The installation of SafeGuard Easy 4.50.x on Microsoft Application Virtualization Clients, running version 184.108.40.20640 (SP1) and 4.6 stops with the error code
SGE1132: Access Denied.
This article describes what to do if you need to install SafeGuard Easy on Microsoft Application Virtualization Clients running these versions (or higher).
This issue does not occur when installing SafeGuard Easy on older versions of Microsoft Application Virtualization, e.g. 4.5 CU1 (220.127.116.1180).
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Easy 18.104.22.168
All supported versions.
As of Application Virtualization version 4.5 SP1 (22.214.171.12440) and 4.6, Microsoft changed the behavior of the Application Virtualization's virtual drive. In the new versions, the virtual drive is recognized by the system as "Local Fixed Disk" but does not contain drive specific information such as File system, Size, Free Space, Volume name or Serial Number.
This is a problem for SafeGuard Easy 4.x, as the SafeGuard Easy setup routine contains a volume verification mechanism which prevents encryption of unrecognized volumes. For security and data integrity reasons, this is a static function in the SafeGuard Easy setup that cannot be excluded from the installation process.
However, if you intend to install SafeGuard Easy on Application Virtualization Clients running versions 4.5 SP1 (126.96.36.19940) and 4.6, and above, it is possible to deactivate the volume verification function that evaluates the present drives during the SafeGuard Easy setup via a special transform file. This transform file excludes a custom action (volume verification) from the SafeGuard Easy setup, so that the setup won't query for any unsupported fixed devices which may be incompatible and cannot be used for encryption.
What To Do
Before you start, it is important to familiarise yourself with:
- the information given in the above section, Technical background, so that you are aware of what the issue is.
- the information given below in the WARNING section.
- Please contact Sophos Technical support, referring to this article and request the special transform file for installation of SafeGuard Easy 4.x on machines running Microsoft Application Virtualization version >= 4.5 SP1 (188.8.131.5240) and 4.6.
- To apply the transform file to the installation, extract the V-App.zip archive and place the "V-App.mst" and the"V-App_WISETRFM_125.cab" file to the location where the SafeGuard Easy Microsoft Installer package resides.
- Add the Microsoft Installer transforms property to the setup.
C:\>MSIEXEC c:\software\SGEasy.msi /L*vx C:\software\install.log
When the transform file is used, the SafeGuard Easy setup should be executed unattended, the drives should be encrypted in "partitioned" mode and the partitions for encryption should be pre-selected in the SafeGuard Easy configuration file. Do not specify the Application Virtualization drive (i.e. Q:\) for encryption!WARNING
When running the setup manually in combination with the transform file, it would be possible to select the virtual Application Virtualization drive (i.e. Q:\) for encryption. Do not specify the Application Virtualization drive (i.e. Q:\) for encryption! Please note: encryption of the Application Virtualization virtual drive (i.e. Q:\) could lead to an unbootable operating system state!
Please be aware of the fact that when applying the transform file, a SafeGuard Easy data integrity function (volume verification) that prevents encryption of any unsupported devices is removed from the setup process. If an unsupported device is ever encrypted, this could lead to an unbootable operating system state.