Sophos SafeGuard system tray

You can access all Sophos SafeGuard functions on your computer using the Sophos SafeGuard system tray icon on the Windows taskbar. The availability of specific functions depends on the modules you have installed.

Right-click the Sophos SafeGuard system tray icon to display the following:

  • Display:
    • Key ring: Displays all keys available to you.
      Note If your endpoint computer has been migrated from an unmanaged to a managed environment, a second logon to SafeGuard Enterprise may be necessary to display your user-defined local keys in your key ring.
    • User Certificate: Displays information concerning your certificate.
    • Company Certificate: Shows information concerning your company certificate.
  • Reset BitLocker credentials: Opens a dialog for changing your BitLocker PIN.
  • Create new key: Opens a dialog for creating a new key that is used for SafeGuard Data Exchange or SafeGuard Cloud Storage. Only available, if either module is installed on your computer.
  • Key backup (unmanaged Windows 7 endpoints): Lets you create a backup of the key file. This key file is necessary for logon recovery with Challenge/Response.
  • Local Self Help (Windows 7 endpoints): Starts the Local Self Help Wizard. Local Self Help is a logon recovery method that does not require any helpdesk assistance. For more information, see the SafeGuard Enterprise 8.0 user help.

  • Change Media Passphrase: Opens a dialog for changing the media passphrase, see SafeGuard Data Exchange.
  • Synchronize: Starts synchronization with the SafeGuard Enterprise Server. Tool tips show the progress of the synchronization. You can also double-click the system tray icon to start synchronization.
  • Status: Opens a dialog showing information on the current status of the SafeGuard Enterprise protected computer:
    Field Information
    Last policy received Date and time when the computer last received a new policy.
    Last key received Date and time when the computer last received a new key.
    Last certificate received Date and time when the computer last received a new certificate.
    Last server contact Date and time of the last server contact.
    SGN user state Status of the user who is logged on to the computer (Windows logon):
    • pending

      The replication of the user in the SafeGuard POA is pending. This means, the initial user synchronization has not yet been completed. This information is especially important after your first logon to SafeGuard Enterprise as you can only log on at the SafeGuard Power-on Authentication after initial user synchronization has been completed.

    • SGN user

      The user logged on to Windows is a SafeGuard Enterprise user. An SGN user is allowed to log on at the SafeGuard Power-on Authentication, is added to the UMA (User Machine Assignment), and is provided with a user certificate and a key ring to access encrypted data.

    • SGN user (owner)

      Provided that the default settings have not been changed, an owner has the right to enable other users to log on to the endpoint and become SGN users.

    • SGN guest

      SGN guest users are not added to the UMA, are not provided with rights to log on to the SafeGuard POA, are not assigned a certificate or a key ring and are not saved to the database.
    • SGN guest (service account)

      The user logged on to Windows is a SafeGuard Enterprise guest user who has logged on using a service account for administrative tasks.

    • SGN Windows user

      A SafeGuard Enterprise Windows user is not added to the SafeGuard POA, but has a key ring for accessing encrypted files, just as a SafeGuard Enterprise user does. The users are added to the UMA. This means that they are allowed to log on to Windows on that endpoint.

    • unconfirmed user
      Unconfirmed users have no access to the keyring due to one of the following reasons:The user must be confirmed by the security officer in order to gain access to the keyring.
    • unknown

      Indicates that the user status could not be determined.

    SGN machine state Indicates the safety level of the endpoint.
    • not applicable

      The related feature is inactive.

    • machine is safe

      The machine's health state is safe.

    • machine is compromised

      The machine's health state is unsafe. Therefore, keys have been revoked and you cannot access encrypted files.

    Policy Cache State

    Data packets prepared for transmission

    Indicates whether there are any packages to be sent to the SafeGuard Enterprise Server.
    Local Self Help (LSH) State



    Indicates whether Local Self Help has been enabled in a policy and whether it has been activated by the user on the computer.
    Ready for certificate change This text is displayed if the security officer has assigned a new certificate for token logon to your computer. You can now change the certificate for token logon. For more information, see the SafeGuard Enterprise 8.0 user help.
  • Help: Opens the SafeGuard Enterprise user help.
  • About SafeGuard Enterprise: Displays information about your SafeGuard Enterprise version.