How to determine whether a volume or partition is recognised by SafeGuard Enterprise as a boot volume

  • Article ID: 109398
  • Updated: 07 Apr 2016

Issue
How to determine whether a volume or partition is recognized by SafeGuard Enterprise as a boot volume.

Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption

Operating systems
All supported versions.

What To Do

Check the following:

If one of the following files or folders exists on the volume/partition, SafeGuard Enterprise will handle the volume/partition as a boot volume:

  • pagefile.sys
  • hiberfil.sys
  • NTLDR
  • Bootmgr
  • System32\Winlogon.exe
  • SafeGuard LocalCache directory structure

Please Note:

  • If drive C: (boot volume) and drive D: (with pagefile.sys) already existed before the SafeGuard Enterprise Client installation and an encryption policy is defined to encrypt ‘Boot Volumes’, both drives will be encrypted initially.
  • If a new empty drive is added after the SafeGuard Enterprise Client installation, and the pagefile.sys is then moved to this drive/partition, the drive/partition will not be encrypted if you have only assigned a ‘Boot Volumes’ encryption policy to the system.
  • If a new drive is added after the SafeGuard Enterprise Client installation that contains an Operating System (e.g. for recovery purpose), this drive will also be encrypted if you have assigned a ‘Boot Volumes’ encryption policy to the system.

Furthermore, partitions/volumes identified as boot volumes will only be encrypted with the corresponding machine key, regardless of which "Key to be used for encryption" is set within the encryption policy.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments