Full Disk Encryption Option missing from client install

Dear Members,

We have deployed Sophos Safeguard Enterprise 8.20.0.83 in our environment, we have had no issues deploying the client software to our domain joint machines. The policies are very simple and we have started with fulldisk encryption, which we have managed to deploy to a number of our machines.

However, we have come across a machine, an HP Probook 450 G5 notebook running Windows 10 Pro (1803) X64, where the "Full disk encryption" + Bitlocker options are not available during the client install. We have checked the partitions on the disk, partitions are NTFS formatted, disk type is set to basic. We have also run tpm.msc to check for any issues with the TPM module and services within Windows, no issues found. Before we proceed to do a full format & re-installation of Windows on this machine, has anybody come across a similar issue and managed to resolve it ?

 

Any help will be appreciated.

Thank you

Carl

 

  • Hi Carl - Have you checked to see if HP Encryption is enabled or installed? I normally flatten ALL our hardware to make sure no bloatware/conflicting software is resident but even so some can sneak back on thanks to "driver" updates and enhancements! 

    Worth checking to see if there's any conflicting encryption/security products that could upset BitLocker.

     

    It's also worth trying to enable BL on the PC manually - it should provide a brief description of what the issue is. 

    Do make sure too that if TPM.msc is happy that BIOS is also in UEFI mode and not CSM/Legacy. TPM though is NOT needed to run/enable BL on Win10 (and some earlier OS) , so this isn't connected with this issue you can see. 

  • In reply to MichaelMcLannahan:

    Hi Micheal

    Thank you for your input. We had a look at the installed software, the HP encryption software was not present, however, the BIOS is set to legacy mode and the disk is set to MBR.

    I suspect that this is the issue, we will change the settings early next week, once we have a backup of the machine and let you know.

    Thank you again for your input, much appreciated.

    Regards

    Carl

  • In reply to Carl Korb:

    Dear Community, apologies for not getting back to you on this issue. After much troubleshooting and changing the BIOS from Legacy to Secure Boot, we discovered that the Sophos Central AV was deployed with Sophos Central Drive Encryption package. We uninstalled the Sophos Central client, rebooted the machine, re-installed Sophos Central Endpoint (minus the Central Drive Encryption), rebooted and proceeded to install the SGN client, which now had the Drive encryption option available.

     

    Hope this will help someone in the future if they come across this issue.

     

    Regards

    Carl