SafeGuard File Encryption

SafeGuard File Encryption allows your security officer to define which files on your computer are encrypted and who can read them. There are two ways of defining which files are encrypted:

File Encryption policies are assigned to users, not to computers. Typically, File Encryption policies specify that files in your user folders such as Documents are encrypted. However, your security officer may specify folders, where files remain unencrypted. To find out which locations on your computer are encrypted, see the Policies tab in the preference pane.

In Finder, encrypted files are marked with a green lock symbol. Files with no symbol are usually unencrypted.

Note Files that have been saved as bundles or packages may not display an overlay icon even though they are encrypted. For example, when you insert an encrypted image file into an encrypted text file in TextEdit and save it as a Rich Text Document with Attachments, the resulting file appears to be unencrypted. It is encrypted, nevertheless.

After the encryption software has been installed and the communication with the SafeGuard Enterprise server has been established, you are requested to enter your macOS password. Moreover, you need a personal certificate. This certificate is generated on the SafeGuard Enterprise server when you enter the password. This is only required after product installation, first login, or password reset.

Once SafeGuard File Encryption is installed, make sure you enforce all policies your security officer assigned to you, see Encrypt files according to policy.

User consent on macOS 10.14

From macOS 10.14, applications need user consent before they can control other applications. After installation, macOS shows a message "Sophos SafeGuard" wants access to control "Finder", prompting you to allow or deny. Click OK because the Finder functionality is necessary for SafeGuard File Encryption to work properly.

This adds an entry in the Automation section of your Privacy settings, allowing SafeGuard File Encryption to automate Finder.

If you click Don't allow, this dialog will not be shown again and SafeGuard File Encryption will not be able to use the Finder functionality.

If you want to change the settings later, go to the Automation section of your Privacy settings and select Finder below Sophos SafeGuard to allow SafeGuard File Encryption to control Finder.