This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device control failed to disable

Hello,

Anyone encounter below issue?, refer from sophos knowledge base this error can simply be ignored.

Currently we encounter a lot of this error and customer already query if Device Control Policy is working? their are concern on security breach since user can simply transfer file and spread virus through USB.

Appreciate if someone can explain and provide solution for this error beside than simply acknowledge this error from console. Thanks

a0520004 Device control failed to disable device [device id]

http://www.sophos.com/support/knowledgebase/article/111317.html

:18473


This thread was automatically locked due to age.
  • Hello Azwan,

    a simple check should show whether the device can actually be used. If this is the case then you should contact Support as there is nothing you can do from your side.

    Christian

    :18479
  • Hi Christian,

    Thanks for the fast reply, what steps do i need to check on user/PC side beside request user to plug in USB for testing?, appreciate if you can provide me the steps. Thanks

    :18481
  • Hello Azwan,

    that you get this message indicates that Device Control is active and (in principle) working. If the device shows up as drive and can be read from and written to then Device Control is actually failing. If the user is permitted to configure Device Control he can set logging to verbose but I don't expect it will give any additional useful information.

    Christian 

    :18485
  • Hi,

    Just so you know the enabling and disabling of devices just uses: SDCDevCon.exe

    For example, if you block a device, it will cause the following to be called:

    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SDCDevCon.exe" disable USBSTOR\CDROM&VEN_SANDISK&PROD_CRUZER&REV_7.01\432441143DC11528&1

    likewise to re-enable it.


    "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SDCDevCon.exe" enable USBSTOR\CDROM&VEN_SANDISK&PROD_CRUZER&REV_7.01\432441143DC11528&1

    In the cases of this CD ROM drive.

    These commands are executed as system as the device control service, which is running as system kicks off these commands.

    I hope this helps with your troubleshooting.

    Regards,

    Jak

    :18487
  • Hi Christian,

    Thanks for the simple explaination, I will brief customer  regarding the error and troubleshooting steps to solve the issue.

    As mention I also dont think the logging from SEC will provide detail information until some checking and troubleshooting done on problem client/PC. Thanks

    :18489
  • Hi Jak,

    Thanks for the technical knowledge, I know how device control policy flow but dont know detail how or what file trigger the policy on user/PC site.

    :18491