Sophos SafeGuard Disk Encryption 5.50.8
Table of Contents
1.1 What’s included in the SDE 5.50.8 Release
1.1.2 Improved Encryption Performance
1.2 What’s included in the SDE 5.50 Release
1.2.1 New Architecture – based on SafeGuard Enterprise Engine.
1.2.2 Extended Windows Platform Support: 64 bit and Windows Vista/7
1.2.4 “POA only” User Accounts
1.2.5 Improved Hardware/Operating System Compatibility
1.2.6 Windows PE recovery CD (Virtual Client)
1.2.7 Simplified Installation and Key Backup
2 Where to start? Overview of the installation files
3.2 Sophos SafeGuard Disk Encryption Client
3.3 Summary of Update Scenarios
3.4 SDE Windows Operating System Support
4 Resolved Issues (SDE Release 5.50.x compared to SGN Release 5.40)
4.2 Sophos SafeGuard Disk Encryption Client
5.3 Sophos SafeGuard Disk Encryption Client
A new, optimized handling of initial encryption using full-disk encryption is now available which typically leads to a significantly reduced duration of the initial encryption process. By limiting the initial encryption to hard disk space that is actually 'used' and not all the available physical disk space, the performance gain can be dramatic, of course depending on the percentage of used disk space. This new operation mode can be controlled along with the other encryption policy settings and is deactivated by default.
A new, improved and optimized implementation of the AES256 encryption algorithm provides better run-time performance when accessing encrypted data.
Compared to the previous version 4.60, Sophos SafeGuard Disk Encryption 5.50 is an entirely new product, based on SafeGuard Enterprise architecture. It includes a new, graphical power on authentication (POA), Local Self Help to recover from forgotten passwords and an entirely new policy editor, User accounts in POA are now using Windows credentials instead of dedicated SDE passwords. Existing installations of SDE 4.60 under Windows XP can be upgraded without re-encryption. In general if you are currently using SDE 4.60 make yourself first familiar with version 5.50 on a newly set up machine and read the upgrade section in the administrator help before attempting to upgrade. You may also choose to leave existing machines running on SDE 4.60 and only use 5.50 on newly installed clients to save any upgrade work on existing clients.
Sophos SafeGuard Disk Encryption 5.50 fully supports the 32-bit and 64-bit versions of Microsoft Windows Vista and Microsoft Windows 7 as well as 32-bit Windows XP. The Policy Editor also supports the 32-bit and 64-bit versions of Windows Server 2003 and Windows Server 2008/R2.
Sophos SafeGuard Disk Encryption 5.50 introduces the capability to assign users to Service Account Lists. When applied to a newly set up client machine where the POA is not yet activated, users on this list will not be added to the POA’s user list and hence not take ownership of the machine or turn on the POA after having logged on to Windows. This enables them to service and configure the machine but leaving the Sophos SafeGuard Disk Encryption configuration apparently untouched before handing it over to its intended owner, something that is often required in roll-out scenarios.
Special accounts (easily recognizable by belonging to a special virtual “<POA>” domain) have been introduced with SDE 5.50 to provide, e.g., administrators with the ability to boot a POA-protected machine without having to know any of the machine’s regular users’ credentials or having to be registered as a regular user themselves on each machine. They are always entitled to boot the machine from external media and when logging onto Windows, this will not trigger any of the default logon actions of the Sophos SafeGuard Disk Encryption client. For example, the user will not be registered with SDE irrespective of the credentials that were used for the Windows logon.
Compatibility of Sophos SafeGuard Disk Encryption has been further improved in many ways, e.g.,
The advanced recovery functions for SafeGuard Enterprise encrypted harddrives, e.g., booting a Windows PE recovery environment in case of a broken, misconfigured operating system are now also available for Sophos SafeGuard Disk Encryption 5.50 clients.
Sophos SafeGuard Disk Encryption recovery files can now be easily and automatically collected on a central network share if so desired by the administrator. Also options to easily backup and restore the company certificate of new installations have been added.
