Unmounting a file system volume may fail due to the presence of open handles to a SYMEFA.DB file at the root of that volume. This may block the safe ejection of USB drives or the unmounting of other removable media.
Symantec Endpoint Protection (SEP) and other Symantec or Norton AntiVirus products for Windows keep a SYMEFA.DB file at the root of each local volume. This file is used to improve product performance by keeping track of files that have already been scanned with the current set of virus definitions.
The block should be temporary. Retrying the unmount operation should succeed.
If such operations continue to be blocked for a certain volume, you may exclude it from SymEFA. SEP version 12.1 RU6 and newer include SymEFA exclusion functionality. To exclude a volume from SymEFA, follow these steps:
Create a SymEFA Volume Exclusion in registry. Add a "VolumeNoPersist" multi-string value to the key below: HKLM\SYSTEM\CurrentControlSet\services\SymEFASI\parameters\config and set its value to the volume or list of volumes to exclude. For example, to exclude volumes 3 and 4: \Device\HarddiskVolume3 \Device\HarddiskVolume4 An entry without a number (i.e. \Device\HarddiskVolume) will exclude all volumes except the system volume.
Reboot and verify that no open handles to SYMEFA.DB exist for the excluded volumes. This can be done with a tool like Process Explorer and its Find menu, "Find Handle or DLL", and searching for "symefa".
To confirm volume number(s), open a command prompt as administrator and use the diskpart command, then enter list volume to display a list of local volume numbers. Add one to the volume number displayed by diskpart. For example, to exclude Volume 3 listed by diskpart, use \Device\HarddiskVolume4 in VolumeNoPersist.
ID: 3615097, 4132491, 3918063, 4129442, 4136881
Subscribing will provide email updates when this Article is updated. Login is required.