Sophos SafeGuard Disk Encryption 4.60
Windows 2000 Professional SP4, Windows XP SP3
How to solve this issue?
Having Sophos SafeGuard Disk Encryption installed, the initial encryption process runs fine. During the final reboot, the operating system loads, but eventually displays an application error referring to winlogon.exe. Confirming this error typically results in a bluescreen.
In most cases, the BSOD stop code is STOP: c000021a [Fatal System Error} or, less common: STOP: 00x0000007e
Most likely, this error is due to a recent feature which is called Data Execution Prevention (DEP).
Two methods of implementation are possible:
a) Hardware-enforced DEP (allows DEP to be (de-)activated in the BIOS of the machine)
b) Software-enforced DEP (DEP can be (de-)activated via the BOOT.INI)
Data Execution Prevention is at this time not supported by current Sophos SafeGuard Disk Encryption versions. To allow smooth operation of Sophos SafeGuard Disk Encryption, DEP needs to be deactivated.
In case of hardware-enforced DEP, this can be done via the BIOS. Depending on the manufacturer, this feature is called differently:
AMD: no-execute page-protection (NX) processor feature
Intel: Execute Disable Bit (XD) feature
Alternatively, DEP can be disabled by adjusting the BOOT.INI. Please follow the instructions which are given in the README of Sophos SafeGuard Disk Encryption 4.60. Search for "boot.ini" and "/noexecute=AlwaysOff". This setting is valid also for Intel machines.
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff
If you have a machine affected by this behaviour, boot in safe mode (press F8 during boot up) and change the BOOT.INI.
Beginning as of XP SP2 (respectively SP1 for Windows 2003 Server), Microsoft Windows has introduced support of this feature, which is designed to help prevent damage from viruses and from other security threats.
For more information on what DEP does and how to disable it, please search the Microsoft knowledge base for the article which describes how to "Turn off the DEP feature in Windows XP SP2".
The version Sophos SafeGuard Disk Encryption 4.60 is compatible with DEP enabled.
keywords: NX XD Dell HP Compaq Fujitsu Siemens Sony Samsung IBM D610 21a sde