Sophos safeguard decrypt

Right-click a file and select SafeGuard File Encryption. The following functions are available: Show encryption state : Indicates whether or not the file is encrypted as well as the key used.

Encrypt according to policy : See Encrypt all files according to policy. Decrypt : only for location-based file encryption : Allows you to decrypt a file that is not covered by a File Encryption rule.

Decrypt selected file only for application-based file encryption : Allows you to decrypt your file and store it in plaintext. I found that a bit ago and while it covers decrypt vs purely uninstall only my policies are that way.

I have the initial one with YEs to user can decrypt and a separate one with no encryption. That works just fine. After decrypt I can remove SafeGuard Enterprise. As stated, I want to uninstall the product and leave bitlocker alone. Some systems can do it. Others cannot which points me to policy IMO. To provide extra protection for endpoints, we recommend that you prevent local uninstallation of SafeGuard Enterprise on endpoints.

In a Specific Machine Settings policy , set Uninstallation allowed to No and deploy the policy on the endpoints. Please check this setting for the error you are seeing on some of the machines.

To migrate from Safeguard Enterprise Bitlocker, please check this article for reference. As Shweta points out - Without somewhere alternative to store your recovery key - you don't want to simply remove SSG without giving this some more thought. Thankfully Sorry Sophos As I stated originally I am moving to another product and actually have the recovery keys elsewhere.

I did not want to write a novel about how I am transitioning however I believe all bases are covered and then some. Just wanted to ask the question of how can I remove SafeGuard for v7 but leave BL alone as support stated the patch 3. Some systems are doing it while some are not and popping the error.

For the transition, I am using a task sequence to pause BL, copy the recovery key elsewhere, even create a second specific numericalpassword aka recovery key protector to do everything possible to retain recovery ability if BL happens to be tripped during the migration activity. In SafeGuard Management Center, edit the current policy of the type Device Protection that is assigned to the computers you want to decrypt. Select the targets and set User may decrypt volume to Yes. Assign the policy to the respective endpoints.

Create a decryption policy of the type Device Protection , select the targets that are to be decrypted and set the Media encryption mode to No encryption. In Users and Computers , create a group for the computers you want to decrypt: Right-click the domain node where you want to create the group. Select the domain node of this group and assign the decryption policy to it by dragging the policy from the Available Policies list into the Policies tab.