Various other improvements in usability, storage use, performance and handling have been made in Sophos SafeGuard Disk Encryption. These include:
Sophos SafeGuard
Disk Encryption consists of two file sets: one to install the encryption software
on endpoint (client) PCs, one to install the administration software (SafeGuard
Policy Editor). We recommend installing SafeGuard Policy Editor first.
For installation of the product proceed as follows:
1. Read the Startup guide: doc\ssg_55_sgeng.pdf
2. Read the Readme file: install\readsde_5_eng.html
3. Install SafeGuard Policy Editor on the intended administrator’s machine. The following files belong to the SafeGuard Policy Editor installation:
·
install\dotnetfx35setup.exe
Microsoft .Net Framework, required for SafeGuard Policy Editor if not already
present on the administrator system.
·
install\SQLEXPR.exe
Microsoft SQL Express database, required for SafeGuard Policy Editor if not
already present on the administrator system.
· install\SDEPolicyEditor.msi
4. Configure the initial policy by modifying the default policy in the SafeGuard Policy Editor to meet your requirements and saving it to a file (see administrator help for details)
5. Deploy the encryption software and policy to one or more clients. The following files belong to the client side of the installation:
·
install\SGxClientPreinstall.msi
Installs a Microsoft patch required for SDE client side installation.
·
install\SDEClient.msi
for 32 bit Windows operating systems or
install\SDEClient_x64.msi
for 64 bit Windows operating systems.
·
<the location you
saved the policy file to>\Default Package.msi
(or the name you gave the file when saving it)
This is the policy that tells the client to encrypt according to the options
you chose.
Notes:
· If you are an existing SDE 4.60 user, we recommend to first become familiar with SDE 5.50 on new machines before you decide whether or not to upgrade existing SDE 4.60 installations.
· Administrative rights are necessary to install the software.
· If you are upgrading from SafeGuard Easy 4.x, please be sure to read the corresponding section of the administrator help and Knowledge base articles
Hardware:
Intel or AMD X86 CPU
512 MB RAM
1 GB free hard disk space (recommended)
Software:
Microsoft Windows Operating
Systems in English, French, German or Japanese
· XP SP2 SP3 32 bit
· Vista SP1 SP2 32 bit 64 bit
· 7 32 bit 64 bit
· 2003 Server SP1 SP2 32 bit 64 bit
· 2003 Server R2 SP1 SP2 32 bit 64 bit
· 2008 Server SP1 SP2 32 bit 64 bit
· 2008 Server R2 64 bit
Microsoft ASP.net
· .NET Framework 3.0 SP1
The Windows user must have R/W access to the database using one of the following authentication methods:
· Windows NT authentication
· SQL database authentication
Tested X.509 certificates
Hardware:
Microsoft Windows Operating Systems:
Software:
SDE Update Matrix |
|
||||
|
Update from |
||||
Update To |
SGE 4.x x >= 50 |
SDE 4.60 |
SGN standalone 5.35, 5.40, 5.50 |
SGN managed 5.35, 5.40, 5.50 |
|
SDE 5.50 |
l |
l |
|
|
|
SGE 5.50 |
l |
l |
l |
|
|
SGN 5.50 |
l |
l |
l |
l |
|
SGN 5.50.8 |
l |
l |
l |
l |
|
Legend:
l Update supported
Supported Algorithms
When updating from SGE 4.x, the following encryption algorithms are supported: IDEA, 3DES, AES 128, AES 256
Migration
of SGE 4.x/SDE 4.60 to SDE 5.50
For these migration scenarios, the user needs a valid Windows account. In the
case that the user does not know his Windows password because he is using SAL
for Windows log on, the user’s Windows password has to be reset and the new
value has to be forwarded to the user. Please be sure to read the corresponding
user manual section before proceeding with the upgrade.
|
SDE – Microsoft Windows Platform Support |
||||||
|
SDE 5.50.x |
||||||
Client |
Policy Editor |
||||||
XP Professional Edition |
SP2 SP3 |
32 Bit |
l |
.NET 3.01 |
|||
Vista
Home Premium Business Enterprise Ultimate |
SP1 SP2 |
32 Bit |
l |
.NET 3.01 |
|||
Vista
Home Premium Business Enterprise Ultimate |
SP1 SP2 |
64 Bit |
l |
.NET 3.01 |
|||
7 Home Premium Professional Enterprise Ultimate |
|
32 Bit
|
l |
NET 3.01 |
|||
7 Home Premium Professional Enterprise Ultimate |
|
64 Bit |
l |
NET 3.01 |
|||
Server 2003 / R2 |
.NET 3.0 |
IIS 6 |
SP1 SP2 |
32 Bit 64 Bit |
|
l l |
|
Server 2008 Server 2008 R2 |
.NET 3.0 |
IIS 7.0 IIS 7.5 |
SP1 |
64 Bit 64 Bit |
|
l l |
|
1 .Net 3.0 SP1 required
Note 1: Sophos SafeGuard Disk Encryption can be installed on and does support systems that are equipped with Solid State Disks (SSDs).
Note 2: Sophos SafeGuard Disk Encryption can be installed and operated in virtualization environments as well. Please be aware that there might be interoperability issues regarding encryption on devices that are attached via the USB bus. Depending on the virtualization environment and the attached device this issue might cause a system fault.
- In some scenarios, the autologon of the POA was broken
- The installer lacked a POACFG property
- There were incorrect log entries indicating that a drive is decrypting when in fact it was encrypting
·
Uninstallation
of SDE client on a PE machine renders the PE unusable.
When the SafeGuard
Policy Editor is being run on a machine with a SDE client installation,
uninstalling the client will leave the PE in an unusable state. This issue
does not depend on the order of installation of the two modules. If you want to
continue running the PE on such a machine, you must reinstall the PE.
·
SafeGuard
Policy Editor configuration may fail due to restrictive default SQL Server
permissions
When
installing the SafeGuard Policy Editor on a Windows Vista or Windows 7 machine,
make sure that you have all required administrative privileges for the corresponding
SQL Server or SQL Express database engine.
·
Database
Naming Scheme
SDE Databases names should comply with the following naming scheme in order to
prevent localization issues.
SDE Database names should only contain:
- Characters (A-Z, a-z)
- Numbers (0-9)
- Underscores (_)
·
If a SafeGuard
Policy Editor is installed on a SDE client machine, both components (client + PE)
have to be updated to SDE 5.50, where the client has to be updated first.
Updating only the SafeGuard Policy Editor can lead to failed logons at Windows
level.
·
Possible
configuration of SQL Database access methods:
The Windows NT Authentication option requires further mandatory configuration
steps proposed by Microsoft (please search the Sophos knowledge base for “SGN
& service account”). The SQL Authentication is the less complex way and
does not require additional configuration.
·
Certificates
provided by the customer and imported into PE are currently not verified
according to RFC3280. For example, we do not prevent using signature
certificates for encryption purposes.
· Overlapping policies assigned to a group might result in incorrect calculation of the priorities. Please use disjunctive policy settings.
·
If you want
to allow minimum password durations of less than 2 days please do not change
the setting “Password change allowed after min. (days)”. Once changed the
minimum is 2 days.
·
There are
some GUI layout problems on machines configured for resolutions other than 96
DPI.
·
After
updating the SDE database to version 5.50 old Policy Editors show an error
message. They must be updated as well.
·
When
performing uninstall, some files and registry entries may remain. Please
consult the Sophos knowledge database (keywords “SGN & uninstall”) on how
to clean the installation manually. Such a cleanup is necessary in order to
reinstall SDE on the same computer.
· In rare situations it might be possible to experience timing and/or configuration problems with local SQL Server Express editions, so that the configuration of the SafeGuard Database in conjunction with SQL Server Authentication might not work. If that is the case, we recommend using Windows authentication with SQL Server Express instead.
