From 498dff9013d18e5978ab77c14ea2b2d0229603a4 Mon Sep 17 00:00:00 2001 From: "Helmut K. C. Tessarek" Date: Fri, 31 Jan 2025 23:18:26 +0100 Subject: refactor: use the term unmount instead of dismount (#1478) * refactor: use UNMOUNT instead of DISMOUNT in code This change updates the term DISMOUNT in constants to UNMOUNT. Other occurrences (e.g. variable names) are left alone for now. * refactor(ui): use unmount instead of dismount This change updates the GUI text and replaces dismount with unmount. * docs: update term dismount -> unmount * refactor(cmdline): add unmount This change adds an argument 'unmount' for command line usage, while trying to deprecate the old disnount argument. The current dismount argument/flag will still work to not introduce a breaking change. * docs: mention that /dismount is deprecated This change fixes the shorthand version of the argument /unmount It also adds back the info for /dismount and that it is deprecated. --- doc/html/Beginner's Tutorial.html | 6 +- doc/html/Command Line Usage.html | 14 ++-- doc/html/Documentation.html | 2 +- doc/html/FAQ.html | 8 +-- doc/html/Hibernation File.html | 2 +- doc/html/Hidden Volume.html | 2 +- doc/html/Incompatibilities.html | 2 +- doc/html/Introduction.html | 2 +- doc/html/Issues and Limitations.html | 8 +-- doc/html/Main Program Window.html | 22 +++---- doc/html/Multi-User Environment.html | 6 +- doc/html/Normal Dismount vs Force Dismount.html | 77 ---------------------- doc/html/Normal Unmount vs Force Unmount.html | 77 ++++++++++++++++++++++ doc/html/Portable Mode.html | 4 +- doc/html/Program Menu.html | 16 ++--- doc/html/Protection of Hidden Volumes.html | 10 +-- doc/html/Release Notes.html | 14 ++-- doc/html/Removable Medium Volume.html | 4 +- doc/html/Removing Encryption.html | 2 +- doc/html/Security Model.html | 8 +-- .../Security Requirements for Hidden Volumes.html | 2 +- doc/html/Sharing over Network.html | 2 +- doc/html/System Favorite Volumes.html | 4 +- doc/html/Troubleshooting.html | 2 +- doc/html/Unencrypted Data in RAM.html | 14 ++-- ...VeraCrypt Without Administrator Privileges.html | 2 +- doc/html/VeraCrypt Background Task.html | 2 +- doc/html/VeraCrypt Hidden Operating System.html | 2 +- doc/html/VeraCrypt RAM Encryption.html | 2 +- doc/html/ru/Command Line Usage.html | 2 +- doc/html/ru/Documentation.html | 2 +- doc/html/ru/Normal Dismount vs Force Dismount.html | 77 ---------------------- doc/html/ru/Normal Unmount vs Force Unmount.html | 77 ++++++++++++++++++++++ 33 files changed, 240 insertions(+), 236 deletions(-) delete mode 100644 doc/html/Normal Dismount vs Force Dismount.html create mode 100644 doc/html/Normal Unmount vs Force Unmount.html delete mode 100644 doc/html/ru/Normal Dismount vs Force Dismount.html create mode 100644 doc/html/ru/Normal Unmount vs Force Unmount.html (limited to 'doc/html') diff --git a/doc/html/Beginner's Tutorial.html b/doc/html/Beginner's Tutorial.html index c39ee596..531a71c2 100644 --- a/doc/html/Beginner's Tutorial.html +++ b/doc/html/Beginner's Tutorial.html @@ -188,14 +188,14 @@ You can copy files (or folders) to and from the VeraCrypt volume just as you wou on the fly in RAM (memory). Similarly, files that are being written or copied to the VeraCrypt volume are automatically encrypted on the fly in RAM (right before they are written to the disk).

Note that VeraCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume - will be dismounted and all files stored on it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), all files stored on the volume will be inaccessible (and encrypted). To make them accessible + will be unmounted and all files stored on it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), all files stored on the volume will be inaccessible (and encrypted). To make them accessible again, you have to mount the volume. To do so, repeat Steps 13-18.

-

If you want to close the volume and make files stored on it inaccessible, either restart your operating system or dismount the volume. To do so, follow these steps:
+

If you want to close the volume and make files stored on it inaccessible, either restart your operating system or unmount the volume. To do so, follow these steps:



Select the volume from the list of mounted volumes in the main VeraCrypt window (marked with a red rectangle in the screenshot above) and then click -Dismount (also marked with a red rectangle in the screenshot above). To make files stored on the volume accessible again, you will have to mount the volume. To do so, repeat Steps 13-18.

+Unmount (also marked with a red rectangle in the screenshot above). To make files stored on the volume accessible again, you will have to mount the volume. To do so, repeat Steps 13-18.

How to Create and Use a VeraCrypt-Encrypted Partition/Device

Instead of creating file containers, you can also encrypt physical partitions or drives (i.e., create VeraCrypt device-hosted volumes). To do so, repeat the steps 1-3 but in the step 3 select the second or third option. Then follow the remaining instructions in the wizard. When you create a device-hosted VeraCrypt volume within a non-system diff --git a/doc/html/Command Line Usage.html b/doc/html/Command Line Usage.html index c463b04c..004eccc8 100644 --- a/doc/html/Command Line Usage.html +++ b/doc/html/Command Line Usage.html @@ -55,7 +55,7 @@ /volume or /v -

It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when dismounting) or the Volume ID of the disk/partition to mount.
+

It must be followed by a parameter indicating the file and path name of a VeraCrypt volume to mount (do not use when unmounting) or the Volume ID of the disk/partition to mount.
The syntax of the volume ID is ID:XXXXXX...XX where the XX part is a 64 hexadecimal characters string that represent the 32-Bytes ID of the desired volume to mount.

