This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable automatic encryption of external USB media

Hello all,

We are using SafeGuard Easy 5.60.1.7 ans using it to encrypt a mix of Dell Laptops running Win7 Pro 32/64bit. We have been able to successfully deploy the encryption packages without to many issues. However we have run into one issue that we have had some trouble finding any information on.

The issue is that multiple laptop users have external USB media(e.i. - flash drives, USB hard drives) and when they plug in their extrenal devices it auto-encrypts the media. We do not want this to happen. We understand that having unencrypted  extrenal media on an encrypted laptop defeats the purpose of encryption all together, but this is only for use on a few "Admin" machines.  We have found a temporary solution of disabling the Sophos SafeGuard Disk Encryption Control service on the machine in question, but that is not a good permanent solution for us. 

Is there a policy setting change that we can make in the Policy Editor that disables the auto-encryption of extrenal media. After reading through the installation/startup guides for SGE 5.6, it doesnt really talk about how to do this. It does say however that you can select your Target Devices. If i Select Boot Volumes in this section, will it then only encrypt boot devices, and then also not encrypt non-boot devices?

Any advice on this issue would be appreciated. Thank you in advance for your help. If you need any more background info, please let me know.

-1stMid_IT

:24865


This thread was automatically locked due to age.
Parents
  • The best way in 5.60.x is to create a whitelist for the devices you want encrypted, and then create a device encryption policy that targets only that whitelist.  Create a second policy that targets all removable media, and set it to "No Encryption".  Finally, make sure that the first whitelist-targeted policy has a higher priority than the no-encryption policy.

    That way, devices that you control that are on the whitelist are automatically encrypted when the user plugs it in, and any device that is not on the whitelist will get the default behavior, which would be to not encrypt it.

    :24961
Reply
  • The best way in 5.60.x is to create a whitelist for the devices you want encrypted, and then create a device encryption policy that targets only that whitelist.  Create a second policy that targets all removable media, and set it to "No Encryption".  Finally, make sure that the first whitelist-targeted policy has a higher priority than the no-encryption policy.

    That way, devices that you control that are on the whitelist are automatically encrypted when the user plugs it in, and any device that is not on the whitelist will get the default behavior, which would be to not encrypt it.

    :24961
Children
No Data