Variants of Full Disk Encryption in SafeGuard 6.10 / 7.0
Applies to the following Sophos product(s) and version(s) SafeGuard BitLocker Client 6.10.0SafeGuard Device Encryption 6.10.0SafeGuard BitLocker Client 7.0SafeGuard Device Encryption 7.0
Depending on the operating system you are using, different volume-based encryption options (also known as full-disk-encryption options) are available.
offers a SafeGuard Challenge/Response mechanism for BitLocker recovery (e.g. if a user forgets their PIN). In this case no one has access to the BitLocker recovery key, so this option is considered more secure than the standard BitLocker management. On the downside, disaster recovery options are limited.
is the module that enables and manages the BitLocker encryption engine and the BitLocker pre-boot authentication. All BitLocker recovery methods offered by Microsoft, which require the BitLocker recovery key, are possible.
is the Sophos module for encrypting volumes on endpoints. It comes with a Sophos implemented pre-boot authentication named SafeGuard Power-on Authentication (POA) which support logon options like smartcard and fingerprint, and a Challenge/Response mechanism for recovery. We offer disaster recovery mechanisms (e.g. drive slaving, recovery using WinPE, etc.).
is the module that enables and manages the FileVault 2 encryption engine and pre-boot authentication. All FileVault 2 recovery methods offered by Apple, which require the FileVault recovery key, are possible.
The table below shows which encryption modes version 6.10 and 7.0 are supporting according to your operating system:
* only available on the OS editions with BitLocker Support (Windows 7 Enterprise and Ultimate Edition, Windows 8/8.1 Pro and Enterprise Edition)
** Installations on OS X 10.10 require an updated installation package of the 6.10 client (version 184.108.40.2064), which is available in the download area of Sophos.com as of 24th of October 2014 or SafeGuard version 7.
Sophos SafeGuard Release Notes landing Page
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.