To mount a partition/device-hosted volume, use, for example, /v \Device\Harddisk1\Partition3 (to determine the path to a partition/device, run VeraCrypt and click @@ -74,7 +74,7 @@ You can also specify the Volume ID of the partition/device-hosted volume to moun /beep or /b -Beep after a volume has been successfully mounted or dismounted. +Beep after a volume has been successfully mounted or unmounted. /auto or /a @@ -82,12 +82,16 @@ You can also specify the Volume ID of the partition/device-hosted volume to moun favorite volumes. Note that /auto is implicit if /quit and /volume are specified. If you need to prevent the application window from appearing, use /quit. +/unmount or /u +Unmount volume specified by drive letter (e.g., /u x). When no drive letter is specified, unmounts all currently mounted VeraCrypt volumes. + + /dismount or /d -Dismount volume specified by drive letter (e.g., /d x). When no drive letter is specified, dismounts all currently mounted VeraCrypt volumes. +Deprecated. Please use /unmount or /u. /force or /f -Forces dismount (if the volume to be dismounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access). +Forces unmount (if the volume to be unmounted contains files being used by the system or an application) and forces mounting in shared mode (i.e., without exclusive access). /keyfile or /k @@ -314,7 +318,7 @@ If it is followed by n or no: the password dia

Examples

Mount the volume d:\myvolume as the first free drive letter, using the password prompt (the main program window will not be displayed):

veracrypt /q /v d:\myvolume

-

Dismount a volume mounted as the drive letter X (the main program window will not be displayed):

+

Unmount a volume mounted as the drive letter X (the main program window will not be displayed):

veracrypt /q /d x

Mount a volume called myvolume.tc using the password MyPassword, as the drive letter X. VeraCrypt will open an explorer window and beep; mounting will be automatic:

diff --git a/doc/html/Documentation.html b/doc/html/Documentation.html index 9f6f6587..db4969bf 100644 --- a/doc/html/Documentation.html +++ b/doc/html/Documentation.html @@ -59,7 +59,7 @@
  • Program Menu
  • Mounting Volumes
    • -
  • Normal Dismount vs Force Dismount +
  • Normal Unmount vs Force Unmount
  • Avoid Third-Party File Extensions
  • Parallelization
  • Pipelining diff --git a/doc/html/FAQ.html b/doc/html/FAQ.html index e310f3e8..df1bfe8d 100644 --- a/doc/html/FAQ.html +++ b/doc/html/FAQ.html @@ -227,7 +227,7 @@ VeraCrypt volumes are independent of the operating system. You will be able
    Can I unplug or turn off a hot-plug device (for example, a USB flash drive or USB hard drive) when there is a mounted VeraCrypt volume on it?
    -Before you unplug or turn off the device, you should always dismount the VeraCrypt volume in VeraCrypt first, and then perform the 'Eject' operation if available (right-click the device in the 'Computer' +Before you unplug or turn off the device, you should always unmount the VeraCrypt volume in VeraCrypt first, and then perform the 'Eject' operation if available (right-click the device in the 'Computer' or 'My Computer' list), or use the 'Safely Remove Hardware' function (built in Windows, accessible via the taskbar notification area). Otherwise, data loss may occur.

    @@ -476,9 +476,9 @@ Malware in the .

    -Do I have to dismount VeraCrypt volumes before shutting down or restarting Windows?
    +Do I have to unmount VeraCrypt volumes before shutting down or restarting Windows?
    -No. VeraCrypt automatically dismounts all mounted VeraCrypt volumes on system shutdown/restart.
    +No. VeraCrypt automatically unmounts all mounted VeraCrypt volumes on system shutdown/restart.

    Which type of VeraCrypt volume is better – partition or file container?
    @@ -486,7 +486,7 @@ No. VeraCrypt automatically dismounts all mounted VeraCrypt volumes on system sh     File containers are normal files so you can work with them as with any normal files (file containers can be, for example, moved, renamed, and deleted the same way as normal files). Partitions/drives may be better as regards performance. Note that reading and writing to/from a file container may take significantly longer when the container is heavily fragmented. To solve this problem, defragment the file system in which the container - is stored (when the VeraCrypt volume is dismounted). + is stored (when the VeraCrypt volume is unmounted).

    What's the recommended way to back up a VeraCrypt volume?
    diff --git a/doc/html/Hibernation File.html b/doc/html/Hibernation File.html index cc0888f1..0641c06c 100644 --- a/doc/html/Hibernation File.html +++ b/doc/html/Hibernation File.html @@ -44,7 +44,7 @@ System Encryption) and if the hibernation file is located on one the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates, data are encrypted on the fly before they are written to the hibernation file.

