Any action that triggers a Data Control rule is blocked with the following example alert:
File transfer blocked Please use Windows Explorer to copy file
First seen in Sophos Endpoint Security and ControlCentral Windows Endpoint 10.8.1
Operating systems Windows 8 Windows 8.1 Windows 10 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019
In Windows 8 Microsoft introduced a new feature, Secure Boot, which is enabled by default on newer computers that meet the UEFI Specifications Version 2.3.1, Errata C or higher with Windows 8/8.1, 10, 2012/R2, 2016, 2019 Server installed. With Secure Boot enabled the computer firmware checks the signature of all of the software being loaded at boot time, this includes drivers and the operating system itself. If the signatures are OK the system will boot and control is given to the operating system.
Unfortunately when Secure Boot is enabled, it disables the Microsoft APIs/DLLs that we call as part of our Data Control (DLP) feature in Sophos Endpoint product for Windows, since these have not been signed by Microsoft for use.
With the release of Sophos Endpoint Security and Control 10.8.9 Sophos supports Data Control and Secure Boot being enabled on the same computer.
Note: This only applies to Windows 10 and Windows Server 2016 operating systems and above.
For previous operating systems, in order to use our DLP feature on the applicable Windows machines, customers need to disable the Secure Boot feature as detailed in the following Microsoft article:
Any customers who do not want to disable Secure Boot will need to disable Data Control on the affected computer.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.