SGN 8.1 Build 29.msp"
  3. Reboot the endpoint for the changes to take effect

Installation for 64-bit OS

If the SafeGuard Client is already installed

  1. Copy the installer patch files to the corresponding endpoint(s)
  2. Apply the SafeGuard File Encryption Engine update. Example (based on version 8.10): msiexec /update "C:\Install\File Encryption Engine for SGN 8.1 Build 29_x64.msp"
  3. Reboot the endpoint for the changes to take effect

Installation together with SafeGuard Client

  1. Copy the SafeGuard Client and the installer patch files to the corresponding endpoint(s)
  2. Install the SafeGuard Client together with the File Encryption Engine update. Example (based on version 8.10): msiexec /i C:\Install\SGNClient_x64.msi PATCH="C:\Install\File Encryption Engine for SGN 8.1 Build 29_x64.msp"
  3. Reboot the endpoint for the changes to take effect

How to verify if the patch is applied

After the installation, you can see the new File Encryption Engine in the Installed Updates section of Programs and Features

As this package just contains new filter drivers and no other products components, this update does not change the version or build number of the installed SafeGuard Client. In the SafeGuard Management Center version 8.20, the file filter engine version of this update (3.0.0.31) is also listed in the installed features list of the Client.

Related information