    When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a so-called hibernation file on the hard drive. You can configure VeraCrypt (Settings > -Preferences > Dismount all when: Entering power saving mode) to automatically dismount all mounted VeraCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates +Preferences > Unmount all when: Entering power saving mode) to automatically unmount all mounted VeraCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates (or enters a power-saving mode). However, keep in mind, that if you do not use system encryption (see the chapter System Encryption), VeraCrypt still cannot reliably prevent the contents of sensitive files opened in RAM from being saved unencrypted to a hibernation file. Note that when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off).
    diff --git a/doc/html/Hidden Volume.html b/doc/html/Hidden Volume.html index 56f38e2b..bb415d36 100644 --- a/doc/html/Hidden Volume.html +++ b/doc/html/Hidden Volume.html @@ -46,7 +46,7 @@ It may happen that you are forced by somebody to reveal the password to an encry


    The principle is that a VeraCrypt volume is created within another VeraCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not*, because free - space on any VeraCrypt volume is always filled with random data when the volume is created** and no part of the (dismounted) hidden volume can be distinguished from random data. Note that VeraCrypt does not modify the file + space on any VeraCrypt volume is always filled with random data when the volume is created** and no part of the (unmounted) hidden volume can be distinguished from random data. Note that VeraCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

    diff --git a/doc/html/Incompatibilities.html b/doc/html/Incompatibilities.html index 4c9e4bce..a87ed56d 100644 --- a/doc/html/Incompatibilities.html +++ b/doc/html/Incompatibilities.html @@ -64,7 +64,7 @@ VeraCrypt Rescue Disk.
    Please note that this not a bug in VeraCrypt (the issue is caused by inappropriate design of the third-party activation software).

    Outpost Firewall and Outpost Security Suite

    -If Outpost Firewall or Outpost Security Suite is installed with Proactive Protection enabled, the machine freezes completely for 5-10 seconds during the volume mount/dismount operation. This is caused by a conflict between Outpost System Guard option that protects "Active Desktop" objects and VeraCrypt waiting dialog displayed during mount/dismount operations.
    +If Outpost Firewall or Outpost Security Suite is installed with Proactive Protection enabled, the machine freezes completely for 5-10 seconds during the volume mount/unmount operation. This is caused by a conflict between Outpost System Guard option that protects "Active Desktop" objects and VeraCrypt waiting dialog displayed during mount/unmount operations.
    A workaround that fixes this issue is to disable VeraCrypt waiting dialog in the Preferences: use menu "Settings -> Preferences" and check the option "Don't show wait message dialog when performing operations".
    diff --git a/doc/html/Introduction.html b/doc/html/Introduction.html index 1a946be2..28009ec9 100644 --- a/doc/html/Introduction.html +++ b/doc/html/Introduction.html @@ -50,7 +50,7 @@ Let's suppose that there is an .avi video file stored on a VeraCrypt volume (the in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

    Note that VeraCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume - will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you + will be unmounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile). For a quick start guide, please see the chapter Beginner's Tutorial.

    diff --git a/doc/html/Issues and Limitations.html b/doc/html/Issues and Limitations.html index eed2e222..4fa1e0e3 100644 --- a/doc/html/Issues and Limitations.html +++ b/doc/html/Issues and Limitations.html @@ -45,8 +45,8 @@ Also, there are other entries whose name start with "#{" and "\??\Volume{": double click on each one of them and remove the ones whose data value contains the name "VeraCrypt" and "TrueCrypt".
    • -
  • On some Windows machines, VeraCrypt may hang intermittently when mounting or dismounting a volume. Similar hanging may affect other running applications during VeraCrypt mounting or dismounting operations. -This issue is caused by a conflict between VeraCrypt waiting dialog displayed during mount/dismount operations and other software installed on the machine (e.g. Outpost Firewall Pro). +
  • On some Windows machines, VeraCrypt may hang intermittently when mounting or unmounting a volume. Similar hanging may affect other running applications during VeraCrypt mounting or unmounting operations. +This issue is caused by a conflict between VeraCrypt waiting dialog displayed during mount/unmount operations and other software installed on the machine (e.g. Outpost Firewall Pro). In such situations, the issue can be solved by disabling VeraCrypt waiting dialog in the Preferences: use menu "Settings -> Preferences" and check the option "Don't show wait message dialog when performing operations".
    • @@ -79,7 +79,7 @@ In such situations, the issue can be solved by disabling VeraCrypt waiting dialo Note: The only exception is the multi-boot configuration where a running VeraCrypt-encrypted operating system is always located on drive #0, and it is the only operating system located on the drive (or there is one VeraCrypt-encrypted decoy and one VeraCrypt-encrypted hidden operating system and no other operating system on the drive), and the drive is connected or disconnected before the computer is turned on (for example, using the power switch on an external eSATA drive enclosure). There may be any additional operating systems (encrypted or unencrypted) installed on other drives connected to the computer (when drive #0 is disconnected, drive #1 becomes drive #0, etc.) -
  • When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, VeraCrypt may fail to auto-dismount volumes in such cases. +
  • When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, VeraCrypt may fail to auto-unmount volumes in such cases.
  • Preserving of any timestamp of any file (e.g. a container or keyfile) is not guaranteed to be reliably and securely performed (for example, due to filesystem journals, timestamps of file attributes, or the operating system failing to perform it for various documented and undocumented reasons). Note: When you write to a file-hosted hidden volume, the timestamp of the container may change. This can be plausibly explained as having been caused by changing the (outer) volume password. Also note that VeraCrypt never preserves timestamps of system favorite volumes (regardless of the settings).
  • Special software (e.g., a low-level disk editor) that writes data to a disk drive in a way that circumvents drivers in the driver stack of the class ‘DiskDrive’ (GUID of the class is 4D36E967- E325-11CE-BFC1-08002BE10318) can write unencrypted @@ -103,7 +103,7 @@ link explains how to disable it in Windows 8 and this Security Model.
    • diff --git a/doc/html/Main Program Window.html b/doc/html/Main Program Window.html index 30ee175b..c232633f 100644 --- a/doc/html/Main Program Window.html +++ b/doc/html/Main Program Window.html @@ -45,7 +45,7 @@ Note: There is a more comfortable way of mounting VeraCrypt partitions/devices &

