We are using Sophos Safeguard for Bitlocker encryption and we are getting the following error code during Windows updates and any inplace upgrades to higher Windows 10 versions:
Now we have checked everything (antivirus, antiransom, firewall etc. etc. etc.) and finally came across Sophos and encryption.
I know the Setup.exe options to disable encryption, however this did nothing.It only helped to uninstall Sophos, decrypt the hard drive, then do the update and then reinstall everything and encrypt.
However, since this is not a nice solution and we don't want to reinstall everything every time, I wanted to ask if anyone here has any idea what else we can do?
Our Sophos versions on the clients is: 8.00.6.2
I hope you can help me here.Thanks a lot!
Hi Fabian Katzberg
I will check this with our global escalation team, AFAIK the only workaround was to uninstall Sophos and decrypt the hard drive.
Do you have an active file encryption policy Fabian Katzberg, or are you just using FDE (full-disk encryption) only. I'm not seeing this issue (yet?) so would like to see this resolved - removing and decrypting isn't a workaround either if you then don't have anything to effectively manage/control encryption.
yes we are using the File Encryption Policy settings from the Sophos Management Center. But I haven't seen something strange there actually.
Are there options, which can lead to such a problem?
Yes, there can be. The filter engines are independent to the MSI/EXE's and must be updated to make sure they include all the latest driver/file filters. I wasn't using any policies at all, yet had massive issues with OneDrive and random deletions. I had to create a policy exclusion to exclude all the OneDrive folders - despite not having an active FE policy or it "enabled". I would check you're using the latest engine - They can be found in more detail here - File Encryption Engine updates for SafeGuard 8.10 / 8.20 / 8.30 (sophos.com)
Sophos did remove one a while back too that was known to have issues - so do double check that it's the latest and supported engine you're installing/checking.
Sadly don't forget that this product (on-prem) does now have a EOL defined - July 2023 - so it may be worth planning your migration while things are not looking so great to Central or another product.
Oh well, great.
Are there engine updates for SafeGuard Versions 8.0 or do we also need to update our Sophos Server?
If yes, where can I get the files?
Do I need a new license for an update?
Thank you very much!
No, I don't believe you'll need a new licence, it should be covered under your original agreement. I would advise that you do install the latest Windows client though, as you're a few versions behind. There's also a patch for the 8.0.6 client for some known issues. So I would update a test client first to the latest version, then apply the file filter engine to this version. What backend version is running on your server - is that still V8.0 too?
yes, our Backend Server and also our clients are running on Version 8.0.6 with the latest patch you mentioned.
So I think an update to the newest version is necessary.
How to proceed for that? Is it possible to do this on my own, or do I need a consultant for that?
Sorry for the delay - had a few days leave! Yes, perfectly possible to do on your own, but completely dependant on how confident you are. If you're running VM's it would be worth having a snapshot prior to the upgrade, and making sure all DB's are backed up too. Sophos would be able to offer PS (Professional Services) for this too I'm sure - but this would be at a cost.
It's better to uninstall Sophos and decrypt the hard drive.