Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 3301 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Exchange / Safe Guard Portable

Greenberet

Hi,

We are using Sophos Safe Guard Easy 5.50 latest Release.

There is a Data Exchange Policy. We want to manual encrypt Files on USB Drives.

In the Policies is Automatic Encryption and Automatic Copy of Safeguard Portable disabled.

We copy the File SGPortable.exe manual if needed.

But on every USB Drive Safe Guard is copying a file named: SGNKeytable.ktb

The file is Hidden. We can not control this behavior.

my question is:

Is it possible to restrict this. We dont want any files copied on USB Sticks without our control.

When we have a USB Drive from a Customer we dont want that there is a Hidden File from Safe Guard Easy.

Best Regards

Greenberet

:4451


This thread was automatically locked due to age.
  • 0

    Even disabling initial encryption for removable devices, if you write a file to the USB memory device, it will be automatically encrypted, and I don't think there is a way to disable this without completely disabling DX.

    How are you expecting your users to use this software?

    In our organization, we had a need for our sales staff to have their USB memory devices encrypted, but also be able to exchange larger files with customers.  To achieve these goals, we put the following policy set regarding removable media into place:

    Configuration Protection:

    Removable Media - Read Only

    External Hard Drives - Read Only

    Floppy Device and Tape Devices - Restrict

    White List for Distinct Storage Devices - Storage Whitelist (create a whitelist)

    Device Protection:

    Target - Local Storage Devices\ Removable Media

    Key to be used for encryption - Defined key on list

    Defined key for encryption - Workgroup key

    User may define a media passphrase for devices - yes

    Everything else in those policies are set to the defaults.

    The configuration protection policy will allow any non-authorized USB devices to be read on the machine, but those devices will not be encrypted, nor will the user have write access to them. But, once you register a device on the whitelist, the Device Protection policy will kick in and automatically encrypt all files on the device, and will also allow the user to set a media encryption passphrase, so they can decrypt their files on non-SGN machines.

    With this set of policies, our sales staff can read data from customer USB memory devices, but are not able to write to them.  They can also have their own (writeable) USB memory devices that are encrypted, and if they set a media encryption passphrase, they can decrypt those files to give to customers.

    I'm not sure how SafeGuard Easy is licensed and whether you get Configuration Protection by default, but if you do have a license to CP, I would definitely suggest fiddling with it, because it might get you the results you're looking for.

    :4507
  • 0

    Thx ssij for your post.

    We will disable the Data Exchange Feature. We need to read and write on customer sticks. Our Technicans must have access to multiple Removable Devices without any automatic encryption.

    In this case Data Exchange is not the Right Solution for us.

    We will use True Crypt Portable in the future.

    Best Regards

    Greenberet

    :4553
  • 0

    Hi Greenberet,

    according to my knowledge, you can deactivate the media passphrase policy (maybe this is not desired in your case). If you deactivate it, we will not write to the key table to the USB stick.

    Let me know if this was useful for you.

    :4603
Unfiltered HTML