Making SGPortable optional still creates the SGPortable folder on removable media

As of SafeGuard Enterprise version 6.10 the copy process of SGPortable has been slightly changed.

SGPortable.exe (and the corresponding folder) is now only copied, when the first file is encrypted on the device and not immediately after attaching it, as in previous versions of the product.

If the user opts out, neither the execuatble nor the folder is created.

Cheers

M.

Except that I have version 7. 

Hi,

in internal tests (client version 7.00.1.2) with the configuration you described, the behavior was not reproducible so this does not seem to be a general issue. 

Possibly this is timing related or depends on the used removable media.

Cheers

M.

On the server I have:

Sophos SafeGuard Management Center version 7.00.0.102

Sophos SafeGuard Server version 7.00.0.97

Sophos SafeGuard Server Configuration version 7.00.0.97

On clients I have:

Sophos SafeGuard Client version 7.00.0.105

Sophos SafeGuard Client Configuration version 7.00.0.97

Sophos SafeGuard Preinstall version 7.00.0.97

These were the versions that came with the 7.0 package download.

I see a new package for version 7.01 which I have downloaded and I will see if I can upgrade although there are no specific instructions for upgrading from 7.0 to 7.01.

I do not believe the issue is device specific, I have yet to see a device that doesn't do it although I have so far only tried flash drives but I have done multiple models and manufacturers and they all do it (probably something around 6 or 8 different make/model combinations).

EDIT:  So it looks like all of the installers on the 7.01 package are the same as the 7.0 package with the exception of the Sophos SafeGuard Client which is now 7.00.1.2 (I am referring only to x64 installers since I have no x86 machines). 

Upgrade documentation (which refers to upgrading from 6.x versions but it's all the upgrade documentation I have) says that the client has to be the same or lower version than the server.  Even though the server lists Sophos SafeGuard Management Center version 7.00.0.102 under installed programs, if I select it, at the bottom it says Product Version: 7.00.0.97 so all of the server components seem to agree that they are actually 7.00.0.97.

However on the client side in the installed programs list it has Sophos SafeGuard Client version 7.00.0.105 (which presumably will change to 7.00.1.2 if I use the new client installer from the 7.01 package) and when I select it, it does not say Product Version: 7.00.0.97 it says Product Version: 7.00.0.105.  This would seem to indicate that the client version is higher than the server components and also higher than the cient pre-install package.  Basically everything is claiming 7.00.0.97 except the Sophos SafeGuard Client.

I will try the new client installer and see if it helps this issue at all.

EDIT2: Upgraded client and the problem persists.

EDIT3: I tried recreating my configuration package and removed the old one and installed the new one on a client, it did not help.

Well I discovered something useful.  The issue seems to be caused by the check box for "remember setting and do not show the dialog again".  If I uncheck this box the folder is not created.  There is also apparently a hidden file (marked as a system file no less) in the SGPortable folder called DX_PLAIN.VOL.  It seems like this file is actually how the machine determines if you used the "remember setting and do not show the dialog again" checkbox.  If I delete this hidden file (but leave the SGPortable folder) and then plug the flash drive into a device where I had already asked it not to encrypt and remember my choice, then it will act like it is a new device and offer to encrypt it when I plug it in.

So it looks like what would be a possible solution for me is if I could make the DX_PLAIN.VOL file write to the root of the removeable media and also presumably make the client look for it there when a device is plugged in again after already having the check box to remember the choice selected no a previous occasion.

For now I have changed my policy conifguration.  I have changed the last item in the OP

- User is allowed to decide about encryption: Yes, remember user settings

to

- User is allowed to decide about encryption: Yes

This leaves the checkbox greyed out.

@Michael based on my results I am inclined to think you did not reproduce my policy settings exactly in your tests.  Since it is clear to me that the DX_PLAIN.VOL file is actually used to record the choice of the user in regards to the "remember setting and do not show the dialog again" checkbox, and since that checkbox is actually checked by default, the only way you could have not experienced what I described in the OP is if you had the policy setting for "User is allowed to decide about encryption:" to "Yes" as I have now done, or you were unchecking the box in your test.  Those are the only ways it doesn't create the folder and clearly since the folder is holding a file with information used by the client software, it is being created by design and not as the result of a bug or something weird in my environment.

Your observations regarding the DX_PLAIN.vol file is correct. If the policy setting to allow the user to decide about the encryption (and remember the setting) is configured , the user's decision about encrypting or not encrypting the media is saved in a file DX_ENCRYPTED.VOL or DX_PLAIN.VOL (depending on the user's choice).

In my tests the policy was configured as described but as the user interaction was only described as "user opts not to encrypt"  the checkbox was unchecked.