This article describes how to prepare a USB device so it can be used to boot into the SafeGuard Recovery environment. You would use this if you need to boot SafeGuard WinPE from a USB drive on a computer that does not have a built-in CD-ROM/DVD-ROM but supports booting from the USB drive.
You can also use this to run a SAV32cli scan on an encrypted machine.
Known to apply to the following Sophos product(s) and version(s)
Sophos SafeGuard Disk Encryption
SafeGuard Device Encryption
What To Do
- The computer you are trying to recover needs to be able to boot from the USB device.
- The USB stick needs to be prepared on a Windows Vista or Windows 7 computer with a CD or DVD writer.
- You need to open the command prompt as an Administrator.
- Insert the USB stick.
- Open a command prompt.
- Type diskpart and press Enter.
- Type: list disk and press Enter to see the available disks.
- Type: select disk # (replace '#' with the number of your USB stick from step 4) and press Enter.
- Type: clean and press Enter.
- Type: create partition primary and press Enter.
- Type: select partition 1 and press Enter.
- Type: active and press Enter.
- Type: format fs=fat32 and press Enter. Wait for the formatting to finish.
- Type: assign and press Enter.
- Type exit to quit diskpart.
- Note: you do not need to do steps 13-14 if you already have a SafeGuard WinPE disk ready. Download SafeGuard WinPE from Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
- Burn the WinPE iso to a CD/DVD.
- Copy the content of the CD/DVD onto the USB stick. It should now contains the following files and folders:
- The USB device is now ready.
- Plug it into the computer you are trying to recover, and in the BIOS change the boot device to USB.
The USB preparation process:
Create a new folder called Data on the root of USB pen drive.
On the machine running Sophos Anti-Virus right click in the shield icon and update now.
Once this has finished copy the entire “Sophos Anti-Virus” folder to the Data folder pen drive.
This folder can be found in one of the following locations
C:\Program Files\Sophos\ or C:\Program Files (x86)\Sophos\
Create a virtual client in the management center and “recovery token”.
Please refer to Safeguard Recovery Guide, page 27 “Creating the Virtual Client”
Once you have created a new virtual client, copy the recovery token to the “Data” folder on the USB pen drive.
Boot from the USB drive and follow the Recovery Guide starting at Page 27 “Retrieving data using Virtual Client”
Once the challenge response has been performed and you have access to the encrypted data on the C:\ drive.
In the WinPE environment click on “Computer” and navigate to E:\Data\ and highlight the Sophos Anti-Virus folder.
Next click on the Console Window icon in the top navigation bar.
This will open a command prompt in e:\data\sophos anti-virus\
Enter the command below
This will run a full system scan
Then depending on the result of any detection it will either be a disinfect scan or a remove scan.
a) SAV32CLI -DI -P=C:\DISINFECTLOG.TXT
b) SAV32CLI -REMOVE -P=C:\REMOVLOG.TXT
Please contact Technical Support if you need help doing any of these steps.