This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to prevent SophosHome from blocking USB Drives or alternatively stop service to allow safe eject ?

App: Sophos Home Free

OS: Windows 7

 

The subject says it all... I realize many apps and especially A/V's block disks (meaning they cannot be safely ejected). Most A/V's however have a suspend action that allows to quickly do operations that are otherwise prevented by A/V protection. Frankly I am taken aback by the very simple UI. It would be nice to look at settings, suspend, etc from the desktop (as opposed to the web app).

I see there are many services, is that the best way to stop SH ? Which one specifically?

Feature request: right click from sys tray > Suspend for 10 minutes

Thank you,

Simon



This thread was automatically locked due to age.
Parents
  • Hello Simon,

    there have been a few reports about Sophos allegedly blocking Eject, IIRC none of them with a closing report. To my knowledge Sophos doesn't block USB disks (and why should it?), at least some posts suggest that this happens when some additional removable device management software is involved. I'm working with all kinds of USB-connected devices (up to multi-volume HDDs) and I've never encountered this issue.
    Can't say why the handle that SAVService holds isn't released but it's definitely not there to prevent Eject.

    Sophos Home is deliberately designed to inhibit "manipulations" by a local admin.

    Christian   

  • OK, so it's not supposed to happen. But since it does happen, what is the recommended way to suspend SH ?

     

    Thank you,

    Simon

Reply Children
  • Hello Simon,

    it does happen
    apparently, can't say what's the cause though. We're using Sophos for years on several thousand endpoints and I've never heard about this issue.

    Stopping the service releases the handle - the handle is necessary that the service can receive DBT_DEVICEQUERYREMOVE messages. As I can't reproduce the problem it's not clear whether it returns BROADCAST_QUERY_DENY, fails to release the handle, or doesn't even get the message. As said there are some reports but AFAIK only from users of the free version (note that it is in this respect identical to the licensed ones) and in most cases in conjunction with some software for safe removal. It doesn't seem to be a recognized problem.

    Suspending AV or even stopping a service has other consequences and is not necessary - the device can simply be unplugged (unless some other application is mentioned to block removal). 

    Christian