Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2081 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I temporarily unload EndPoint?

BrianT

Hello all,

I'm a new user trying to figure out how to temporarily unload Sophos EndPoint v10 to do some PC troubleshooing.  The only way I can see to do it is to stop all Sophos services on the PC.  Is there a way to remove Sophos from the system tray after the services have stopped?

Thx,

Brian

:34823


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    You can terminate the process almon.exe for each user session.  This is lauched at logon from the "run" key so will not return until you log off and log on again. I'd be suprised if almon.exe caused you a problem.

    I would suggest looking at detoured, this is the most likely component to be causing you issues. Detoured loads into processes by adding itself to the AppInit_DLLs key here:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

    if on a 64-bit computer.  

    So when you run an exe, detoured gets loaded into it.

    Under both of the above keys there is also a "LoadAppInit_DLLs" DWORD which enables and disables the loading of any dll into an application.

    So I guess as a test, if you know the process name that is being used/lauched, you could find out if it's a 32 or 64 bit process (taskmanager) and then maybe set: LoadAppInit_DLLs to be a 0 under the appropraite node.

    If you then re-launch the process does it run ok?  

    Regards,

    Jak

    :34843
Reply
  • 0

    HI,

    You can terminate the process almon.exe for each user session.  This is lauched at logon from the "run" key so will not return until you log off and log on again. I'd be suprised if almon.exe caused you a problem.

    I would suggest looking at detoured, this is the most likely component to be causing you issues. Detoured loads into processes by adding itself to the AppInit_DLLs key here:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

    if on a 64-bit computer.  

    So when you run an exe, detoured gets loaded into it.

    Under both of the above keys there is also a "LoadAppInit_DLLs" DWORD which enables and disables the loading of any dll into an application.

    So I guess as a test, if you know the process name that is being used/lauched, you could find out if it's a 32 or 64 bit process (taskmanager) and then maybe set: LoadAppInit_DLLs to be a 0 under the appropraite node.

    If you then re-launch the process does it run ok?  

    Regards,

    Jak

    :34843
Children
No Data