·
BitLocker To Go - encrypted
devices may prevent SDE installation
If a BitLocker To Go-encrypted
USB stick is attached to a machine during the setup of SDE, the installation
will fail because Windows reports the system as being BitLocker-enabled, which
is a valid failure condition for the DE client installation. The solution is to
remove any BitLocker to Go-encrypted devices before installing SDE.
·
Local Self-Help
For the Local Self Help
option the Recovery option in the POA will never be shown if the user who is
logged on to the POA has the option to log on with a token or via fingerprint.
LSH only works if the user logs on to the POA with user ID and password.
·
Delay Write Errors
during Initial Encryption
During the installation of
Sophos SafeGuard Disk Encryption, delayed write failures may be reported by the
operating system. This happens right after installing the kernel onto the file
system. This may be forced by executing many parallel file I/O operations
during the next boot right after manipulating the file system.
Solution:
An alternate way to install the Sophos SafeGuard Disk Encryption Kernel can be
forced by adding a registry value.
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Control\Session
Manager
Value Name: AllocMode
(DWORD)
Value: 1
This registry value should be
added before executing the Sophos SafeGuard Disk Encryption setup
·
Novell
Client
To use the SDE
Client in conjunction with a Novell Client there are some project specific
adaptations necessary. Please contact Sophos Support for further information.
·
Fast
User Switching
Fast user
switching is not supported and must be disabled.
Built-in floppy drive
After installation of SDE on Windows Vista
the built-in floppy drive is no longer available. This limitation does not
apply to external floppy drives attached via the USB bus.
·
Boot time
Boot time increases by about one minute after installing the SDE Client software.
·
Encryption of
‘Virtual Drives’
Virtual drives that are
mounted on the client workstation (e.g. VHD file into Windows using MS Virtual
Server mounter) are considered as local hard drives and therefore their
contents will be encrypted too if an encryption policy for ‘other volumes’ is
defined.
· It is not possible to use Volume-based device encryption together with BitLocker. The SDE Client setup does not allow installing both features simultaneously.
· During the initial encryption of the system partition (i.e. the partition, where the hiberfil.sys file is located) suspend to disk may fail and should therefore be avoided. After the initial encryption of the system partition a reboot is required before suspend to disk works properly again.
· It is recommended to reboot a SDE Client PC at least once after activating the Power-on Authentication. Sophos SafeGuard Disk Encryption performs a backup of its kernel data on every Windows boot. This backup would never happen if the PC is only hibernated or transferred into stand-by mode.
·
The maximum
number of registered SDE users on a client is 200.
Please do also consider the following maximum file sizes for files imported to
a client by policy:
o Text files should not be larger than 50 kB.
o Banner Bitmaps should not be larger than 100 kB.
o Background bitmaps should not be larger than 500 kB.
Note: The amount of assigned users, especially in combination with a lot of group-memberships has a noticeable impact on the SDE Server performance.
· Microsoft Windows XP has a technical limitation of its kernel stack. If several file system filter drivers (e.g. antivirus software) are installed, the memory might not be sufficient. In this case you might get a BSOD. Sophos cannot be made liable for this Windows limitation and cannot solve this issue.
· For volume-based encryption, volumes that are located on "dynamic disks" or “GPT disks” are not supported.
· When performing uninstall, some files and registry entries may remain. Please consult the Sophos knowledge database (keywords “SGN & uninstall”) on how to clean the installation manually. Such a cleanup is necessary in order to reinstall SDE on the same computer
· If an uninstall of the SDE client is triggered via Active Directory it has to be ensured that all volume-based encrypted volumes have been decrypted properly beforehand.
· Compatibility to imaging tools has not been tested and is therefore not supported.
· Special characters (e.g. ä,ö,ü,…) have to be entered “case sensitive” at POA level.
