This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Network Location File Encryption

Hello,

 

I am trying out the Safeguard Encryption. I'm not expirienced with this solution or any other of its kind for that matter.

I' ve a setup integrated with AD Domain. Right now everything seems to be working properly and well integrated, I am testing 2 machines (Windows 7 Enterprise & Windows 8.1 Enterprise). On both the SafeGuard client is installed and working correctly. I am able to push new policies to them and they are applied.

Right now I am trying to setup a Policy for a network Location, it is not been applied, or I at least new files created on the share are not encrypted.

Safeguard Management Center version is 8.00.0.251

On both clients the safeguard client is installed with full-disk and synchronized encryption features.

No error is reported when synchronizing with the server, and changes to policies are updated on the client (pop-up with new policies received shows up).

The policy created is a File Encryption policy, Encryption Type: Location-based and the PATH is in the UNC format : \\SERVER\SHARE\TEST

Am I missing something? I can right-click the file and encrypt it (it shows the green lock on the file), although if I double click the file (simple TXT file) it opens the encrypted file (with the sophos safeguard header).

I also tried using a local folder, and I get the same result.

If I choose on the sophos client the file location encryption feature instead od synchronized encryption, I do not even have the manual encryption option.

Is there a log file on the client to see if some errors are happening?

Using a policy I enabled all reporting to the management center, and I get some information entries, but no problem is showing up.

Regards,

Duarte  

 



This thread was automatically locked due to age.
Parents
  • Hi Duarte,

     

    For files to be automatically be encrypted when using the Synchronized Encryption, they have to be created by the application that you specified in the Template. So creating a file by Wordpad should do it (regardless of the extension). Unfortunately, Notepad is an application that works in very strange ways, and we can't monitor what it's doing. So don't use that application for testing.

    When you copy files to that location,  you can set the policy to check that location, and when it finds files (in your case only when they have the extension txt, because that's the only extension you specified), it will encrypt them. The screenshots show that you have not activated that. (See "Initial Encryption" in https://community.sophos.com/cfs-file/__key/communityserver-discussions-components-files/6/sfg_2D00_3.png).

    Best regards,

     

    Vince

Reply
  • Hi Duarte,

     

    For files to be automatically be encrypted when using the Synchronized Encryption, they have to be created by the application that you specified in the Template. So creating a file by Wordpad should do it (regardless of the extension). Unfortunately, Notepad is an application that works in very strange ways, and we can't monitor what it's doing. So don't use that application for testing.

    When you copy files to that location,  you can set the policy to check that location, and when it finds files (in your case only when they have the extension txt, because that's the only extension you specified), it will encrypt them. The screenshots show that you have not activated that. (See "Initial Encryption" in https://community.sophos.com/cfs-file/__key/communityserver-discussions-components-files/6/sfg_2D00_3.png).

    Best regards,

     

    Vince

Children
  • Hello Vince,

     

    Thanks for your reply. I had already tried using only the Wordpad, I've created a specific template only for wordpad and txt & rtf extensions.

    Still the initial encryption is not done, new saved files from within the application (Wordpad) are not automatically encrypted and also manually encrypted files when opened in wordpad are not transparently decrypted. I've attached the screenshots with the policies setup.

    Is there a client log file or debug feature that I could enable on the client to check if the policy is effectively being applied and run? When I change it and force the synchronize with the server it pops-up "New policies received" 

     

    Duarte

  • Hi Duarte,

    First: you can test if the rules have arrived correctly by issuing the command  "fetool rli -a" in the folder "c:\program files (x86)\sophos\safeguard enterprise\fileencryption". 

    Then, from what you describe, I suspect you have added your policy to the root, and have kept the "Default" policy group. In that case, as the Default group contains an empty encryption policy, and has priority 1, it will not be overwritten. 

    The solution would be:

    - Check the "no override" checkmark next to your policy

    - Move the policy to a lower level, i.e. not on the root but for example on the domain

    - Remove the empty file encryption policy from the Default policy group.

    Hope this helps.

     

    Vince

  • Also, when testing, don't forget that there may be a refresh delay with the overlay icon. That means that you may not see the green padlock on the file, even though it is encrypted. To be sure, always check with the right-click context menu (or press F5 while on the desktop or wherever the file is).

    Vince

  • Hello VIv,

    This was the problem. The default group is automatically linked to the ROOT and they were in conflict. 

    Also there is the RSOP tab on the user/computer  that also shows the policies that are going to be applied.

    Thanks for you help

    Duarte