Sophos SafeGuard Disk Encryption 4.60.0

Table of Contents

1      General Information and Hints. 1

2      Known Issues. 2

 

1     General Information and Hints

 

1.1       PC Card Drives (PCMCIA)

Sophos SafeGuard Disk Encryption does not support PCMCIA drives.

 

1.2       Using IDE & SCSI drives

Sophos SafeGuard Disk Encryption cannot be installed on systems in which the boot partition is located on a SCSI drive. At boot, hard drive 0 is always a SCSI drive (through the BIOS configuration). After booting Windows changes the sequence of the hard drives and hard drive 0 then becomes the first IDE drive. SafeGuard Easy cannot handle this (implicit) renumbering and the system will run into a BSOD with the STOP code 07B.

1.3       Virtual drives

Sophos SafeGuard Disk Encryption does not support virtual drives.

 

1.4       Hibernation and Encryption

Hibernation does not work correctly if encryption or decryption of a hard disk or hard disk partition has not yet completed.

 

1.5       Lenovo ThinkVantage Rescue and Recovery

‘Rescue and Recovery’ (RnR) must be installed before Sophos SafeGuard Disk Encryption is installed. Otherwise you must run the WinPERepair.exe and MBRSync.exe utilities after installing Rescue and Recovery. If Windows has been started again after an RnR session was started on the service partition then do not uninstall Sophos SafeGuard Disk Encryption immediately. Instead do another reboot, otherwise the service partition will remain the active partition. Please refer to the manual for the supported RnR versions.

 

1.6       Windows 2003, Vista and Windows 2008

Sophos SafeGuard Disk Encryption does NOT support Microsoft Windows Server 2000, Microsoft Windows Server 2003, Microsoft Windows Vista and Microsoft Windows Server 2008 operating systems. The 64BIT operating systems are not supported.

2     Known Issues

 

2.1       Shutdown with Running Decryption

It is not possible to perform a Windows shutdown while decryption is running (as part of the deinstallation process). If you turn off your computer for this reason during decryption, you may need to resume deinstallation by calling the Sophos SafeGuard Disk Encryption deinstallation routine one more time.

 

2.2       Dead keys

The user ID of a Sophos SafeGuard Disk Encryption user must not include one ` or one ´ without the other character in the pair. Otherwise it is not possible to perform a successful logon.

 

2.3       LS120 ZIP drive

Access to an encrypted LS120 medium fails. After encryption, these media may not be readable any longer.

 

2.4       Dynamic Disks

Sophos SafeGuard Disk Encryption must not be installed on dynamic disks. These are not supported.

 

2.5       Multi-user Operation under Windows XP

Sophos SafeGuard Disk Encryption will not install correctly when a second user is logged on under Windows XP.

 

2.6       Windows Encrypted File System (EFS)

You must not install Sophos SafeGuard Disk Encryption into a directory that is encrypted with EFS. Neither the target nor the source directory may be EFS protected.

 

2.7       RAID Systems

SafeGuard Disk Encryption does not support RAID systems besides hardware RAID 0. This applies to hardware-based RAID systems. Software-based RAID systems are not supported in any combination.

 

2.8       Partitions beyond 8GB

If a PC is not able to boot partitions beyond 8 GB, and if the Sophos SafeGuard Disk Encryption system kernel is located in such a partition (by installing it using a configuration file with the parameter ‘SgeKernelInstDrive=x’ set), the following problem may arise: The PC may crash at boot, if the option "Do not change MBR" is set.

 

2.9       Warning Message ‘Configuration Manager’

If you look at Sophos SafeGuard Disk Encryption Control's properties in the Windows 2000 or XP Services Manager, the system displays the error message "Configuration Manager: The device access number entered corresponds to no device present." This message has no effect on the operating system or applications and can be ignored.

 

2.10      NT Backup System State Restore

NT Backup system state restore currently does not work if Sophos SafeGuard Disk Encryption is installed.

 

2.11      List of Forbidden Passwords

The list of passwords that can be imported must not be in UNICODE format. This may cause unexpected program behavior and crashes in SGEADM.

 

2.12      Deinstallation with Microsoft ‘OneNote 2003’ Installed

If the Microsoft program ‘OneNote 2003’ is installed and active, deinstallation of SDE may fail. If, however, the ‘OneNote’ process is removed via Task Manager, SDE can be deinstalled. The activity of ‘OneNote’ as process cannot necessarily be concluded from the Taskbar entries. Once ‘OneNote’ is no more active (i.e. removed from the Autostart folder), SDE can be deinstalled regularly.

 

2.13        Sound Card

On certain computers, the soundcard may not work after installing SafeGuard Easy.

In order to address the sound card problem you need to pass the setup a property variable called EMEM=offset.E.g. Setup EMEM=1024, which advises the pre-boot code to pass its parameter block 1024 byte below the boundary that is indicated in the BIOS. EMEM has a valid range from 1 to 16383 byte. Please note that you may configure this offset only during installation or migration. Its value can be found in the registry under the same value name. It serves for information purposes only.
SUBSEQUENT CHANGES OF THIS VALUE HAVE NO EFFECT.

Up to now, this problem has only been reported for Dell computers with SigmaTel-Soundchip.

 

2.14        Windows 200 SP4

In the Windows 2000 SP4 environment it may occur that the installation of SDE 4.60.0 is aborted. In this case, please refer to Support area on the Sophos homepage for a solution of this problem.

 

2.15        Booting the computer from the CD

When installing SDE 4.60.0 booting the computer from the CD by pressing [F7] may not be possible. Among others, the following devices may be concerned:

 

IBM

T60

Z60

R60

 

HP

NC6230

HP nc8000 – current BIOS: F.18

HP nc4400 – current BIOS: F.0B

 

Dell

D420 – current BIOS: A5

Optiplex GX620 (BIOS v.A09)!

Latitude E6400

 

An alternative boot variant allowing direct booting from the Recovery CD is being planned.

 

2.16        Letters, characters and symbols for user names and passwords

It is recommended not to use the character „§“ [Shift] + 3 for user names and passwords.

 

2.17        SDE-SSO

SDE-SSO is not supported with Novell Netware Client for Windows.

 

2.18        3rd Party Bootmanager

3rd Party Bootmanagers are not supported.

 

2.19      Fingerprint

The Fingerprint functionality is not supported in SDE.

 

2.20      Dualboot

Dualboot systems are not supported.

 

2.21      MAC Hardware

MAC Hardware based XP implementations are not supported.

 

2.22      Kernel backup

It is recommended to back up the system kernel after SDE Installation and prior to initial encryption.

 

2.23      MBR

MBR manipulations on a computer with SDE installed may lead to data loss.

 

2.24      E-ATA systems

Booting the computer from the Recovery CD is not supported for computers with E-ATA.

 

2.25      Graphics card

On a Dell Optiplex GX270 computer with graphic card NVidia GeForce4 MX440 with AGP8X a black screen may occur when starting the computer. It is recommended to restart the computer.

 

2.26      Explorer context menu for diskette and USB

After an SDE installation with encryption, the Explorer context menu for diskette and USB shows an encryption option. This option does not have any function in this product variant.

 

2.27      Help button

It may occur that the Help button does not display any help information in some installation dialogs.

 

2.28      Default user

It may occur that the default user exists twice in SDE Administration.