Normal Dismount vs Force Dismount
Understanding the distinction between "Normal Dismount" and "Force Dismount" operation is important due to the potential impact on user data.
Normal Dismount Process
During a normal dismount process, VeraCrypt performs the following steps:
- Requests the Windows operating system to lock the volume, prohibiting further I/O operations.
- Requests Windows to gracefully eject the volume from the system. This step is analogous to user-initiated device ejection via the system tray.
- Instructs the Windows Mount Manager to unmount the volume.
- Deletes the link between the drive letter and the volume's virtual device.
- Deletes the volume's virtual device, which includes erasing the encryption keys from RAM.
In this flow, steps 1 and 2 may fail if there are open files on the volume. Notably, even if all user applications accessing files on the volume are closed, Windows might still keep the files open until the I/O cache is completely flushed.
Force Dismount Process
The Force Dismount process is distinct but largely similar to the Normal Dismount. It essentially follows the same steps but disregards any failures that might occur during steps 1 and 2, and carries on with the rest of the procedure. However, if there are files open by the user or if the volume I/O cache has not yet been flushed, this could result in potential data loss. This situation parallels forcibly removing a USB device from your computer while Windows is still indicating its active usage.
Provided all applications using files on the mounted volume have been successfully closed and the I/O cache is fully flushed, neither data loss nor data/filesystem corruption should occur when executing a 'force dismount'. As in a normal dismount, the encryption keys are erased from RAM upon successful completion of a 'Force Dismount'.
How to Trigger Force Dismount
There are three approaches to trigger a force dismount in VeraCrypt:
- Through the popup window that appears if a normal dismount attempt is unsuccessful.
- Via Preferences, by checking the "force auto-dismount" option in the "Auto-Dismount" section.
- Using the command line, by incorporating the /force or /f switch along with the /d or /dismount switch.
In order to avoid inadvertent data loss or corruption, always ensure to follow suitable precautions when dismounting a VeraCrypt volume. This includes
- Ensuring all files on the volume are closed before initiating a dismount.
- Allowing some time after closing all files to ensure Windows has completely flushed the I/O cache.
- Take note that some antivirus software may keep file handles open on the volume after performing a scan, hindering a successful Normal Dismount. If you experience this issue, you might consider excluding the VeraCrypt volume from your antivirus scans. Alternatively, consult with your antivirus software provider to understand how their product interacts with VeraCrypt volumes and how to ensure it doesn't retain open file handles.