The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Persistent encryption feature in SafeGuard Data Exchange, File Share and Cloud Storage modules as of version 6.0
Known to apply to the following Sophos product(s) and version(s) SafeGuard Cloud Storage 6.0SafeGuard Data Exchange 6.0SafeGuard File Encryption 6.0
What To Do
SafeGuard Enterprise 6.0 introduces a feature called Persistent Encryption to file based encryption used by the Data Exchange, File Share and Cloud Storage modules. When copying encrypted files to locations not covered by a file based encryption rule, the copied files will be automatically stored encrypted like the copied source file.
Applications create files internally themselves which could cause unexpected behaviour in some situations, resulting in encrypted files where they should be plain. In such cases, the registry key below can be used to exclude applications from Persistent Encryption as a whole:
Set NoPersistentApplication to a semicolon separated list of fully qualified paths for applications to be excluded from persistent encryption and reboot the operating system to activate the new setting.
Placeholders %SYSTEM% at the beginning of a name are replaced by the paths to the 32-bit and 64-bit system folders (system32 and syswow64).
The default setting after installation is %SYSTEM%\MSPAINT.EXE. MSPAINT is excluded from persistent encryption since it creates temporary files in the user profile directory when saving files to a different position. When encrypting the user profile as a whole, this leads a situation where all files saved by MSPAINT would be encrypted.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.