    Mount

    After you click ‘Mount’, VeraCrypt will try to mount the selected volume using cached passwords (if there are any) and if none of them works, it prompts you for a password. If you enter the correct password (and/or provide correct keyfiles), the volume will be mounted.

    -

    Important: Note that when you exit the VeraCrypt application, the VeraCrypt driver continues working and no VeraCrypt volume is dismounted.

    +

    Important: Note that when you exit the VeraCrypt application, the VeraCrypt driver continues working and no VeraCrypt volume is unmounted.

    Auto-Mount Devices

    This function allows you to mount VeraCrypt partitions/devices without having to select them manually (by clicking ‘Select Device’). VeraCrypt scans headers of all available partitions/devices on your system (except DVD drives and similar devices) one by one and tries to mount each of them as a VeraCrypt volume. Note that a VeraCrypt partition/device cannot be identified, nor the cipher it has been encrypted with. Therefore, the program cannot directly “find” VeraCrypt partitions. Instead, @@ -56,18 +56,18 @@ If the password you enter is wrong, mounting is attempted using cached passwords Shift key when clicking Auto- Mount Devices (only cached passwords will be used, if there are any).

    Drive letters will be assigned starting from the one that is selected in the drive list in the main window.

    -

    Dismount

    -

    This function allows you to dismount the VeraCrypt volume selected in the drive list in the main window. To dismount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume.

    -

    Dismount All

    +

    Unmount

    +

    This function allows you to unmount the VeraCrypt volume selected in the drive list in the main window. To unmount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume.

    +

    Unmount All

    Note: The information in this section applies to all menu items and buttons with the same or similar caption (for example, it also applies to the system tray menu item -Dismount All).
    +Unmount All).

    -This function allows you to dismount multiple VeraCrypt volumes. To dismount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume. This function dismounts all mounted VeraCrypt volumes except the following:

    +This function allows you to unmount multiple VeraCrypt volumes. To unmount a VeraCrypt volume means to close it and make it impossible to read/write from/to the volume. This function unmounts all mounted VeraCrypt volumes except the following:

    +
  • VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be unmounted by an instance of VeraCrypt without administrator privileges when the option 'Allow only administrators to + view and unmount system favorite volumes in VeraCrypt' is enabled.

    • Wipe Cache

    Clears all passwords (which may also contain processed keyfile contents) cached in driver memory. When there are no passwords in the cache, this button is disabled. For information on password cache, see the section @@ -87,11 +87,11 @@ Furthermore, if this option is enabled, the volume path input field in the main
    Note: You can clear the volume history by selecting Tools -> Clear Volume History.

    Exit

    -

    Terminates the VeraCrypt application. The driver continues working and no VeraCrypt volumes are dismounted. When running in ‘portable’ mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application - and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, if you force dismount on a

    +

    Terminates the VeraCrypt application. The driver continues working and no VeraCrypt volumes are unmounted. When running in ‘portable’ mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application + and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, if you force unmount on a

    VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may not be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are - applications using the dismounted volume).

    + applications using the unmounted volume).

    Volume Tools

    Change Volume Password

    See the section diff --git a/doc/html/Multi-User Environment.html b/doc/html/Multi-User Environment.html index 99456293..94c0f5e0 100644 --- a/doc/html/Multi-User Environment.html +++ b/doc/html/Multi-User Environment.html @@ -46,10 +46,10 @@ Moreover, on Windows, the password cache is shared by all logged on users (for m Settings -> Preferences, subsection Cache passwords in driver memory).

    Also note that switching users in Windows XP or later (Fast User Switching functionality) does -not dismount a successfully mounted VeraCrypt volume (unlike system restart, which dismounts all mounted VeraCrypt volumes).
    +not unmount a successfully mounted VeraCrypt volume (unlike system restart, which unmounts all mounted VeraCrypt volumes).

    On Windows 2000, the container file permissions are ignored when a file-hosted VeraCrypt volume is to be mounted. On all supported versions of Windows, users without administrator privileges can mount any partition/device-hosted VeraCrypt volume (provided that - they supply the correct password and/or keyfiles). A user without administrator privileges can dismount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default) -Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and dismount system favorite volumes in VeraCrypt’.

