Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 10437 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard and the case of the accidental re-image

ABCR-TRP

Good afternoon Sophos SafeGuard community,

I am passing this story along to ask IF there is any other way to approach the likely loss of the MBR (Master Boot Record) of a Sophos SafeGuard Enterprise (version 5.40.0) protected & encrypted desktop.  I am posting this on behalf of a small team with limited time and resources.  We typically "get things right" and do not make "educated guesses", but in the scenario I am about to describe, lesser procedures were employed by not-as-experienced Contractor help.

The scenario goes like this:

A Windows 7 migration Technician accidentally begins the imaging process of a Lenovo T420 laptop without backing up the End User's data.  The laptop was previously encrypted with the version mentioned above (Desktop Sophos agent shows version 5.50.8.13), and the "5.40.0" version number appears with the Sophos "Enterprise" listing in the "Add/Remove Programs" > Control Panel.

Once the mistake was realized, the imaging process was stopped and we were able to Boot the laptop up to the blue background screen Sophos normally shows just before displaying the POA login window.  However, no login window appeared!

It was at this point other Technicians presumed the MBR had become corrupted or removed entirely, but it was also hoped the User's data remained intact on the hard drive!  Next the MBR was repaired through the BIOS and with the use of another third-party tool called, "Spotmau".  The partition was scanned and "repaired" using Spotmau.

The next observation made was of a bootable laptop (positive!) which led to an error indicating "NTLDR" is missing.  This is a more commonly encountered error message which personnel supporting Windows XP will recognize.

SCENARIO QUESTIONS:

1).  What general steps can be performed for data recovery with this machine?

2).  Does Sophos have an ability to "heal thyself" using "BE_Restore.exe" or the version specific Emergency CDs?

3).  Do any of these options require the use of the Sophos Server Console?

  • Perhaps there is an Emergency Procedures handbook that may be downloaded (or paid for?) to avoid calls to Sophos support IF the steps within it are followed properly?

Respectfully submitted,

~ Dennis C.

:50860


This thread was automatically locked due to age.
Parents
  • 0

    After thoughts (the best kind..)

    It has been my experience over the past dozen years that so-called "corruption" and Operating System (O.S.) "failure" issues must be anticipated and trained for, or prepared for in advance!  While it may be easy to ask questions of any vendor's staff "after the fact", this is ideally NOT the position anyone wants to find themselves occupying! - - - To do so is similar to removing the spare tire from a car, loaning the jack to a neighbor and throwing the red plastic Gasoline container in the Recycle Bin because it "looks old", and then hoping nothing bad happens. It is just not advisable.

    ~ Dennis

    :50862
Reply
  • 0

    After thoughts (the best kind..)

    It has been my experience over the past dozen years that so-called "corruption" and Operating System (O.S.) "failure" issues must be anticipated and trained for, or prepared for in advance!  While it may be easy to ask questions of any vendor's staff "after the fact", this is ideally NOT the position anyone wants to find themselves occupying! - - - To do so is similar to removing the spare tire from a car, loaning the jack to a neighbor and throwing the red plastic Gasoline container in the Recycle Bin because it "looks old", and then hoping nothing bad happens. It is just not advisable.

    ~ Dennis

    :50862
Children
No Data
Unfiltered HTML