We'd love to hear about it! Click here to go to the product suggestion community
We are running into an issue with Safeguard Trusted Application settings and Solidworks and Draftsight applications.
We have Engineering drawings which are encrypted with policies from Safeguard. I have added the exceptions below to the Trusted Applications list already, however, we still seem to be unable to open any of our encrypted drawings. I have made sure that the policy sync has been completed on the end user(s) machines.
List of Exceptions:
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exeC:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exeC:\Program Files\SolidWorks Corp\SolidWorks\SLDWORKS.exeC:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exeC:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiController.exeC:\Program Files\Dassault Systemes\DraftSight\bin\draftsighthelper.exe
We originally started with the top 3 exceptions and that seemed not to work, so we went through the folder and added exceptions for all executable's we thought that might have been related to opening documents within the application.
Please note that we cannot open documents that are encrypted by double-clicking on them, or dragging them to the application. The applications have no issues opening unencrypted versions of these drawings.
Safeguard Management Center Version: 126.96.36.199
Safeguard End user application version: 188.8.131.52
Hi Dallas Turner
Would you please suggest whether you have assigned the policy to the machines or to the users? This policy should be assigned to the machines, not to the users.
If it's synchronized encryption, you set the applications in the application list.
If it's location-based, you set the applications in the General Settings policy.
Hope this helps.
In reply to Jasmin:
The policy is assigned to "Root" which covers all machines and users. Is this appropriate?
In reply to Neil_Evolve:
Hey Neil - I am fairly new to this product, how do you differentiate between Synchronized and location-based?
In reply to Dallas Turner:
It is not best to practise to apply policies at the root level. Instead of that assign policy to the group of computers or users.
To check Synchronized or location-based encryption, Go to File encryption policy, you have assigned and check whether the encryption method mentioned there is application-based encryption or location-based encryption.
Synchronized encryption is based upon file extension, you can also target specific locations.
Location-based encryption encrypts all files in a location according to the assigned policy. You assign Trusted Applications for file-based encryption in the relevant General Settings policy.
As for policies and where you assign them, see: https://docs.sophos.com/esg/sgn/8-1/admin/en-us/esg/SafeGuard-Enterprise/concepts/Policies.html
Missed this link re: policies
This appears to have been the solution. I changed the group that the policy applied to from Root to Domain Computers and after synchronizing and grabbing the policy updates we are now able to open the encrypted files within the programs.
In my most recent reply I had stated that I assigned it to the Domain Computers. The policy work appropriately assigning it to the machine.