This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with Device Control and external Optical Devices

Hello Sophos community,

I have a Problem with external Optical Devices (connected per USB). We blocked all USB and optical devices to allow only the ones we testet for bad software beforehand. Für USb Storage devices it works like a charm, but I can't seem to get the Optical Devices for our EDV running. They keep being blocked even though I made an exception on them in the WebAdmin Console. 

 

The Log just says it is deactivated:

20161010 080951 Controlled Devices der Gattung 'Optische Laufwerke (CD/DVD)' von Administrator deaktiviert.
20161010 080951 Zugriff auf Controlled Device 'Optische Laufwerke (CD/DVD)' deaktiviert: deviceId=USBSTOR\CDROM&VEN_HL-DT-ST&PROD_DVDRAM_GSA-T50N&REV_RY05\4D303039314E423531303520&0, status=present.

Any Advice on that?



This thread was automatically locked due to age.
Parents
  • Hello David Do Van,

    are the exemptions per (unique) device ID or per model? What are the exemptions that should apply to the above device?

    Christian

  • Hello QC,

    Thanks for the fast reply. I set up computer Groups for our different sites with blocked all for workstations and Wireless allowed for Laptops. After I testet the devices on our scanning PC I connect them to my workstation and put up an exception in Device Control. I guess those are per Device ID. I give one example here:

     

     

     

Reply
  • Hello QC,

    Thanks for the fast reply. I set up computer Groups for our different sites with blocked all for workstations and Wireless allowed for Laptops. After I testet the devices on our scanning PC I connect them to my workstation and put up an exception in Device Control. I guess those are per Device ID. I give one example here:

     

     

     

Children
  • Hello David Do Van,

    this is Sophos Central/Cloud, isn't it? I'm not familiar with its interface so I can only make general comments. It's a problem with all DVDs and they are exempted after they have been plugged in the scannig PC. But on any other PC they are blocked? Is the DeviceID for a specific DVD (as reported in the event) the same on all PCs? Last but not least - is the amended policy applied?

    Christian

  • Hello QC,

    It's the Web Interface of the Sophos UTM 9. The PC for Scanning isnt in Our Network. It updates its Antivir Softwares per LTE Router. After we checked the devices for Virus, Malware etc. I connect them to my workstation, which is controlled by the Sophos Endpoint Protection. After a few minutes i can make the exeption for the device for our different sites. With USB Storage Devices this works just fine.

    But Optical Devices plugged in per USB wont show up even when I made the exception for the Device. Its not about the CD/DVD. The Problem is I cannot allow the Drive for it.

     

    After some digging it seems that the UTM blocks configuration information for the Device, wich makes it not working at all. The Text Says:

    "The Hardwaredevice can not be startet, because the configuration information (in the registry) is incomplete or damaged. (Code19)"

  • Alright you can move this to utm channel

  • HI,

    Have these computers been upgraded to Windows 10?

    Do they have the sdcfilter service? As a test, what is the output of the command:

    sc query sdcfilter

    I'm wondering if this is related:
    community.sophos.com/.../windows-10-cd-dvd-rom-issue

    Regards,

    Jak

  • Hello Jak,

    yes your suggestion in the linked thread worked like a charm:

     

    If you get it back into the working state as you have done previously by essentially removing the sdcfilter (lower filter). Then find the inf file for the sdcfilter driver in the AutoUpdate cache, e.g.:

    C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\ClassFilterDrivers\wnet_amd64\

    right click on the sdcfilter.inf file and choose install. Does the lower filter appear as listed and the device functional?

    Now I got to do it with every Workstation that uses these devices. But at least it works. Thanks for the help.