I can't edit 20H2 ISOs

Driftingforlife

New Member
Hi. So when ever and try and edit a 20H2 ISO I always get "Detected file in use within mount directory" when it comes to save the changes.

NTlite.png

It works fine when I am editing a 1809 or 1909 ISO. I have tried different host systems based on 1909 and 20H2 and it made no difference and different versions of NTlite.

After I reboot the PC I still can't unload the image till I have taken ownership of a folder and a lockscreen background then delete it under C:\Users\****\AppData\Local\Temp then I can unload it.

Any thoughts?

Thanks
 
Hi,

most probably Sophos Ransomware Protection, more info here.
Or any other antivirus, but do let me know which, Sophos is coming up lately as bothersome.

Thanks.
 
Hi, as it happens we do run Sophos central endpoint with intercept X (ransomware protection), I'm not seeing any detections relating to NTlite but I will have a deeper look.

Thank you very much.

------

Added the path to ntlite and ntlite itself to exclusions and testing.

-------
Didn't work
 
Last edited:
Regarding exclusions, try the Temporary directory (NTLite - File - Settings).
As it contains the actual files within the image once loaded, that is the ones Sophos is probably scanning within.
I don't think excluding NTLite directory is needed, it's not where the process happens.

But best would be to move the temporary directory first somewhere custom, as you don't want to disable protection of a general temporary directory.
Do not enable custom Scratch disk, let it follow the temporary directory.
I hope the exclusions are taking into account subdirectories, otherwise add ...\NLTmpMount01 and ...\NLTmpMount01_WIMTemp
as well, if only one image loaded.

Make sure to unload any previous images for the new location to take account.

Another idea is to also exclude the image directory, if the temporary/mount directory wasn't enough.

Do let me know how it goes, so I can advise others as well.
Thanks.
 
Thank you. Tried excluding the NLT folders using wildcards and it still errored. Will create a new one as you suggested on a different drive and test, then test with it directly excluded.

So im going to:
Move the temp dir - test
exclude that temp dir - test
Exclude the main dir - test

Will let you know how it goes.

Thank you
 
Thanks.

Well then, only way for now is to disable the Ransomware Protection while editing images, or use a virtual machine.
My guess is that their exclude directory does not work, or is not including all subdirectories, one-level only.

Will add this info to the error prompt in the next version, got a quite a few reports and all tied to just this.
Maybe someone should report to Sophos to fix it, not scan into mounted images or not lock files in it.
 
Going to have to be a VM for me, my boss will grill me if i turn off RM at all haha

I find it strange how it doesn't effect 1809/1909 ISOs

I have logged it with sophos but they are never that helpful.
 
Last edited:
Back
Top