SafeGuard File Encryption (application-based)

Application-based file encryption encrypts files created or modified with specific applications (for example, Microsoft Word). A policy defines a list of applications for which file encryption is executed automatically. This encryption is persistent, so your file is safe even if you move it to another location, upload it to a cloud storage provider, or send it via email.

If your security officer has specified Microsoft Word as an application for which file encryption is active, every file you create and/or save with Microsoft Word is encrypted with a defined key. Anyone whose key ring includes this key can access your file.

  • New files created with defined apps or file extensions are encrypted automatically.
  • If you have the key for an encrypted file, you can read and modify the content.
  • If you do not have the key for an encrypted file, you cannot read its content.
  • If you access an encrypted file from a computer where File Encryption is not installed, you cannot read its content.
  • Files that are copied or moved from a plain folder to a folder where an encryption rule applies are encrypted.
  • Files that are copied or moved from an encrypted folder to a plain folder are decrypted.
  • Files that are copied or moved from an encrypted folder to a folder with a different encryption rule are encrypted according to the rule of the target folder.
  • Files that are created by applications for which File Encryption is not active, but there is an encryption rule for the file extension, the file is encrypted and cannot be opened with the application that created the file. For example, if you create a .doc file with OpenOffice and OpenOffice is not specified in Application Lists.
Important If copying or moving files is interrupted, for example due to a restart, the operation will not be resumed automatically. This can result in unintentionally unencrypted files. To ensure that files are always encrypted correctly, see .

To find out which locations on a computer are encrypted, see .

To find out about the encryption state of one or more files, right-click the file(s) and select SafeGuard File Encryption > Show encryption state.

In Windows Explorer, encrypted files are marked with a green lock symbol. If there is no lock symbol displayed even though the file is encrypted, see Sophos knowledgebase article 108784.