    + they supply the correct password and/or keyfiles). A user without administrator privileges can unmount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default) +Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and unmount system favorite volumes in VeraCrypt’.

    diff --git a/doc/html/Normal Dismount vs Force Dismount.html b/doc/html/Normal Dismount vs Force Dismount.html deleted file mode 100644 index 4ebd52c8..00000000 --- a/doc/html/Normal Dismount vs Force Dismount.html +++ /dev/null @@ -1,77 +0,0 @@ - - - - -VeraCrypt - Free Open source disk encryption with strong security for the Paranoid - - - - - - -
    -VeraCrypt -
    - - - -
    -

    -Documentation ->> -Normal Dismount vs Force Dismount -

    - -
    -

    Normal Dismount vs Force Dismount

    -

    Understanding the distinction between "Normal Dismount" and "Force Dismount" operation is important due to the potential impact on user data.

    - -

    Normal Dismount Process

    - -

    During a normal dismount process, VeraCrypt performs the following steps:

    - -
      -
    1. Requests the Windows operating system to lock the volume, prohibiting further I/O operations.
      2. -
    2. Requests Windows to gracefully eject the volume from the system. This step is analogous to user-initiated device ejection via the system tray.
      3. -
    3. Instructs the Windows Mount Manager to unmount the volume.
      4. -
    4. Deletes the link between the drive letter and the volume's virtual device.
      5. -
    5. Deletes the volume's virtual device, which includes erasing the encryption keys from RAM.
      6. -
    - -

    In this flow, steps 1 and 2 may fail if there are open files on the volume. Notably, even if all user applications accessing files on the volume are closed, Windows might still keep the files open until the I/O cache is completely flushed.

    - -

    Force Dismount Process

    - -

    The Force Dismount process is distinct but largely similar to the Normal Dismount. It essentially follows the same steps but disregards any failures that might occur during steps 1 and 2, and carries on with the rest of the procedure. However, if there are files open by the user or if the volume I/O cache has not yet been flushed, this could result in potential data loss. This situation parallels forcibly removing a USB device from your computer while Windows is still indicating its active usage.

    - -

    Provided all applications using files on the mounted volume have been successfully closed and the I/O cache is fully flushed, neither data loss nor data/filesystem corruption should occur when executing a 'force dismount'. As in a normal dismount, the encryption keys are erased from RAM upon successful completion of a 'Force Dismount'.

    - -

    How to Trigger Force Dismount

    - -

    There are three approaches to trigger a force dismount in VeraCrypt:

    - -
      -
    1. Through the popup window that appears if a normal dismount attempt is unsuccessful.
      2. -
    2. Via Preferences, by checking the "force auto-dismount" option in the "Auto-Dismount" section.
      3. -
    3. Using the command line, by incorporating the /force or /f switch along with the /d or /dismount switch.
      4. -
    - -

    In order to avoid inadvertent data loss or corruption, always ensure to follow suitable precautions when dismounting a VeraCrypt volume. This includes

    -
      -
    1. Ensuring all files on the volume are closed before initiating a dismount.
      2. -
    2. Allowing some time after closing all files to ensure Windows has completely flushed the I/O cache.
      3. -
    3. Take note that some antivirus software may keep file handles open on the volume after performing a scan, hindering a successful Normal Dismount. If you experience this issue, you might consider excluding the VeraCrypt volume from your antivirus scans. Alternatively, consult with your antivirus software provider to understand how their product interacts with VeraCrypt volumes and how to ensure it doesn't retain open file handles.
      4. -
    - - -
    diff --git a/doc/html/Normal Unmount vs Force Unmount.html b/doc/html/Normal Unmount vs Force Unmount.html new file mode 100644 index 00000000..72da246b --- /dev/null +++ b/doc/html/Normal Unmount vs Force Unmount.html @@ -0,0 +1,77 @@ + + + + +VeraCrypt - Free Open source disk encryption with strong security for the Paranoid + + + + + + +
    +VeraCrypt +
    + + + +
    +

    +Documentation +>> +Normal Unmount vs Force Unmount +

    + +
    +

    Normal Unmount vs Force Unmount

    +

    Understanding the distinction between "Normal Unmount" and "Force Unmount" operation is important due to the potential impact on user data.

    + +

    Normal Unmount Process

    + +

    During a normal unmount process, VeraCrypt performs the following steps:

    + +
      +
    1. Requests the Windows operating system to lock the volume, prohibiting further I/O operations.
      2. +
    2. Requests Windows to gracefully eject the volume from the system. This step is analogous to user-initiated device ejection via the system tray.
      3. +
    3. Instructs the Windows Mount Manager to unmount the volume.
      4. +
    4. Deletes the link between the drive letter and the volume's virtual device.
      5. +
    5. Deletes the volume's virtual device, which includes erasing the encryption keys from RAM.
      6. +
    + +

    In this flow, steps 1 and 2 may fail if there are open files on the volume. Notably, even if all user applications accessing files on the volume are closed, Windows might still keep the files open until the I/O cache is completely flushed.

    + +

    Force Unmount Process

    + +

    The Force Unmount process is distinct but largely similar to the Normal Unmount. It essentially follows the same steps but disregards any failures that might occur during steps 1 and 2, and carries on with the rest of the procedure. However, if there are files open by the user or if the volume I/O cache has not yet been flushed, this could result in potential data loss. This situation parallels forcibly removing a USB device from your computer while Windows is still indicating its active usage.

    + +

    Provided all applications using files on the mounted volume have been successfully closed and the I/O cache is fully flushed, neither data loss nor data/filesystem corruption should occur when executing a 'force unmount'. As in a normal unmount, the encryption keys are erased from RAM upon successful completion of a 'Force Unmount'.

    + +

    How to Trigger Force Unmount

    + +

    There are three approaches to trigger a force unmount in VeraCrypt:

    + +
      +
    1. Through the popup window that appears if a normal unmount attempt is unsuccessful.
      2. +
    2. Via Preferences, by checking the "force auto-unmount" option in the "Auto-Unmount" section.
      3. +
    3. Using the command line, by incorporating the /force or /f switch along with the /d or /unmount switch.
      4. +
    + +

    In order to avoid inadvertent data loss or corruption, always ensure to follow suitable precautions when unmounting a VeraCrypt volume. This includes

    +
      +
    1. Ensuring all files on the volume are closed before initiating a unmount.
      2. +
    2. Allowing some time after closing all files to ensure Windows has completely flushed the I/O cache.
      3. +
    3. Take note that some antivirus software may keep file handles open on the volume after performing a scan, hindering a successful Normal Unmount. If you experience this issue, you might consider excluding the VeraCrypt volume from your antivirus scans. Alternatively, consult with your antivirus software provider to understand how their product interacts with VeraCrypt volumes and how to ensure it doesn't retain open file handles.
      4. +
    + + +
    diff --git a/doc/html/Portable Mode.html b/doc/html/Portable Mode.html index b26cb35b..006c7d0f 100644 --- a/doc/html/Portable Mode.html +++ b/doc/html/Portable Mode.html @@ -64,9 +64,9 @@ Note: To extract files from the VeraCrypt self-extracting package, run it, and t

    The second option has several advantages, which are described in the following sections in this chapter.

    Note: When running in ‘portable’ mode, the VeraCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application and/or of the Volume Creation Wizard are closed and no VeraCrypt volumes are mounted). However, - if you force dismount on a VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may + if you force unmount on a VeraCrypt volume when VeraCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the VeraCrypt driver may not be unloaded when you exit VeraCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start VeraCrypt again as long as there are - applications using the dismounted volume).

    + applications using the unmounted volume).

    Tools -> Traveler Disk Setup

    You can use this facility to prepare a special traveler disk and launch VeraCrypt from there. Note that VeraCrypt ‘traveler disk’ is not a VeraCrypt volume but an unencrypted volume. A ‘traveler disk’ contains VeraCrypt executable files and optionally the ‘autorun.inf’ script (see the section diff --git a/doc/html/Program Menu.html b/doc/html/Program Menu.html index c7ea0534..cbc52b84 100644 --- a/doc/html/Program Menu.html +++ b/doc/html/Program Menu.html @@ -41,9 +41,9 @@

    Volumes -> Auto-Mount All Device-Hosted Volumes

    See the section Auto-Mount Devices.

    -

    Volumes -> Dismount All Mounted Volumes

    +

    Volumes -> Unmount All Mounted Volumes

    See the section -Dismount All.

    +Unmount All.

    Volumes -> Change Volume Password

    Allows changing the password of the currently selected VeraCrypt volume (no matter whether the volume is hidden or standard). Only the header key and the secondary header key (XTS mode) are changed – the master key remains unchanged. This function re-encrypts the volume header using
    @@ -186,8 +186,8 @@ If this option is checked and if there are two or more favorite volumes, then du

    +
  • VeraCrypt volumes that are not displayed in the VeraCrypt application window. For example, system favorite volumes attempted to be unmounted by an instance of VeraCrypt without administrator privileges when the option 'Allow only administrators to + view and unmount system favorite volumes in VeraCrypt' is enabled.

    • VeraCrypt Background Task – Enabled

    See the chapter VeraCrypt Background Task.

    @@ -195,10 +195,10 @@ If this option is checked and if there are two or more favorite volumes, then du

    If this option is checked, the VeraCrypt background task automatically and silently exits as soon as there are no mounted VeraCrypt volumes. For more information, see the chapter VeraCrypt Background Task. Note that this option cannot be disabled when VeraCrypt runs in portable mode.

    -

    Auto-dismount volume after no data has been read/written to it for

    -

    After no data has been written/read to/from a VeraCrypt volume for n minutes, the volume is automatically dismounted.

    -

    Force auto-dismount even if volume contains open files or directories

    -

    This option applies only to auto-dismount (not to regular dismount). It forces dismount (without prompting) on the volume being auto-dismounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).

    +

    Auto-unmount volume after no data has been read/written to it for

    +

    After no data has been written/read to/from a VeraCrypt volume for n minutes, the volume is automatically unmounted.

    +

    Force auto-unmount even if volume contains open files or directories

    +

    This option applies only to auto-unmount (not to regular unmount). It forces unmount (without prompting) on the volume being auto-unmounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).

     

    Next Section >>

    diff --git a/doc/html/Protection of Hidden Volumes.html b/doc/html/Protection of Hidden Volumes.html index 3e3e5890..ce320d21 100644 --- a/doc/html/Protection of Hidden Volumes.html +++ b/doc/html/Protection of Hidden Volumes.html @@ -61,12 +61,12 @@ OK    .
    Both passwords must be correct; otherwise, the outer volume will not be mounted. When hidden volume protection is enabled, VeraCrypt does not actually mount the hidden volume. It only decrypts its header (in RAM) and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save - data to the area of the hidden volume will be rejected (until the outer volume is dismounted). -Note that VeraCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is dismounted, the protection is lost. When + data to the area of the hidden volume will be rejected (until the outer volume is unmounted). +Note that VeraCrypt never modifies the filesystem (e.g., information about allocated clusters, amount of free space, etc.) within the outer volume in any way. As soon as the volume is unmounted, the protection is lost. When the volume is mounted again, it is not possible to determine whether the volume has used hidden volume protection or not. The hidden volume protection can be activated only by users who supply the correct password (and/or keyfiles) for the hidden volume (each time they mount the outer volume).

