Safeguard POA not allowing recovery anymore after self initiated Windows Shutdown

Here's the cause of the issue as I've scene this before.
POA can't access all the local cache information correctly so the cache is corrupt or can't be accessed for some reason. This happens to me typically because of four reasons:
1. Some of the LocalCache files are located on bad spots of the HDD and/or dirty filesystem
2. the hard drive controller is not responding in a way the POA system drive controller expects and can't load POA correctly
3. Over time the install has issues because one of the base dependencies in windows is broken (i.e corrupt WMI is often a culprit) and is causing issues you aren't aware of until you try to make a change in the system
4. A security product is scanning and messing with files in a way it's not supposed to interfering with normal SGN operation (FYI not all security products correctly obey exclusions/white lists all the time no matter what you're being told or there are additional exclusions that need to be made because you forgot some)

When SGN initiates shutdown it detects it's been tampered with and shuts down the system normally because it's designed to do that to prevent bypassing and automatic unauthorized access to the data you're protecting.

That said that's sometimes a pain. Check the windows and SGN logs for anything indicating any of the above in safe mode. That won't shut you down.

Emergency in system removal of safeguard instructions, you may need them for diagnostics later in order to get access to the system:

* boot into Safe Mode
* add following registry entries:
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer - change "Default" REG_SZ value to "Service"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SGN_BEService - change "Default" REG_SZ value to "Service"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BEDevctl - change "Default" REG_SZ value to "Service"
* close Registry Editor
* from command prompt run following commands:
* net start MSIServer
* net start SGN_BEService
* net start BEDevctl
* remove Safeguard Client from Add/Remove Programs
* on encrypted system - if you want to check decryption process, manualy start: C:\Windows\System32\be_encvExe.exe
* once decryption/deinstallation has finished, please reboot
* on next restart you will see a blue Windows installer screen with information: Starting SG Base Encryption Kernel
deinstallation. Please wait... Release all allocated areas on disk. Process completed. Result OK.
Now take in mind that if you totally locked your system out and it's encrypted, you'll have to decrypt first from another system using a USB to SATA kit or install it internally into your system. Take in mind this will remove the ability to boot from it. To make it bootable again use any windows 7 32 bit DVD or windows 7/winpe bootable flash drive and run the following commands while the drive you decrypted is IN THE SYSTEM YOU WANT TO BOOT FROM:
bootrec /fixmbr
bootrec /fixboot

This will work for windows 7 32 and 64 bit, vista, and windows xp.

These are the steps your SGN pro-services rep will take do fix this sort of thing. Also SGN 6.00.01 was just released, believe me the upgrade fixes a lot of minor bugs and adds more coding to help assist with base windows level bugs if windows isn't operating correctly at least SGN will. Have your rep assist with the upgrade, it's well worth the time and money spent on pro-services to do this!

You can thank hard working Sophos/SGN employees like Bob Mumaw for these steps who I originally got them from.

Here's the cause of the issue as I've scene this before.
POA can't access all the local cache information correctly so the cache is corrupt or can't be accessed for some reason. This happens to me typically because of four reasons:
1. Some of the LocalCache files are located on bad spots of the HDD and/or dirty filesystem
2. the hard drive controller is not responding in a way the POA system drive controller expects and can't load POA correctly
3. Over time the install has issues because one of the base dependencies in windows is broken (i.e corrupt WMI is often a culprit) and is causing issues you aren't aware of until you try to make a change in the system
4. A security product is scanning and messing with files in a way it's not supposed to interfering with normal SGN operation (FYI not all security products correctly obey exclusions/white lists all the time no matter what you're being told or there are additional exclusions that need to be made because you forgot some)

When SGN initiates shutdown it detects it's been tampered with and shuts down the system normally because it's designed to do that to prevent bypassing and automatic unauthorized access to the data you're protecting.

That said that's sometimes a pain. Check the windows and SGN logs for anything indicating any of the above in safe mode. That won't shut you down.

Emergency in system removal of safeguard instructions, you may need them for diagnostics later in order to get access to the system:

* boot into Safe Mode
* add following registry entries:
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer - change "Default" REG_SZ value to "Service"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SGN_BEService - change "Default" REG_SZ value to "Service"
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BEDevctl - change "Default" REG_SZ value to "Service"
* close Registry Editor
* from command prompt run following commands:
* net start MSIServer
* net start SGN_BEService
* net start BEDevctl
* remove Safeguard Client from Add/Remove Programs
* on encrypted system - if you want to check decryption process, manualy start: C:\Windows\System32\be_encvExe.exe
* once decryption/deinstallation has finished, please reboot
* on next restart you will see a blue Windows installer screen with information: Starting SG Base Encryption Kernel
deinstallation. Please wait... Release all allocated areas on disk. Process completed. Result OK.
Now take in mind that if you totally locked your system out and it's encrypted, you'll have to decrypt first from another system using a USB to SATA kit or install it internally into your system. Take in mind this will remove the ability to boot from it. To make it bootable again use any windows 7 32 bit DVD or windows 7/winpe bootable flash drive and run the following commands while the drive you decrypted is IN THE SYSTEM YOU WANT TO BOOT FROM:
bootrec /fixmbr
bootrec /fixboot

This will work for windows 7 32 and 64 bit, vista, and windows xp.

These are the steps your SGN pro-services rep will take do fix this sort of thing. Also SGN 6.00.01 was just released, believe me the upgrade fixes a lot of minor bugs and adds more coding to help assist with base windows level bugs if windows isn't operating correctly at least SGN will. Have your rep assist with the upgrade, it's well worth the time and money spent on pro-services to do this!

You can thank hard working Sophos/SGN employees like Bob Mumaw for these steps who I originally got them from.