The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Issue Using white lists to define file based encryption for removable media devices.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Data Exchange 5.60.0
With this feature, Data Protection policies for file based encryption can now be assigned to a list of specific device models (iPods, USB of a specific vendor etc). It is also possible to define policies for distinct devices, identified by their serial number.
By setting the encryption mode in a Device Protection policy to No Encryption, device models or even distinct devices can be excluded from encryption.
If a white list is specified as target for a Device Protection policy, only No Encryption or File Based Encryption can be selected as encryption mode.
In SafeGuard Enterprise 5.60, only the Data Exchange module evaluates Device Protection policies assigned to white lists. Setting an encryption mode No Encryption for a Device Protection policy with a white list target can NOT be used to exclude a device from encryption, that has another policy that triggers VOLUME BASED encryption. The settings Copy SGPortable to Removable Media and User may define Media Passphrase can be enabled just as normal via policy.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.