Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 3295 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SafeGuard v7 - error 3612 on portable HDD - what to do?

MarkWhicker

Hello there,

We have a portable HDD which was connected to one of our machine and encrypted, the drive was working but we've got a red key in Windows Explorer, and when the drive is connected I got the message Encryption SGN Error 3612, ESA of volume corrupt.

Can't decrypt or access it - what are the options for recovery?

Many thanks,

Mark



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hey Mark,

    A red key basically just means that you don't have access, if you connect the drive to the machine it was originally encrypted on then you should be able to login to Windows via the SafeGuard tile and access the drive as normal. If you still get a red key you may have lost the key from your keyring, re-assigning the key to that user should be enough to gain access.

    If you want to decrypt the drive then once the hard drive is attached you will need to create a decryption policy. Decryption is never automatic, it must be manually triggered from the client machine.

    1. Create a new device protection policy in the Management Center
    2. Set the target to 'Local Storage Devices\Drive Letters'. This will allow you to decrypt any hard drive connected to the computer.
    3. Set the Media encryption mode to 'Volume based'
    4. Change the setting 'User may decrypt volume' to Yes
    5. Change the Media encryption mode to 'No encryption'
    6. Click Save
    7. Apply this policy to the OU or group containing the user or computer that will be decrypting the slaved hard drive. Click Save.
    8. Synchronize the client. You should have received new policies. After receiving the new policies you should be able to right click the slaved drive in Windows Explorer and see that the 'Encryption' context menu item is no longer greyed out, and you can now click 'Decryption'
    The drive will take roughly as long to decrypt as it did to encrypt. Once decrypted you may want to re-write the MBR to skip over the SafeGuard kernel. You can use either a Windows disk or WinPE (KB 108805) to do this.

    Article ID: 108805
    Title: Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
    URL: https://sophos.com/kb/108805

    The following related KBA may also be of some assistance

    Article ID: 108411
    Title: How to allow a user to decrypt a SafeGuard Enterprise Client
    URL: https://sophos.com/kb/108411

    I hope that helps Mark, but let us know if you have any further issues.

Reply
  • FormerMember
    0 FormerMember

    Hey Mark,

    A red key basically just means that you don't have access, if you connect the drive to the machine it was originally encrypted on then you should be able to login to Windows via the SafeGuard tile and access the drive as normal. If you still get a red key you may have lost the key from your keyring, re-assigning the key to that user should be enough to gain access.

    If you want to decrypt the drive then once the hard drive is attached you will need to create a decryption policy. Decryption is never automatic, it must be manually triggered from the client machine.

    1. Create a new device protection policy in the Management Center
    2. Set the target to 'Local Storage Devices\Drive Letters'. This will allow you to decrypt any hard drive connected to the computer.
    3. Set the Media encryption mode to 'Volume based'
    4. Change the setting 'User may decrypt volume' to Yes
    5. Change the Media encryption mode to 'No encryption'
    6. Click Save
    7. Apply this policy to the OU or group containing the user or computer that will be decrypting the slaved hard drive. Click Save.
    8. Synchronize the client. You should have received new policies. After receiving the new policies you should be able to right click the slaved drive in Windows Explorer and see that the 'Encryption' context menu item is no longer greyed out, and you can now click 'Decryption'
    The drive will take roughly as long to decrypt as it did to encrypt. Once decrypted you may want to re-write the MBR to skip over the SafeGuard kernel. You can use either a Windows disk or WinPE (KB 108805) to do this.

    Article ID: 108805
    Title: Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
    URL: https://sophos.com/kb/108805

    The following related KBA may also be of some assistance

    Article ID: 108411
    Title: How to allow a user to decrypt a SafeGuard Enterprise Client
    URL: https://sophos.com/kb/108411

    I hope that helps Mark, but let us know if you have any further issues.

Children
No Data
Unfiltered HTML