Why Sophos Safeguard Enterprise 6.0 Breaks MBR?

I wouldn't go as far as to say its Sophos that is breaking the MBR, it changes things but these changes are not something that with time suddenly go faulty.

When a MBR becomes corrupt or has issues in most cases, it can be cuased by one or more bad sectors on the disk. Sophos requires a spotless MBR and running a Chkdsk for scan disk can assist in finding these errors. These scans are benifical to the OS and to Sophos. It is not recommened to use Boot managers as this can cause conflicts. In some cases imaging software can cuase MBR changes or issues that will result in failure.

Virus attacks can also cause damage to the MBR which will also cuase issues...

There is a multitude of scinarios where the MBR can become corrupt its hard to really pinpoint the source. If you are having to do this often to endpoints, you might want to consider replacing the hard drive in these systems. It is not so much Sophos that is causing these issues.

In the instance of where Sophos is present on the machine, Sophos writes to the MBR and modifies addresses to boot in specific way, in your situation using the Sophos MBR recovery is the best practiced solution and using anything else will not result in success.

Hi furtadov,

when you say corrupt MBR, what error message is displayed on the client machines if they are affected?

Regards,

Chris

First thank  you guys for the quick reply.

I usually get two scenarios where PCs wont boot:

1- Most common; Upon win7 boot I get the windows error recovery where it asks me to launch start up repair or Start windows normally. When I launch start up repair it asks me to choose which operating system to repair but nothing is listed. I am not able to start windows normally.

2- I get the "an error occurred while attempting to read the boot configuration" data: File: \Boot\BCD  status: 0xc000000f

I will try a new HDD as suggested, please let me know if I can do anything else to speed things up.

Thank you guys and have a good weekend.

The error occurs when an encrypted machine boots straight into the Windows Recovery Environment (due to an unexpected shutdown) and launching the automatic repair function.

Due to the fact that the disk is encrypted and the Windows Recovery Environment cannot access OS information, the Windows Recovery Environment cannot complete all operations and unfortunately leaves the BCD (Boot Configuration Data) store in a chipped state, which results in the error on boot.

The following Knowledge Base Article describes the issue and how to resolve it:

SafeGuard Enterprise Client fails to boot, Windows error: Recovery from "File: \Boot\BCD Status: 0xc000000f" or File: Boot\BCD status 0xc0000098

http://www.sophos.com/en-us/support/knowledgebase/112846.aspx

With the release of SafeGuard Enterprise 6.10, with the installation (or upgrade) of SafeGuard Enterprise, we will inject drivers into the Windows Recovery Environment, so the Recovery Environment has access to the encrypted disk after booting the machine through POA and so the issue will no longer occur.

The attempt of injecting drivers into the Windows Recovery Environment is also available for versions < 6.10. Please contact Sophos support and request information from KBA 117092.

Regards,

ChrisD

Thanks Chris,

I'm just having problems unlocking the volume using the recoverkeys.exe tool in order to repair BCD.