    -As soon as a write operation to the hidden volume area is denied/prevented (to protect the hidden volume), the entire host volume (both the outer and the hidden volume) becomes write-protected until dismounted (the VeraCrypt driver reports the 'invalid parameter' +As soon as a write operation to the hidden volume area is denied/prevented (to protect the hidden volume), the entire host volume (both the outer and the hidden volume) becomes write-protected until unmounted (the VeraCrypt driver reports the 'invalid parameter' error to the system upon each attempt to write data to the volume). This preserves plausible deniability (otherwise certain kinds of inconsistency within the file system could indicate that this volume has used hidden volume protection). When damage to hidden volume is prevented, a warning is displayed (provided that the VeraCrypt Background Task is enabled – see the chapter @@ -81,7 +81,7 @@ Moreover, the field Hidden Volume Protected in 'Yes (damage prevented!)'.

    Note that when damage to hidden volume is prevented, -no information about the event is written to the volume. When the outer volume is dismounted and mounted again, the volume properties will +no information about the event is written to the volume. When the outer volume is unmounted and mounted again, the volume properties will not display the string "damage prevented".
    @@ -100,7 +100,7 @@ The type of the mounted outer volume is Outer: Important: You are the only person who can mount your outer volume with the hidden volume protection enabled (since nobody else knows your hidden volume password). When an adversary asks you to mount an outer volume, you of course must not mount it with the hidden volume protection enabled. You must mount it as a normal volume (and then VeraCrypt will not show the volume type "Outer" but "Normal"). The reason is that, during the time when an outer volume is mounted with the hidden volume protection enabled, the adversary -can find out that a hidden volume exists within the outer volume (he/she will be able to find it out until the volume is dismounted and possibly +can find out that a hidden volume exists within the outer volume (he/she will be able to find it out until the volume is unmounted and possibly even some time after the computer has been powered off - see Unencrypted Data in RAM).

