Question How do I eject a USB drive with a scheduled task that renders it inaccessible (eg to hackers) without physically unplugging it

[scotiwis]

I have a Samsung T7 with Samsung’s encrypted password option enabled. I want a daily scheduled task that will take the drive offline and the only way to access it again is to unplug and replug it - alternatively put it in such a state that even if something malicious was to run code on my pc to re-enable it it wouldn’t get past the password prompt.



Manually I tried ejecting it via safely eject hardware (to see if this was a possible option to schedule via a batch file or similar) and then I disabled/enabled in device manager (as malicious code might do) but this brings it back online unlocked (ie it remembers status of password already being entered) so this doesn’t seem like an option



End result needs to be a scheduled task to remove the drive as if it’s been unplugged and if any malicious code were to bring it back online somehow then it would be relocked with Samsung password prompt.

 

[hotaru.hino]

The behavior you're seeing sounds like it retains the authentication until the next power cycle, likely because it's expected when you're done with the drive, you'll physically remove it. Though it's possible it may want to re-authenticate after some time out of no activity.

So leave the drive ejected overnight to see if there's a timeout. If it's still unlocked, then you can't do what you want because it requires power cycling the drive.

 

[scotiwis]

The behavior you're seeing sounds like it retains the authentication until the next power cycle, likely because it's expected when you're done with the drive, you'll physically remove it. Though it's possible it may want to re-authenticate after some time out of no activity.

So leave the drive ejected overnight to see if there's a timeout. If it's still unlocked, then you can't do what you want because it requires power cycling the drive.

will do, so is there any way whatsoever to call something via a schedule task that will remove a USB programmatically in such a way that malicious code wouldn't be able to re-open it? Is there software that could be triggered by a task that could do that?

 

[hotaru.hino]

will do, so is there any way whatsoever to call something via a schedule task that will remove a USB programmatically in such a way that malicious code wouldn't be able to re-open it? Is there software that could be triggered by a task that could do that?

No. Always assume if malware has infected your system, it basically owns it.

 

[Ralston18]

Consider disabling the USB ports.

For example (Microsoft link):

https://answers.microsoft.com/en-us...orage-in/43a1e72d-37b9-420b-b74a-9da776c6e54b

Likely you can find and modify some existing script to do most of the work.

Search for additional links and scripts but be very careful of any downloads.

Then set up the necessary triggers etc. via Task Scheduler to run the script.