SafeGuard Enterprise: How to improve the performance on a client when using Data Exchange

  • N.º del artículo: 108998
  • Actualizado: 06 sep 2013

Issue
How to improve the performance of a computer running SafeGuard Enterprise Data Exchange.

Known to apply to the following Sophos product(s) and version(s)

SafeGuard Data Exchange

Operating systems
All supported operating systems

What To Do

The following should help improve performance:

1. The default 'Ignore Rules' should include all drives which you do not intend to be "file-based" encrypted. By default, the system and the bootvolume are automatically excluded. Additional drives can be added by modifying the following registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Utimaco\SGLCENC]
"DefaultIgnoreRules"="c:\\*.*;d:\\*.*;"

2. Define applications which interfere with SGN DX as "unhandled applications".

Applications that are registered as "unhandled" are ignored by the SafeGuard Enterprise file-filter driver and file access, and are thereby excluded from transparent encryption/decryption.

The 2 main sets of circumstances in which you would do this are where you have:

  • Applications that cannot read unencrypted data (e.g. a backup program that is installed on the client would in this case back up the files encrypted).
  • Applications which might trigger malfunctions when used alongside SafeGuard Enterprise Data Exchange, but do not require encryption, can generally be exempted from encryption (e.g. AV scanners).

The full name of the executable file (optionally including path information) must be used to specify an exempted application.

Hint: "Unhandled Applications" can only be defined on the "Local Storage Devices" level, not below.

 

3. Define System Ignore Rules for folders which are used for example to compile data or that contain databases.

System Ignore Rules apply to "transparent encryption" and also "initial encryption". That means that no file in a System Ignore Rule can be "initial encrypted" even if an "encryption rule" exists for this file. If there exists an encrypted file in a "System Ignore Rules" directory (maybe the System Ignore Rule was added later) the user just gets the encrypted data of the file.

If an administrator wants to add files or directories to the System Ignore Rules he has to add the following registry key:

RegKey:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\UTIMACO\SGLCENC]

Value:

Name:"IgnorePaths"

Type:REG_SZ or REG_MULTI_SZ

Wildcards for filenames can be used, multiple values must be separated by a semicolon if REG_SZ is used:

Example:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\UTIMACO\SGLCENC]

Value Name Type Value IgnorePaths REG_MULTI_SZ c:\Program Files*.*

c:\Users\Public\Desktop*.*

c:\Users\administrator\desktop.ini

This example adds the two directories c:\Program Files and c:\Users\Public\Desktop as well as the file c:\Users\administrator\desktop.ini to the System Ignore Rules.

Note: The System Ignore Rules which are added by the Registry are always valid also for subdirectories!

If these steps don´t help, consider installing the SGN Client without the DX module, if this module is not required. By doing this, the file filter driver won´t be installed and therefore won´t have a negative impact in conjunction with other applications.



 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios