Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 4353 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

USB Device Requires Admin to install ONLY when Sophos is installed

Emineminem

I am using a Device Control Policy and Blocking All USB Removable storage  ’’’’EXCEPT  Integral  Encrypted  USB Flash Drive’’’’.. The USB Flash Drive loads All Ok if Admin, but if User plugs the device in,  there are a total of Four Windows Admin Requests  to get through before using the device. This does NOT happen if The Policy is NOT enabled.  To be Clear.. They are Windows Admin Requests and do not appear for Admins. I have tried all the Policy and Registry Edits. Anybody had this problem before?.. .  Using AV Version 9.5 and Console 4.51

:5929


This thread was automatically locked due to age.
  • 0

    Hello Emineminem,

    can't say if turning on verbose logging (using the client's GUI) will give you any useful information but you could try.

    You did not say which OS. Do the request have any specific text or are they just general (Administrator, blah blah ...)?

    Once the four requests have been authenticated - do they pop up again the next time the device is used by a non-administrator? And is the behaviour the same if you use Detect but do not block devices?

    Christian

    :5945
  • 0

    Hi Christian,

    Operating System is XP SP3.  The Admin requests are just the standard "you need to be a member of the admin group to install this device". The device works fine for any user after it has been 'installed' by admin and no more pop ups.

    Basically it installs two Virtual Drives E: and F:. One for The Encryption Software and the other for Data. It Installs for the basic 'Input of the Device' and then again when the 'Encryption Software exe' is Started. So it looks like a simple Windows Hardware Install and then a Windows Software Install, requiring 'Registry' and 'C:'  Write/Modify Permissions.

    'Detect but do not Block' is OK, but as soon you try to set an access level such as 'Removable Storage Blocked' and then 'Exempted' the problem occurs.

    I haven't checked the Verbose logging yet. That would be a whole different excercise, but I made need to look at that.

    We intend to use these in our company (already purchased 30) any don't want to have a technician install for users everytime.

    Thanks for your interest.

    :5955
  • 0

    Hi,

    This sounds like a known issue which is resolved in the ESC 9.7 release. It relates to the device control class filter driver not being signed by Microsoft - thus the dialogues you are experiencing. Its more common with devices that present two interfaces to the PC and when software such as a logon dialogue is automatically launched. The fix needs to go into a major release due to the need to have the driver signed by Microsoft.

    Best regards,

    John

    :5963
  • 0

    Hi John,

    When is ESC 9.7 due for release? Any Idea?

    I take it there is no short term fix for this.

    Thanks

    :5971
  • 0

    John,

    I forgot to ask, can you explain why it works OK on Windows 7?

    Thanks

    :5973
  • 0

    9.7 is scheduled for release in April 2011.

    I'm not 100% sure why the problem doesn't occur in Windows 7. It probably relates to changes introduces by MS in Windows 7 in how drivers are handled / checked.

    John

    :5981
  • 0

    we have recently upgraded to 9.7 & we have allowed certain Secure USB devices through are system, however when we turn on the device control all secure USB devices need admin rights to install software.

    If we turn the device control off all secure USB devices will pass through without any problems, we have looked & it seems to be a problem with all windows XP service pack 2. Is there a fix for this as we need to find a solution soon.

    :13395
  • 0

    Sounds like this requires further investigation. Can you raise a call with Sophos support?

    Thanks,

    John

    Product Manager

    :13529