Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 461 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device Control "Report Only" causing devices to lock.

scanwell

Hi

I have enabled Device Control to report only so that I can gather a list of devices (USB storage devices) being used in our organisation.  However this seems to be randomly causing various devices on random networked machines to hang until the device is removed.  No Sophos message appears but you can do nothing with the machine.  I don't think it is Sophos actually blocking the device but something Sophos is doing is hanging the PC when a device is plugged in.

There seems to be no pattern to the way the machines are affected. It appears that some devices will work and others randomly will not and some machines are affected and others have had no symptoms at all.

I have since switched off Device control all together and the problem has gone away.  All devices now work on all machines.

I would like to be able to gather more devices into my list but am now not confident enough to switch it back on as it has caused disruption to a significant number of people.

Anyone else had this or able to shed some light.

Regards

Stuart

:5732


This thread was automatically locked due to age.
  • 0

    Hello Scanwell,

    To be sure it is actually Device control that is taking action and not HIPS or the AV you should look into the

    C:\Doc and settings\all users\application data\Sophos\Sophos Device Control\Logs folder

    If it is the AV that is taking action the path is similar

    C:\Doc and settings\all users\application data\Sophos\Sophos Anti-Virus\ Logs   

    The file that you are looking for in there is the SAV.txt file and you should note that you may see several of them which are dated in a military time stamp.

    The SAV.txt log is good for finding:

    1) How long scans are taking and what they are finding

    2) Corrupted files that cannot be scanned nor infectable

    3) Encrypted files that are not scanned nor infectable

    4) Files larger than 4GB which is a DOS naming convention limit and thus skipped.

    2 through 4 should be excluded to improve performance.

    Enjoy, Hydra.

    :5740
Unfiltered HTML