"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Issue: Most common SafeGuard Enterprise Local Cache corruption factors and how to prevent corruptions
Known to apply to the following Sophos product(s) and version(s): SafeGuard Enterprise
The following are things that could modify the local cache on a SafeGuard protected workstation, or otherwise corrupt it: Indexing Services may be setting flags or changing attributes on files once they are indexed. This can be solved by exempting the Local Cache from indexing services, or disabling the Indexing Service. If you have other programs or services that also perform similar actions, you would have to do the same with those. Backup services or applications can set backup flags or change attributes on files in the local cache, also causing corruption of the cache from a Safeguard perspective. You would have to use a copy only backup operation, or exempt the Local Cache from your backup operations to prevent this from occurring. Antivirus scanning can change, modify, or set attributes on files, directly corrupting the files contained in the local cache. This is easily solved by adding an exception, which you indicated was already done on all endpoints. On this note, undetected malware can also directly delete or corrupt Local Cache contents, so you should check to ensure your AV software is completely up-to-date, and that you are using some kind of Heuristics engine or Host Intrusion Protection System. Patches and manual security changes that prevent normal operation and interactions between SafeGuard and it's local cache can directly cause the system to lockup and trigger a local cache corruption. to protect again this, please test all patches and security changes in a test environment before deploying into production.
The SafeGuard Local Cache folder can be found here:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.