lately Symantec endpoint protection was installed in our company, it worked fine for my colleagues, but for me I wasn’t able to copy anything to external devices
so I started looking on how to disable it
I have tried lots of solutions and all didn't work
I tried normal uninstall, it required admin credentials, and the IT admin was on vacation ;)
I have tried Clean Whip tool, it didn’t uninstall endoint
I have tried disabling the services, I remember the services names, EAFRCliManager, Removel Storage Mgmt Service, Removal storage service
all methods didn’t work
Finally I started looking into the registry trying to find anything related
I was looking for hidden start up services and I found 2 services, named GeFilter, Geprotection
I have tried to change the startup type for these services, I wasn’t able to. I wasn’t able to do any changes for these services, I have tried lots of tricks to have full control over this keys to change them, none has worked.
I have noticed there is a key inside of them that is named VolumeInformation{SomeGuid}, I started looking with this Guid, and appeared that this guid is for my C drive
I wasn’t able to rename any of the keys before, but after my changes to have full control, I was able to, so I have renamed this key, removing the Guid part. then I restarted my PC
After restart still I wasn’t able to change values inside these services keys, also unable to delete. since I was able to rename, I tried renaming the services name, I was able to. after renaming, I tried deleting, I was able to
Finally I deleted both services, I look for other locations for the 2 words, GeFilter, GeProtection, deleted them all
Then I restarted my PC one more time, and voila, I was able to copy to external hard drives
To have full control over registry keys you can find more details here
http://www.mydigitallife.info/grant-read-write-full-control-permissions-on-registry-keys-fix-cannot-import-and-access-denied-error-in-regedit/
so I started looking on how to disable it
I have tried lots of solutions and all didn't work
I tried normal uninstall, it required admin credentials, and the IT admin was on vacation ;)
I have tried Clean Whip tool, it didn’t uninstall endoint
I have tried disabling the services, I remember the services names, EAFRCliManager, Removel Storage Mgmt Service, Removal storage service
all methods didn’t work
Finally I started looking into the registry trying to find anything related
I was looking for hidden start up services and I found 2 services, named GeFilter, Geprotection
I have tried to change the startup type for these services, I wasn’t able to. I wasn’t able to do any changes for these services, I have tried lots of tricks to have full control over this keys to change them, none has worked.
I have noticed there is a key inside of them that is named VolumeInformation{SomeGuid}, I started looking with this Guid, and appeared that this guid is for my C drive
I wasn’t able to rename any of the keys before, but after my changes to have full control, I was able to, so I have renamed this key, removing the Guid part. then I restarted my PC
After restart still I wasn’t able to change values inside these services keys, also unable to delete. since I was able to rename, I tried renaming the services name, I was able to. after renaming, I tried deleting, I was able to
Finally I deleted both services, I look for other locations for the 2 words, GeFilter, GeProtection, deleted them all
Then I restarted my PC one more time, and voila, I was able to copy to external hard drives
To have full control over registry keys you can find more details here
http://www.mydigitallife.info/grant-read-write-full-control-permissions-on-registry-keys-fix-cannot-import-and-access-denied-error-in-regedit/
Update:
ReplyDeleteAll you need to do
1- Start task manager, End task for EAFRCliManager if exists
2- Open Local services, Disable the services EAFRCliManager, Removal Storage Mgmt Service, Removal storage service
3- Open registry, search for geprotection, you will twice find 2 keys looks like LEGACY_GEPROTECTION, LEGACY_GEFILTER, edit permission, take ownership, and then give control to owner to delete, then delete
You will twice find also 2 other keys named geprotection and gefilter, simply try to delete, if not deleted, rename then delete.
4- Restart PC, you will be able to use your external drives normally