How to determine whether a volume or partition is recognized by SafeGuard Enterprise as a boot volume.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption
All supported versions.
What To Do
Check the following:
If one of the following files or folders exists on the volume/partition, SafeGuard Enterprise will handle the volume/partition as a boot volume:
- SafeGuard LocalCache directory structure
- If drive C: (boot volume) and drive D: (with pagefile.sys) already existed before the SafeGuard Enterprise Client installation and an encryption policy is defined to encrypt ‘Boot Volumes’, both drives will be encrypted initially.
- If a new empty drive is added after the SafeGuard Enterprise Client installation, and the pagefile.sys is then moved to this drive/partition, the drive/partition will not be encrypted if you have only assigned a ‘Boot Volumes’ encryption policy to the system.
- If a new drive is added after the SafeGuard Enterprise Client installation that contains an Operating System (e.g. for recovery purpose), this drive will also be encrypted if you have assigned a ‘Boot Volumes’ encryption policy to the system.
Furthermore, partitions/volumes identified as boot volumes will only be encrypted with the corresponding machine key, regardless of which "Key to be used for encryption" is set within the encryption policy.