Sophos DLP Feature not working when Microsoft Secureboot is enabled
Sophos Data Control feature in the endpoint solution is incompatible with Secure Boot. Secure Boot is the foundation for Microsoft's Windows security stack since Windows 8. Data Control under Secure Boot blocks all USB file transfers.
Sophos Tech team advised to disable secureboot option. But this is not practical in large organizations with branches in different locations. Many companies require DLP solutions for compliance and will likely switch products if Sophos can't find a way to work with Secure Boot.
Bilal McDonald commented
My company is having the same issues now, we have the endpoint and love Sophos products but the DLP is an issue right now because we have to disabled it. The senior engineers do not agree with this method because they don't think it is safe. I am very disappointed in Sophos that they did not get this issue rectify since Microsoft windows is the most used OS.