Volume-based encryption and Unidentified File System Objects

Unidentified File System Objects are volumes that cannot be clearly identified as plaintext or device-encrypted by SafeGuard Enterprise. If an encryption policy exists for an Unidentified File System Object, access to this volume will be denied. If no encryption policy exists, the user can access the volume.

Note: If an encryption policy with Key to be used for encryption set to an option that enables key selection (for example, Any key in user key ring) exists for an Unidentified File System Object volume, there is a period of time between the key selection dialog being displayed and access being denied. During this time period the volume can be accessed. As long as the key selection dialog is not confirmed, the volume is accessible. To avoid this, specify a preselected key for encryption. For further information on the relevant policy settings, see Device Protection. This period of time also occurs for Unidentified File System Object volumes connected to an endpoint, if the user has already opened files on the volume when an encryption policy takes effect. In this case, it cannot be guaranteed that access to the volume will be denied as this could lead to data loss.