Sophos SafeGuard : How to file encryption on removeable media


  • SafeGuard Enterprise also provides file based encryption with us Data Exchange module. File based encryption is usually used to secure data on removable devices such as USB hard disks or memory sticks as well as on CDs and DVDs.


  • This article will guide how to set up a file encryption policy and assign it to a group of users. Goal of the file encryption policy will be that only members of the same group which share the same encryption key, will be able to work with the encrypted files on a USB memory stick.


On DC – SafeGuard Server

  • Open SafeGuard Management Center.
  • Click Policies > Policy Items > New > Device Protection.
  • Name the policy File-based-encryption OU VACIF Staff.
  • In ‘Device protection target’, choose Local Storage Devices > Removable Media.
  • Select Show default value.
  • In ‘Media encryption mode’, choose File based.
  • In ‘Algorithm to be used for encryption’ choose AES256.
  • In ‘Key to be used for encryption’ Defined key on list.
  • In ‘Defined key for encryption’ choose OU_VACIF Staff@DC=VACIF,DC=com.
  • In File Based Settings, config as shown below.
  • Click Save to Save policy.
  • Click Users and Computer > VACIF.COM > VACIF Staff > Policies tab.
  • Drag and drop ‘File-based-encryption OU VACIF Staff’ from Available policies pane to member pane and click Save.

On Client 1 (user Micheal)

  • The SGN client synchronizes with the SGN server and receives the new file encryption policy.
  • We has attached a USB memory stick to our machine.
  • Enter media passphrase to encryption device and click OK.
  • At this time, the USB encrypted process will start.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.