To predict how a file is handled by the file-filterdriver of SafeGuard File Share, you must understand the priorities and order of the rules, and how they are processed.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard File Encryption 6.0
Encryption rule priorities
The following set of rules defines the resulting state on the client if more than one policy is applied to the same location.
- If two rules are equal regarding Path and Scope, the standard SafeGuard policy prioritization scheme is used.
- If two rules come from policies that are assigned to different nodes, the rule from the policy nearest to the user object in Users & Computers will be implemented.
- If two rules come from policies that are assigned to the same node, the rule from the policy with the highest priority will be implemented.
- Rules with mode "Ignore" will be evaluated before rules with mode Encrypt or Exclude.
- Rules with mode "Exclude" will be evaluated before rules with mode Encrypt.
- Rules with the "Include Subdirectories" flag enabled will be evaluated before those with the flag disabled.
- Rules with a path with more subdirectories will be evaluated before paths with less subdirectories.
- Rules defined as UNC (Uniform Naming Convention) will be evaluated before rules given with drive letter information.
- Absolute rules (e.g. "c:\encrypt") will always be evaluated before relative rules (e.g. "encrypt").
- If two rules are equal regarding the above criteria, the one that comes lexically first will be evaluated before the other rule.