· Some computers cannot boot from a floppy disk once they have booted the POA from the hard disk. This is a limitation of their BIOS implementation and cannot be solved by Sophos.
· Special characters should be used with caution in the legal notice text for the POA. Some of these characters may not be displayed properly.
· Before encrypting a partition with volume-based encryption, it is recommended to run chkdsk c: /f /v /l /x in order to touch every sector of the partition. The firmware of the hard disk will then replace every defect sector before SDE tries to encrypt it.
· When using SafeGuard Portable in combination with SDE Client, AES-256 algorithm has to be used for encryption of removable media.
· SDE volume-based encryption has been successfully tested against concurrent installations of antivirus products by Sophos as well as the following:
If problems during startup are encountered, please try the following:
In HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\ Filesystem\RealTimeScan
Set the DWORD value KStackMinFree to 0x2200.
To find a detailed explanation of the key, click this link:
· When you uninstall a SDE Client you must uninstall the client configuration package first.
· The BE_RESTORE tool always tries to access disk0. This may not be the hard disk, e.g., if a USB stick is connected or a ram disk is being used.
· The BE_RESTORE tool has some limitations on Windows Vista / Windows PE 2.0 if the hard disk is not encrypted yet.
· Using the BE_RESTORE tool with Windows PE 2.0 needs at least 512 MB of memory.
· A floppy media change is not always detected properly. Try to access the floppy, while no media is in the drive (e.g. with the Explorer) to ensure that the media change is detected.
· The Windows XP operating system up to Service Pack 2 shows a problem on some machines where a resume after standby does not show the locked desktop but directly opens the user desktop. The problem also applies to machines with Sophos SafeGuard Disk Encryption. This should be fixed with Windows XP SP3.
· Very rarely the SDE Device Encryption Client setup will end with error 5001. Meaning that your hard disk is too fragmented to install this software. The SDE kernel needs 96MB contiguous, free disk space on the first hard disk.
· The enforcement of the Sophos SafeGuard Disk Encryption password history policy can be avoided by the user during execution of the password change due to enforcement of the system administrator.
· Users with “umlaut” characters in the user ID other than the keys on the chosen keyboard layout are not able to logon in POA, e.g. in combination with German keyboard layout.
The following keyboard layouts are supported in the pre-boot authentication module. "x" indicates that the language is fully supported. All other languages will default as specified. Please beware of special characters in passwords if users have an unsupported keyboard which defaults to US keyboard.
Language ID Keyboard Language / Comments
====================================================================
0x0000 US Language Neutral
0x0400 US Process or User Default Language
0x0800 US System Default Language
0x0401 US Arabic (Saudi Arabia)
0x0801 US Arabic (Iraq)
0x0c01 US Arabic (Egypt)
0x1001 US Arabic (Libya)
0x1401 US Arabic (Algeria)
0x1801 US Arabic (Morocco)
0x1c01 US Arabic (Tunisia)
0x2001 US Arabic (Oman)
0x2401 US Arabic (Yemen)
0x2801 US Arabic (Syria)
0x2c01 US Arabic (Jordan)
0x3001 US Arabic (Lebanon)
0x3401 US Arabic (Kuwait)
0x3801 US Arabic (U.A.E.)
