Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I temporarily unload EndPoint?

BrianT

Hello all,

I'm a new user trying to figure out how to temporarily unload Sophos EndPoint v10 to do some PC troubleshooing.  The only way I can see to do it is to stop all Sophos services on the PC.  Is there a way to remove Sophos from the system tray after the services have stopped?

Thx,

Brian

:34823


This thread was automatically locked due to age.
  • 0

    Hello Brian,

    no insult intended - the specific combination of terms (and especially the question about the system tray) doesn't sound like you really know why you want to "unload" - as you call it - Sophos. It rather sounds like you don't know where to start.

    So what's the trouble you think is caused by Sophos?

    Christian

    :34831
  • 0

    I'm troubleshooting why my bar code application isn't printing when commanded.  I want to rule out EndPoint as a cause.  I want to get the little Sophos icon out of the lower right corner of the screen next to the clock.   Without uninstalling the software, how do I do that?

    :34833
  • 0

    HI,

    You can terminate the process almon.exe for each user session.  This is lauched at logon from the "run" key so will not return until you log off and log on again. I'd be suprised if almon.exe caused you a problem.

    I would suggest looking at detoured, this is the most likely component to be causing you issues. Detoured loads into processes by adding itself to the AppInit_DLLs key here:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

    if on a 64-bit computer.  

    So when you run an exe, detoured gets loaded into it.

    Under both of the above keys there is also a "LoadAppInit_DLLs" DWORD which enables and disables the loading of any dll into an application.

    So I guess as a test, if you know the process name that is being used/lauched, you could find out if it's a 32 or 64 bit process (taskmanager) and then maybe set: LoadAppInit_DLLs to be a 0 under the appropraite node.

    If you then re-launch the process does it run ok?  

    Regards,

    Jak

    :34843