Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Data Protection Suite - Disk Encryption Question

AndyBolton

For years now I have used Sophos AV and to be honest its one of the best - so when Sophos combined the whole security suite including Disk Encryption, I thought it was time to try it.

We use Sophos Enterise Console (latest Version) to deploy, manage and look after out Sophos Estate

I have now started testing the encryption software on a couple of laptops and generally its looking really good - my question is

How do I uninstall the encryption software once it is installed - I can find no documentation that explains how or even if you can uninstall - this process will be pivital to my company going past the testing stages

I look forward to any comments

Regards

Andy Bolton

:25831


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    The uninstall of Sophos SafeGuard 5.61.0 Client (as managed from SEC 5.1)  is covered by Tamper Protection when enabled.  If you look in the Tamper Protection log on the client you'll see a message that uninstall was prevented.  Likewise in SEC 5.1, in the Tamper Protection event viewer you will see evidence of the attempt.  In order to uninstall from the client you would need to open the interface of SAV on the endpoint, "authenticate user", disable Tamper protection and then you will be able to uninstall.  It's not sufficient to authenticate, you need to disable also.  You could also disable tamper protection in the policy in SEC before performing the uninstall.

    As the user (which would also need to be an administrator) is already logged in to the client to uninstall encryption (which will start the decrypt) it's fine. Encryption of the file system is to prevent someone who can't authenticate to the machine getting data off it.  For example you couldn't just access data off the disk from a bootable Linux OS or connect the disk to another machine.

    Regards,

    Jak

    :25865
Reply
  • 0

    HI,

    The uninstall of Sophos SafeGuard 5.61.0 Client (as managed from SEC 5.1)  is covered by Tamper Protection when enabled.  If you look in the Tamper Protection log on the client you'll see a message that uninstall was prevented.  Likewise in SEC 5.1, in the Tamper Protection event viewer you will see evidence of the attempt.  In order to uninstall from the client you would need to open the interface of SAV on the endpoint, "authenticate user", disable Tamper protection and then you will be able to uninstall.  It's not sufficient to authenticate, you need to disable also.  You could also disable tamper protection in the policy in SEC before performing the uninstall.

    As the user (which would also need to be an administrator) is already logged in to the client to uninstall encryption (which will start the decrypt) it's fine. Encryption of the file system is to prevent someone who can't authenticate to the machine getting data off it.  For example you couldn't just access data off the disk from a bootable Linux OS or connect the disk to another machine.

    Regards,

    Jak

    :25865
Children
No Data