0x3c01 US Arabic (Bahrain)
0x4001 US Arabic (Qatar)
US Arabic (102) AZERTY
X 0x0402 BG Bulgarian No font available
0x0403 ES Catalan
0x0404 US Chinese (Taiwan) No font available
0x0804 US Chinese (PRC) No font available
0x0c04 US Chinese (Hong Kong SAR, PRC) “
0x1004 US Chinese (Singapore) No font available
0x1404 US Chinese (Macao SAR) (98/ME,2K/XP)
X 0x0405 cz Czech
X 0x1402 cz_qwerty Czech (QWERTY)
US Czech (Programmers)
X 0x0406 dk Danish
X 0x0407 de German (Standard)
X 0x0807 de_CH German (Switzerland)
0x0c07 de German (Austria)
0x1007 de German (Luxembourg)
0x1407 de German (Liechtenstein)
X 0x0408 el Greek No font available
X 0x0409 us English (United States)
X 0x0809 gb English (United Kingdom)
0x0c09 us English (Australian)
0x1009 us English (Canadian)
0x1409 us English (New Zealand)
X 0x1809 ie English (Ireland)
0x1c09 US English (South Africa)
0x2009 US English (Jamaica)
0x2409 US English (Caribbean)
0x2809 US English (Belize)
0x2c09 US English (Trinidad)
0x3009 US English (Zimbabwe) (98/ME,2K/XP)
0x3409 US English (Philippines) (98/ME,2K/XP)
X 0x040a ES Spanish (Spain, Traditional Sort)
0x080a ES Spanish (Mexican)
0x0c0a ES Spanish (Spain, Modern Sort)
0x100a ES Spanish (Guatemala)
0x140a ES Spanish (Costa Rica)
0x180a ES Spanish (Panama)
0x1c0a ES Spanish (Dominican Republic)
0x200a ES Spanish (Venezuela)
0x240a ES Spanish (Colombia)
0x280a ES Spanish (Peru)
0x2c0a ES Spanish (Argentina)
0x300a ES Spanish (Ecuador)
0x340a ES Spanish (Chile)
0x380a ES Spanish (Uruguay)
0x3c0a ES Spanish (Paraguay)
0x400a ES Spanish (Bolivia)
0x440a ES Spanish (El Salvador)
0x480a ES Spanish (Honduras)
0x4c0a ES Spanish (Nicaragua)
0x500a ES Spanish (Puerto Rico)
X 0x040b fi Finnish
US Finnish (with Sami)
X 0x040c fr French (Standard)
X 0x080c be French (Belgian)
0x1080c be Belgian(Comma)
X 0x0c0c ca_enhanced French (Canadian)
US French (Canadian, Legacy)
US Canadian (Multilingual)
X 0x100c fr_CH French (Switzerland)
0x140c fr_CH French (Luxembourg)
0x180c fr French (Monaco) (98/ME,2K/XP)
0x040d US Hebrew
X 0x040e hu Hungarian
X 0x040f is Icelandic
X 0x0410 it Italian (Standard)
0x0810 it Italian (Switzerland)
X 0x0411 jp Japanese
X 0x0412 ko Korean No font available
0x0812 US Korean (Johab) (95,NT)
X 0x0413 nl Dutch (Netherlands)
X 0x0813 be Dutch (Belgium)
X 0x0414 no Norwegian (Bokmal)
0x0814 no Norwegian (Nynorsk)
X 0x0415 pl Polish No font available
X 0x0416 br Portuguese (Brazil)
X 0x0816 pt Portuguese (Portugal)
X 0x0418 ro Romanian
0x0419 US Russian
0x041a US Croatian
0x081a US Serbian (Latin)
0x0c1a US Serbian (Cyrillic)
0x101a US Croatian (Bosnia and Herzegovina)
0x141a US Bosnian (Bosnia and Herzegovina)
0x181a US Serbian (Latin, Bosnia, and Herzegovina)
0x1c1a US Serbian (Cyrillic, Bosnia, and Herzegovina)
0x041b sk Slovak
0x041c US Albanian
X 0x041d se Swedish
0x081d se Swedish (Finland)
0x041e US Thai
X 0x041f tr Turkish No font available
0x0420 US Urdu (Pakistan) (98/ME,2K/XP)
0x0820 US Urdu (India)
0x0421 US Indonesian
0x0422 uk Ukrainian
0x0423 US Belarusian
0x0424 sl Slovenian
0x0425 US Estonian
0x0426 lv Latvian
0x0427 lt Lithuanian
0x0827 US Lithuanian (Classic) (98)
0x0429 US Farsi
0x042a US Vietnamese (98/ME,NT,2K/XP)
0x042b US Armenian. This is Unicode only. (2K/XP)
