Any action that triggers a Data Control rule is blocked with the following example alert:
File transfer blocked Please use Windows Explorer to copy file
Buffer overflow detection will also fail to trigger.
First seen in Sophos Endpoint Security and Control
Operating systems Windows 8 Windows 8.1 Windows 10 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016
In Windows 8 Microsoft introduced a new feature, Secure Boot, which is enabled by default on newer computers that meet the UEFI Specifications Version 2.3.1, Errata C or higher with Windows 8/8.1, 10, 2012/R2, 2016 Server installed. With Secure Boot enabled the computer firmware checks the signature of all of the software being loaded at boot time, this includes drivers and the operating system itself. If the signatures are OK the system will boot and control is given to the operating system.
Unfortunately when Secure Boot is enabled, it disables the Microsoft APIs/DLLs that we call as part of our Data Control (DLP) feature in Sophos Endpoint product for Windows, since these have not been signed by Microsoft for use.
In order to use our DLP feature on the applicable Windows machines, customers need to disable the Secure Boot feature as detailed in the following Microsoft article:
Any customers who do not want to disable Secure Boot will need to disable Data Control on the affected computers.
We recognize that this is not a trade-off that many customers will want to make, and In the meantime Sophos is working to re-implement our DLP feature. This involves a major re-design of the feature and will take some time to implement.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.