How to improve the performance of a computer running SafeGuard Enterprise Data Exchange.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Data Exchange
All supported operating systems
What To Do
The following should help improve performance:
1. The default 'Ignore Rules' should include all drives which you do not intend to be "file-based" encrypted. By default, the system and the bootvolume are automatically excluded. Additional drives can be added by modifying the following registry key:
2. Define applications which interfere with SGN DX as "unhandled applications".
Applications that are registered as "unhandled" are ignored by the SafeGuard Enterprise file-filter driver and file access, and are thereby excluded from transparent encryption/decryption.
The 2 main sets of circumstances in which you would do this are where you have:
- Applications that cannot read unencrypted data (e.g. a backup program that is installed on the client would in this case back up the files encrypted).
- Applications which might trigger malfunctions when used alongside SafeGuard Enterprise Data Exchange, but do not require encryption, can generally be exempted from encryption (e.g. AV scanners).
The full name of the executable file (optionally including path information) must be used to specify an exempted application.
Hint: "Unhandled Applications" can only be defined on the "Local Storage Devices" level in the 'Device Protection' policy, in SGN version 5.60/ 5.60.1
In version 6.00 and above, this is defined in the 'General Settings' policy
3. Define System Ignore Rules for folders which are used for example to compile data or that contain databases.
System Ignore Rules apply to "transparent encryption" and also "initial encryption". That means that no file in a System Ignore Rule can be "initial encrypted" even if an "encryption rule" exists for this file. If there exists an encrypted file in a "System Ignore Rules" directory (maybe the System Ignore Rule was added later) the user just gets the encrypted data of the file.
If an administrator wants to add files or directories to the System Ignore Rules he has to add the following registry key:
Type:REG_SZ or REG_MULTI_SZ
Wildcards for filenames can be used, multiple values must be separated by a semicolon if REG_SZ is used:
Value Name Type Value IgnorePaths REG_MULTI_SZ c:\Program Files*.*
This example adds the two directories c:\Program Files and c:\Users\Public\Desktop as well as the file c:\Users\administrator\desktop.ini to the System Ignore Rules.
Note: The System Ignore Rules which are added by the Registry are always valid also for subdirectories!
If configuring the options in the policies and modifying the registry keys do not work then test by installing the SGN Client without the DX module. Hence, the file filter driver will not be installed. This will enable SGN to work in conjunction with affected apps on the machine