This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server Endpoint (Peripheral Control) blocks Virtual Hard Disk (FSLogix Profile Container)

Hi, i had a case opened at the sophos support regarding my problem and the fix after two weeks was to disable peripheral control.

Maybe someone has a better solution for this because i think there must be one Slight smile

Problem is: Microsoft FSLogix Profile Container attach a virtual hard drive (.vhdx) from a network location to a Remote Desktop Server as the User's Profile Container. with Sophos Endpoint Protection enabled and Peripheral Control activated (Block Removeable Disks!) the process of attaching this file as a virtual drive fails. But no device is listed as blocked in sophos central. Otherwise i would have exclude it of course.

When i allow Access to Removable Disks in the Base Policy or a special Policy for the exact server. It works and the drive is mounted as you can see below.

I have no idea what else i could try. Hope anyone could help me.

Best regards Thomas







This thread was automatically locked due to age.
Parents
  • Do you have anything under:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers

  • Thank you for your post. Yes. A lot. Whats is it?

  • If I recall, the Sophos Device Control Coinstaller - sdcoinstaller.dll exists so that a new device can be disabled at install time by drvinst.exe, rather than appearing and then disappearing as it's disabled afterwards by Device Control. This DLL essentially remove the window of time where the device is accessible and handles to it can be obtained.  Then you have to potentially reboot to disable it.

    The values are created by the sdcservice "Sophos Device Control" service if I remember - A Process Monitor log would reveal that and I think they only exist when you actually block a device, which explains why when you don't block it's OK.

    If you back the key to a reg file, clear out these does it work, the danger is the SDCservice will write the values back in.  Would it be possible to delete these at the point the vhdx is mounted as a test?

  • I backup up the keys and deleted them. After that i was able to logon without any problems. Profile Container was loaded.
    I tried 10 times and everything was fine.
    After i reinstalled the keys the Problem was right back.

  • This drives me nuts.
    When i allow everything except for secure removaable Storage Registry is cleared except for the 2 keys you can see at the bottom of the screenshot and Profile Containers do not work.
    When i block everything except for secure Removeable Storage these keys stay in Registry as you see at the  top of the screenshot.
    profilecontainer doesnt work.

    When i delete the 2 keys manually it works fine. So we narrowed it down to two registry keys. Thats cool!!!

    Question is. Why does Sophos not recognise that is has blocked something and where exactly are these two keys come from

Reply
  • This drives me nuts.
    When i allow everything except for secure removaable Storage Registry is cleared except for the 2 keys you can see at the bottom of the screenshot and Profile Containers do not work.
    When i block everything except for secure Removeable Storage these keys stay in Registry as you see at the  top of the screenshot.
    profilecontainer doesnt work.

    When i delete the 2 keys manually it works fine. So we narrowed it down to two registry keys. Thats cool!!!

    Question is. Why does Sophos not recognise that is has blocked something and where exactly are these two keys come from

Children
No Data