Using white lists to define file based encryption for removable media devices.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Data Exchange 5.60.0
What To Do
As of version 5.60 of SafeGuard Enterprise it is now possible to select a Storage Device white list or Distinct Devices white list as a target for a Device Protection policy.
With this feature, Data Protection policies for file based encryption can now be assigned to a list of specific device models (iPods, USB of a specific vendor etc). It is also possible to define policies for distinct devices, identified by their serial number.
By setting the encryption mode in a Device Protection policy to No Encryption, device models or even distinct devices can be excluded from encryption.
If a white list is specified as target for a Device Protection policy, only No Encryption or File Based Encryption can be selected as encryption mode.
In SafeGuard Enterprise 5.60, only the Data Exchange module evaluates Device Protection policies assigned to white lists. Setting an encryption mode No Encryption for a Device Protection policy with a white list target can NOT be used to exclude a device from encryption, that has another policy that triggers VOLUME BASED encryption.
The settings Copy SGPortable to Removable Media and User may define Media Passphrase can be enabled just as normal via policy.