Device Control

License settings

• If you have not made any changes to the license settings since version 2020.2, you may encounter issues when migrating the license settings. To avoid this, either make a change before updating to version 2025.2 (for example, by adding and then removing a computer), or reconfigure drive and device activation correctly after the update. (Reference EI-3123)

Blocked devices when using Citrix Workspace

• If you're using Citrix Workspace, some computers might not start because Windows can't load the Drivelock driverDLDevFlt.sys. Apparently the "Citrix USB Monitor Driver" ctxusbmon.sys causes problems when unloading the DLDevFlt.sys.

  Recommended procedure: Open a support ticket with Citrix.

  Possible workarounds until Citrix has fixed the problem:

  1. Uninstall Citrix Workspace.

  2. Since the problem is caused by the fact that DLDevFlt.sys cannot be unloaded, you can try to work around it by only allowing DLDevFlt.sys to be unloaded with a delay or not at all. If the problem only exists in cases where devices are blocked by DriveLock, you can achieve this by switching on the "Disable blocked devices in Device Manager" setting. If DriveLock does not block any devices or this setting is not successful, you can use the "Report device removal" setting, as the driver remains loaded until the device is removed again (please refer to the notes in the description of this new feature). (Reference EI-2825)

Quota / File filter templates

• On the Quota tab, the bytes written or read per time unit are counted, not the actual files. Therefore, the creation of new files with 0 bytes is not blocked.

• The read quota has priority over the write quota, as a read operation is required before the write operation and is blocked if the read quota has already been exceeded.

• The behavior of quotas is application-specific and depends on how an application opens a file for what appears to be a simple read or write request from a user. A file may be temporarily saved, opened several times, duplicated or renamed before the actual read/write processing takes place. Interfering processes acting on behalf of the user (AV) may further falsify the planned behavior. In version 2025.1, only the first in a series of identical creations of a file is counted towards the "Number of files". (Identical means: same user, same process and same access type - read or write.) This should allow a more reasonable usage of the quota "number of files" count than in older versions.

File filter for archive files

• If a file excluded in the file filter is copied to an archive file, the entire archive file is deleted. We recommend that you do not edit archive files directly on the controlled volumes, but on the local hard disk, where no file filter is usually set. (Reference EI-2651)

• Please note the following information:

  • Nonstandard application behavior may lead to unexpected results, e.g. 7zip opens the zip and shows sections of a forbidden exe in analysis mode

  • WebDAV drives are still not supported

  • Hash exclusions are not applied within archives

  • Simulation mode does not include content scanning

  • If an archive is blocked and initial action was a move from an unfiltered location, the source in the unfiltered location is currently deleted as well. (Reference DL-7643)

  Please also note that

  • archives can be scanned up to a nesting level of 2, i.e. zip1/zip2 is scanned, but zip1/zip2/zip3 is blocked,

  • size/number of contained files are not limited; therefore, in spite of a variable timeout adapted to compressed size, a timeout may occur during the scan

  • timeouts and other failures, e.g. failure to open the archive for scanning for whatever reason, will not lead to blocking access.

Content scan

• In certain cases, it's technically not possible to block the deletion of a file. In previous versions, an event for blocking the deletion was still generated in these cases, even though the file had already been deleted.
  Solution: Since the deletion of a file that is classified as unwanted by the content check due to its content is not always an error, the content check and thus also the generation of the event is now omitted.

• Content scan is not possible in folders that have been encrypted with File Protection. It is currently disabled for these folders.

Long serial numbers

• Drives with serial numbers longer than 63 characters cannot be blocked or allowed by a whitelist rule with a required serial number or a default policy.

Files blocked for a short time

• Files may be blocked on a USB flash drive for short time during a configuration update when a file filter is configured and access is permitted for specific users or groups.

Samsung Shield T7

• The serial numbers for Samsung Shield T7 running Windows are reversed. This may apply to all USB SCSI mass storage devices (UAS).

Cumulative Windows Server 2022 Security Updates on Terminal Server

• Please take the following manual steps if you continue to encounter errors on the affected Windows servers after installing or updating the DriveLock Agent: (Reference EI-2639)

  • If MTP control is activated:

    Stop the DriveLock Agent Services and the DriveLock Health Monitor (e.g. net stop drivelock & net stop dlhm) before installing the Windows update. They will be restarted automatically after the reboot.

    If necessary, restart DriveLock manually if it does not restart automatically.

  • If MTP control is not activated:

    After updating from an older DriveLock Agent version, please execute the following commands once in the command line: drivelock -regmtpfltinf and drivelock -unregmtpfltinf.

CD-ROM drives

• DriveLock only shows a usage policy once when a CD is inserted. When ejecting the CD and inserting a new one, the usage policy does not appear any more but the new CD is blocked nonetheless. When you restart DriveLock, the usage policy appears again.

  This is because DriveLock only recognizes the actual device in the policy (CD-ROM drive), not the content (CD-ROM).