This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safeguard creates Error 0x800703E6 while Win Updates / InPlace

Hello community

We are using Sophos Safeguard for Bitlocker encryption and we are getting the following error code during Windows updates and any inplace upgrades to higher Windows 10 versions:

0x800703E6

Now we have checked everything (antivirus, antiransom, firewall etc. etc. etc.) and finally came across Sophos and encryption.

I know the Setup.exe options to disable encryption, however this did nothing.
It only helped to uninstall Sophos, decrypt the hard drive, then do the update and then reinstall everything and encrypt.

However, since this is not a nice solution and we don't want to reinstall everything every time, I wanted to ask if anyone here has any idea what else we can do?

Our Sophos versions on the clients is: 8.00.6.2

I hope you can help me here.
Thanks a lot!



This thread was automatically locked due to age.
Parents
  • Do you have an active file encryption policy , or are you just using FDE (full-disk encryption) only. I'm not seeing this issue (yet?) so would like to see this resolved - removing and decrypting isn't a workaround either if you then don't have anything to effectively manage/control encryption.

  • Hi,

    yes we are using the File Encryption Policy settings from the Sophos Management Center. But I haven't seen something strange there actually.

    Are there options, which can lead to such a problem? 

  • Yes, there can be. The filter engines are independent to the MSI/EXE's and must be updated to make sure they include all the latest driver/file filters. I wasn't using any policies at all, yet had massive issues with OneDrive and random deletions. I had to create a policy exclusion to exclude all the OneDrive folders - despite not having an active FE policy or it "enabled". I would check you're using the latest engine - They can be found in more detail here - File Encryption Engine updates for SafeGuard 8.10 / 8.20 / 8.30 (sophos.com)

    Sophos did remove one a while back too that was known to have issues - so do double check that it's the latest and supported engine you're installing/checking. 

    Sadly don't forget that this product (on-prem) does now have a EOL defined - July 2023 - so it may be worth planning your migration while things are not looking so great to Central or another product.

  • Oh well, great.

    Are there engine updates for SafeGuard Versions 8.0 or do we also need to update our Sophos Server?

    If yes, where can I get the files?

    Do I need a new license for an update?

    Thank you very much!

  • No, I don't believe you'll need a new licence, it should be covered under your original agreement. I would advise that you do install the latest Windows client though, as you're a few versions behind. There's also a patch for the 8.0.6 client for some known issues. So I would update a test client first to the latest version, then apply the file filter engine to this version. What backend version is running on your server - is that still V8.0 too?

  • Thanks,

    yes, our Backend Server and also our clients are running on Version 8.0.6 with the latest patch you mentioned.

    So I think an update to the newest version is necessary.

    How to proceed for that? Is it possible to do this on my own, or do I need a consultant for that?

  • Sorry for the delay - had a few days leave! Yes, perfectly possible to do on your own, but completely dependant on how confident you are. If you're running VM's it would be worth having a snapshot prior to the upgrade, and making sure all DB's are backed up too. Sophos would be able to offer PS (Professional Services) for this too I'm sure - but this would be at a cost. 

Reply
  • Sorry for the delay - had a few days leave! Yes, perfectly possible to do on your own, but completely dependant on how confident you are. If you're running VM's it would be worth having a snapshot prior to the upgrade, and making sure all DB's are backed up too. Sophos would be able to offer PS (Professional Services) for this too I'm sure - but this would be at a cost. 

Children
No Data