De-encrypting or Reverse Encryption a partition


i did a encrpytion for the whole partition d:/.

Can i de-encrypt d:/ without deinstall the Sophos Client 8?


I tried to remove the Client Configuration, but it didn´t work.


And what, if i have a policy group with 2 policies. One of them is file encryption d:/.

And i want to remove the policy file encryption on d:/, but i want to keep the other policy. So i need the Sophos Client and cannot uninstall it.


  • Yes - You can decrypt a drive. I would create a group for this and add members (PC's) into this group.

    I've posted some times about creating a group here

    Creating a group for the decryption is easier to manage and will also prevent your users decrypting their own machines without your permission (and also uninstalling the client too which you've allowed it would seem?)

    However if you have removed the client and the drive is still BitLocker'ed you could try using the manage-bde command

    Command Admin prompt

    manage-bde -off d:

    You can also Manage BL within Windows (right click the drive select Manage BitLocker) Normally though with the client installed and configured correctly turning off BL will just be turned on again by Sophos.


    Don't forget Sophos SafeGuard is only managing BitLocker in this scenario. The policies tell the computer to invoke BitLocker on the following drive - it's not Sophos encrypting the drive, but Microsoft with a Microsoft product.


    Check your Device Protection policies - you can either modify your existing policy to be Boot Volume only and then exclude non-boot volume and have a policy for each. If you use the parent category "Internal Storage" it'll apply the same policy to boot volume AND non.


    Hope that helps?