US Armenian Eastern
US Armenian Western
0x042c US Azeri (Latin)
0x082c US Azeri (Cyrillic)
0x042d US Basque
0x042f US Macedonian (FYROM)
0x0430 US Sutu
0x0432 US Setswana/Tswana (South Africa)
0x0434 US isiXhosa/Xhosa (South Africa)
0x0435 US isiZulu/Zulu (South Africa)
0x0436 US Afrikaans
0x0437 US Georgian. This is Unicode only. (2K/XP)
0x0438 US Faeroese
0x0439 US Hindi. This is Unicode only. (2K/XP)
0x043a US Maltese (Malta)
0x043b US Sami, Northern (Norway)
0x083b US Sami, Northern (Sweden)
0x0c3b US Sami, Northern (Finland)
0x103b US Sami, Lule (Norway)
0x143b US Sami, Lule (Sweden)
0x183b US Sami, Southern (Norway)
0x1c3b US Sami, Southern (Sweden)
0x203b US Sami, Skolt (Finland)
0x243b US Sami, Inari (Finland)
0x043e US Malay (Malaysian)
0x083e US Malay (Brunei Darussalam)
0x0440 US Kyrgyz. (XP)
0x0441 US Swahili (Kenya)
0x0443 uz Uzbek (Latin)
0x0843 US Uzbek (Cyrillic)
0x0444 US Tatar (Tatarstan)
0x0445 US Bengali (India)
US Bengali (Inscript)
0x0446 US Punjabi. This is Unicode only. (XP)
0x0447 US Gujarati. This is Unicode only. (XP)
0x0449 US Tamil. This is Unicode only. (2K/XP)
0x044a US Telugu. This is Unicode only. (XP)
0x044b US Kannada. This is Unicode only. (XP)
0x044c US Malayalam (India)
0x044e US Marathi. This is Unicode only. (2K/XP)
0x044f US Sanskrit. This is Unicode only. (2K/XP)
0x0450 US Mongolian (XP)
0x0452 US Welsh (United Kingdom)
0x0455 US Burmese
0x0456 US Galician (XP)
0x0457 US Konkani. This is Unicode only. (2K/XP)
0x045a US Syriac. This is Unicode only. (XP)
0x0465 US Divehi. This is Unicode only. (XP)
US Divehi (Phonetic)
US Divehi (Typewriter)
0x046b US Quechua (Bolivia)
0x086b US Quechua (Ecuador)
0x0c6b US Quechua (Peru)
0x046c US Sesotho sa Leboa/Northern Sotho (South Africa)
0x007f US LOCALE_INVARIANT. See MAKELCID.
0x0481 US Maori (New Zealand)
· SafeGuard LAN Crypt 3.70 is the first version that is fully compatible with SDE. If an older version of SafeGuard LAN Crypt is installed, we do strongly suggest upgrading to the latest version of SafeGuard LAN Crypt first.
· If Sophos SafeGuard Disk Encryption 5.50 is installed on-top of SafeGuard LAN Crypt the installation program will complain that the component “SGLC Profile Loader’ being upgraded is currently in use. This message is caused by the fact that SafeGuard LAN Crypt and SDE share common components and therefore can be ignored. The affected components will be updated upon reboot.
You can find technical support for Sophos products in any of these ways:
Oberursel, November 4th, 2010
Copyright © 1996 - 2010 Sophos Group and Utimaco Safeware AG. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos is a registered trademark of Sophos Plc and the Sophos Group. SafeGuard is a registered trademark of Utimaco Safeware AG - a member of the Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
All SafeGuard products are copyright of Utimaco Safeware AG - a member of the Sophos Group, or, as applicable, its licensors. All other Sophos products are copyright of Sophos plc., or, as applicable, its licensors.
You will find copyright information on third party suppliers in the file entitled Disclaimer and Copyright for 3rd Party Software.rtf in your product directory.