Sophos releases patch for possible black screens when using SafeGuard Device Encryption

  • Article ID: 113678
  • Rating:
  • 1 customers rated this article 5.0 out of 6
  • Updated: 27 Feb 2013

Issue
With certain specific combinations of BIOS versions and graphics cards from various vendors, installing SafeGuard Device Encryption may lead to an inaccessible machine if the original vendor's graphics card driver is (temporarily) replaced by the standard VGA driver of Windows Vista or Windows 7. This may occur in the following scenarios:

  • Automatic graphics driver updates
  • Booting Windows in Safe Mode
  • WinPE recovery environments
  • WinRE environments

Known to apply to the following Sophos product(s) and version(s)

Sophos SafeGuard Disk Encryption 5.60.0
Sophos SafeGuard Disk Encryption 5.50.8
SafeGuard Easy 5.60.0
SafeGuard Easy 5.50.8
SafeGuard Device Encryption 5.60.0
SafeGuard Device Encryption 5.50.8

Operating systems
Windows Vista, Windows 7

Who can be affected
While this issue was originally detected on Lenovo machines, it is not tied to this hardware, and machines from other vendors running Windows Vista or higher may be affected as well.

What To Do

Sophos have produced a patch that will prevent this issue occurring on a client machine. You should install this patch on computers that have the potential to be affected because of their BIOS/graphic card combinations. A list of these models/BIOS versions are listed in Knowledgebase article 113426. The installation usually takes less than a minute.

The patch is available for the following versions (32 and 64bit):
SafeGuard Enterprise 5.50.8, 5.50.6
SafeGuard Easy 5.50.8, 5.50.6

  1. To download the patch go to the MyUtimaco.com Product Download Page. Alternatively, you can obtain the patch from the Sophos.com website: click here for version 5.50.8  or here for version 5.60.0
  2. On computers that have the potential to be affected, because of their BIOS/graphic card combinations, install the patch for the corresponding version. 

    The patch consists of an msp file (Microsoft Installer Patch File) for the SafeGuard Enterprise Device Encryption module which is part of the client package and additionally a batch file that installs the patch and updates the Lenovo Rescue and Recovery environment if required (Update_SGN_5.xx.x.x.cmd). If you do not have Lenovo's "Rescue and Recovery" installed, using the batch file is optional.

    For detailed information on how to apply an msp file, refer to the knowledgebase article, SafeGuard: How to apply a Windows installer patch to a SafeGuard product

Please note: The patch is integrated as of version 5.60.1 of the following products: SafeGuard Enterprise, SafeGuard Easy and Sophos SafeGuard Disk Encryption.


 


 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments