Sophos discovered an issue which can lead to a bluescreen (BSOD) on endpoints running a SafeGuard 8.10 file encryption module.
The issue can occur when applying Windows Updates e.g. KB4464330 to an endpoint running Windows 10 version 1809 but might also be triggered by 3rd party applications.
This is known to happen when the following conditions are met:
The following sections are covered:
Applies to the following Sophos products and versions SafeGuard Data Exchange 8.1SafeGuard Synchronized Encryption 8.1SafeGuard File Encryption 8.1SafeGuard Cloud Storage 8.1
Windows 10 October 2018 Update (Redstone 5 / version 1809)
The reason for the crash is a new FILE_INFORMATION_CLASS which has been introduced with Windows 10 version 1809 and is not yet handled correctly by the SafeGuard File Encryption Engine. It is not expected to be widely used by applications yet but might be triggered during a Windows update.
A new version of the File Encryption Engine is available, which solves the issue and should be applied before updating Windows 10 to version 1809.
Install File Encryption Engine build 22 (or a newer version) to avoid issues with Windows 10 version 1809.
On endpoints that are already running Windows 10 version 1809 together with an unsupported SafeGuard 8.10 File Encryption Engine version, we recommend temporarily disabling the file encryption filter drivers as described below.
Download reg files to disable/enable encryption drivers
Disable the drivers by applying the Disable_Encryption_Drivers.reg file.
After a reboot the drivers won´t be active. By running FLTMC in an administrative CMD you can verify that.
As soon as the File Encryption Engine build 22 has been applied, the drivers can be enabled again using the Enable_Encryption_Drivers.reg file
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.