This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Integral Courier USB 3.0 256 bit AES Hardware Encrypted 2GB Memory Stick - Failed to Initialize secure device Issue ??

Hello everyone

I have an interesting problem with a new Integral Courier USB 3.0 256 bit AES Hardware Encrypted 2GB Memory Stick which fails to Initialize secure device. However, I can insert another Integral Courier USB 2.0 256 bit AES Hardware Encrypted 2GB Memory Stick and it works as expected every time. But USB 2.0 & USB 3.0 is not the only difference, I also noticed that the Total Lock software appears to be different versions but shouldn't cause any issues with Sophos

So some back ground on our setup - I am using Sophos Enterprise Console v5.4.1 with policies. I have added this pc to the Sophos Exempt OU in AD and have checked the device control policy to ensure that the correct policy is running to allow access for this Integral Courier USB 3.0 Memory Stick. In the device control policy window, you have 2 tabs Configuration Tab and the Messaging Tab, in the Configuration Tab the Optical Drive is set to Read Only and Yes for Exemptions. The exemptions when viewed are for the Model - HL-DT-ST-DVD-RW GU90N, Device id is set to ALL, with Access level set to Full Access. This config appears to work for my USB 2.0 Integral Courier USB MEMORY STICK but not the USB 3.0 version. If I stop the Sophos Device Control Service under Services.msc and test my USB 3.0 version Integral Courier USB MEMORY STICK it works every time, so something in the Sophos config is causing the problem.

I have read that the Integral Courier USB 3.0 256 bit AES Hardware Encrypted 2GB Memory Stick is supported under Sophos Enterprise Console. Please let me know if you need any more information and I will be happy to provide more details if needed.

 

Hope you can help ????

 

Many thanks

Dean. 

    



This thread was automatically locked due to age.
Parents
  • Hello Dean,

    no entries in the Device Control log or Events in the console?

    the Integral Courier USB 3.0 256 bit AES Hardware Encrypted 2GB Memory Stick is supported
    well, not explicitly as far as I can see but one can assume that it should be. Do you know when the USB3.0 version came out? Device Control should be port agnostic (and interesting exercise would be to plug it into a USB2.0 port) but how the secure device present itself might make a difference. How does the HL-DT-ST-DVD-RW GU90N come into play here? Are you saying the CD/DVD component of the USB2.0 version presents itself with this Device ID? If so, the one for the 3.0 version might be different.
    And do I understand correctly that Secure Removable Storage is set to Full Access?

    Christian

  • Hi Christian

    Thank you for your swift response, not sure when the USB 3.0 version was released but am now in contact with Integral so will ask them and come back to you on that one.

    I have checked all logs and events on the console and there is nothing to go on, nothing at all which is very unhelpful.

    The device works by creating two partitions when attached to either a Microsoft Windows® based PC or to an Apple Mac® computer. The first partition appears as a CD drive HL-DT-ST-DVD-RW GU90N  for the USB 2.0 device which runs a program(called Total Lock) directly from the device. The second partition is the password protected data drive onto which files can be transferred. Data can only be accessed on this drive once the correct password is entered via the Total Lock program. The CD drive is read only and no files can be transferred to this partition. Integral AES 256-bit USB Flash Drives have zero footprints, with no software installation required and a people friendly interface that makes using the drive simple and easy but does not compromise security.

    The HL-DT-ST-DVD-RW GU90N is the CD/DVD component for the USB2.0 version and presents itself with this Device ID? so, yes the one for the 3.0 version might be different.

    You are correct that Secure Removable Storage is set to Full Access.

    Its strange that its not reporting or complaining about device control ??? Why would it work for one stick (usb 2.0) but not the other (usb 3.0) ?? 

     

    Hope you can help

     

    Thank you, Dean.

     

     

  • Hello Dean,

    not reporting or complaining
    not sure if an event is sent to the console when DC sets access to R/O (as it will be the case if the 3.0 has a different Device ID) - this might cause the issue though even as the partition is R/O anyway (I've seen issues with "real" DVD drives - or rather, their drivers - when they were set to R/O)).

    Christian 

  • Hi ya

     

    I have created a duplicate policy for testing the settings and changed the device control policy for Optical drive from Read only to Full Access and it works every time. After changing back to Read only in the duplicate policy I have also removed the known exemption that was created for the USB 2.0 MEMORY STICKS and tested again, in the hope that we may get a new event / error for the USB 3.0 MEMORY STICKS but nothing is reported - which is inline with your comments above in 18/1/17 @ 3:24pm

    So can we call it a bug then ? and if so who takes ownership.... Sophos or Integral ?? - How can we progress this if we deem it to be an issue ?

     

    Thank you for your help !!!

    Dean. 

  • Hello Dean,

    no event for the 3.0 is indeed ... not very helpful. But at least it looks like it's the CD/DVD partition. Off the top of my head (I'm at home) - did you turn on verbose logging in DC (only possible on the endpoint). Also the services usually provide trace or debug logging (would have to check tomorrow). Sophos Support is naturally an option, experience tells that the better you know the issue the faster you can get an answer - not always the desired though. Afterwards this forum seems to be a place for escalation if you can't get it on the usual channels.

    Christian

Reply
  • Hello Dean,

    no event for the 3.0 is indeed ... not very helpful. But at least it looks like it's the CD/DVD partition. Off the top of my head (I'm at home) - did you turn on verbose logging in DC (only possible on the endpoint). Also the services usually provide trace or debug logging (would have to check tomorrow). Sophos Support is naturally an option, experience tells that the better you know the issue the faster you can get an answer - not always the desired though. Afterwards this forum seems to be a place for escalation if you can't get it on the usual channels.

    Christian

Children
No Data