SafeGuard File Encryption
File Encryption policies are assigned to users, not to computers. Typically, File Encryption policies specify that files in your user folders such as Documents are encrypted. However, your security officer may specify folders, where files remain unencrypted. To find out which locations on your computer are encrypted, see the Policies tab in the preference pane.
In Finder, encrypted files are marked with a green lock symbol. Files with no symbol are usually unencrypted.
After the encryption software has been installed and the communication with the SafeGuard Enterprise server has been established, you are requested to enter your macOS password. Moreover, you need a personal certificate. This certificate is generated on the SafeGuard Enterprise server when you enter the password. This is only required after product installation, first login, or password reset.
Once SafeGuard File Encryption is installed, make sure you enforce all policies your security officer assigned to you, see Encrypt files according to policy.
User consent on macOS 10.14
From macOS 10.14, applications need user consent before they can control other applications. After installation, macOS shows a message "Sophos SafeGuard" wants access to control "Finder", prompting you to allow or deny. Click OK because the Finder functionality is necessary for SafeGuard File Encryption to work properly.
This adds an entry in the Automation section of your Privacy settings, allowing SafeGuard File Encryption to automate Finder.
If you click Don't allow, this dialog will not be shown again and SafeGuard File Encryption will not be able to use the Finder functionality.
If you want to change the settings later, go to the Automation section of your Privacy settings and select Finder below Sophos SafeGuard to allow SafeGuard File Encryption to control Finder.