    diff --git a/doc/html/Release Notes.html b/doc/html/Release Notes.html index dfca8b81..a01ee225 100644 --- a/doc/html/Release Notes.html +++ b/doc/html/Release Notes.html @@ -44,7 +44,7 @@
    • macOS:
        -
      • Fix regression that blocked dismounting of volumes. (GH #1467)
        • +
      • Fix regression that blocked unmounting of volumes. (GH #1467)
    @@ -249,7 +249,7 @@
  • Fix various issues when running in Text mode:
    • Don't allow selecting exFAT/BTRFS filesytem if they are not present or not compatible with the created volume.
      • -
    • Fix wrong dismount message displayed when mounting a volume.
      • +
    • Fix wrong unmount message displayed when mounting a volume.
    • Hide PIM during entry and re-ask PIM when user entered a wrong value.
    • Fix printing error when checking free space during volume creation in path doesn't exist.
    @@ -497,7 +497,7 @@
  • Fix failure of Screen Readers (Accessibility support) to read UI by disabling newly introduced memory protection by default and adding a CLI switch (/protectMemory) to enable it when needed.
  • Fix side effects related to the fix for CVE-2019-19501 which caused links in UI not to open.
  • Add switch /signalExit to support notifying WAITFOR Windows command when VeraCrypt.exe exits if /q was specified in CLI (cf documentation for usage).
    • -
  • Don't display mount/dismount examples in help dialog for command line in Format and Expander.
    • +
  • Don't display mount/unmount examples in help dialog for command line in Format and Expander.
  • Documentation and translation updates.
    • @@ -771,7 +771,7 @@
  • Driver: Fix "Incorrect Parameter" error when mounting volumes on some machines.
  • Fix failure to mount system favorites during boot on some machines.
  • Fix current application losing focus when VeraCrypt is run in command line with /quit /silent switches.
    • -
  • Fix some cases of external applications freezing during mount/dismount.
    • +
  • Fix some cases of external applications freezing during mount/unmount.
  • Fix rare cases of secure desktop for password dialog not visible which caused UI to block.
  • Update libzip to version 1.5.0 that include fixes for some security issues.
  • Extend Secure Desktop feature to smart card PIN entry dialog.
    • @@ -1060,7 +1060,7 @@ incorrect Impersonation Token Handling.
  • Fix system favorites not always mounting after cold start.
  • Solve installer error when updating VeraCrypt on Windows 10.
  • Implement decryption of non-system partition/drive.
  • Include 64-bit exe files in the installer and deploy them on 64-bit machines for better performances.
  • Allow using drive letters A: and B: for mounting volumes
  • Make command line argument parsing more strict and robust (e.g. /lz rejected, must be /l z)
  • Add possibility to show system encryption password in Windows GUI and bootloader -
  • Solve "Class Already exists" error that was happening for some users.
  • Solve some menu items and GUI fields not translatable
  • Make volumes correctly report Physical Sector size to Windows.
  • Correctly detect switch user/RDP disconnect operations for autodismount on session locked. +
  • Solve "Class Already exists" error that was happening for some users.
  • Solve some menu items and GUI fields not translatable
  • Make volumes correctly report Physical Sector size to Windows.
  • Correctly detect switch user/RDP disconnect operations for autounmount on session locked.
  • Add manual selection of partition when resuming in-place encryption.
  • Add command line option (/cache f) to temporarily cache password during favorites mounting.
  • Add waiting dialog for Auto-Mount Devices operations to avoid freezing GUI.
  • Add extra information to displayed error message in order to help analyze reported issues.
  • Disable menu entry for changing system encryption PRF since it's not yet implemented. @@ -1095,7 +1095,7 @@ incorrect Impersonation Token Handling.
  • Uninstall link now open the standard "Add/Remove Programs" window.
  • On uninstall, remove all VeraCrypt references from registry and disk.
  • Included VeraCryptExpander in the Setup.
  • Add option to temporary cache password when mounting multiple favorites.
  • Minor fixes and enhancements (see git history for more information)
  • MacOSX:
      -
    • Solve issue volumes not auto-dismounting when quitting VeraCrypt. +
    • Solve issue volumes not auto-unmounting when quitting VeraCrypt.
    • Solve issue VeraCrypt window not reopening by clicking dock icon.
  • Linux/MacOSX:
      @@ -1132,7 +1132,7 @@ incorrect Impersonation Token Handling.
  • Security: fix vulnerability in bootloader detected by Open Crypto Audit and make it more robust.
  • Add support for SHA-256 in system boot encryption.
  • Various optimizations in bootloader.
  • Complete fix of ShellExecute security issue.
  • Kernel driver: check that the password length received from bootloader is less or equal to 64.
  • Correct a random crash when clicking the link for more information on keyfiles -
  • Implement option to auto-dismount when user session is locked
  • Add self-test vectors for SHA-256
  • Modern look-and-feel by enabling visual styles
  • few minor fixed.
    • +
  • Implement option to auto-unmount when user session is locked
  • Add self-test vectors for SHA-256
  • Modern look-and-feel by enabling visual styles
  • few minor fixed.
    • 1.0e (September 4, 2014)
    diff --git a/doc/html/Removable Medium Volume.html b/doc/html/Removable Medium Volume.html index 63c59c55..2be8297c 100644 --- a/doc/html/Removable Medium Volume.html +++ b/doc/html/Removable Medium Volume.html @@ -47,8 +47,8 @@
  • Windows is prevented from automatically creating the ‘Recycled’ and/or the ‘System Volume Information’ folders on VeraCrypt volumes (in Windows, these folders are used by the Recycle Bin and System Restore features).
  • Windows 8 and later is prevented from writing an Event 98 to the Events Log that contains the device name (\\device\VeraCryptVolumeXX) of VeraCrypt volumes formatted using NTFS. This event log "feature" was introduced in Windows 8 as part of newly introduced NTFS health checks as -explained here. Big thanks to Liran Elharar for discovering this.
  • Windows may use caching methods and write delays that are normally used for removable media (for example, USB flash drives). This might slightly decrease the performance but at the same increase the likelihood that it will be possible to dismount the volume - quickly without having to force the dismount.
  • The operating system may tend to keep the number of handles it opens to such a volume to a minimum. Hence, volumes mounted as removable media might require fewer forced dismounts than other volumes. +explained here. Big thanks to Liran Elharar for discovering this.
  • Windows may use caching methods and write delays that are normally used for removable media (for example, USB flash drives). This might slightly decrease the performance but at the same increase the likelihood that it will be possible to unmount the volume + quickly without having to force the unmount.
  • The operating system may tend to keep the number of handles it opens to such a volume to a minimum. Hence, volumes mounted as removable media might require fewer forced unmounts than other volumes.
  • Under Windows Vista and earlier, the ‘Computer’ (or ‘My Computer’) list does not show the amount of free space on volumes mounted as removable (note that this is a Windows limitation, not a bug in VeraCrypt).
  • Under desktop editions of Windows Vista or later, sectors of a volume mounted as removable medium may be accessible to all users (including users without administrator privileges; see section diff --git a/doc/html/Removing Encryption.html b/doc/html/Removing Encryption.html index c2baf5c6..3f3bf139 100644 --- a/doc/html/Removing Encryption.html +++ b/doc/html/Removing Encryption.html @@ -43,7 +43,7 @@ for non-system partition/drive). If you need to remove encryption (e.g., if you file-hosted volume, please follow these steps:

    1. Mount the VeraCrypt volume.
    2. Move all files from the VeraCrypt volume to any location outside the VeraCrypt volume (note that the files will be decrypted on the fly). -
    3. Dismount the VeraCrypt volume.
    4. delete it (the container) just like you delete any other file.
    +
  • Unmount the VeraCrypt volume.
  • delete it (the container) just like you delete any other file.

    • If in-place decryption of non-system partitions/drives is not desired, it is also possible in this case to follow the steps 1-3 described above.

    In all cases, if the steps 1-3 are followed, the following extra operations can be performed:

    diff --git a/doc/html/Security Model.html b/doc/html/Security Model.html index 79e154d2..edac59d2 100644 --- a/doc/html/Security Model.html +++ b/doc/html/Security Model.html @@ -51,7 +51,7 @@ devices) have been permanently and irreversibly erased/lost.
  • Secure any data on a computer if an attacker can remotely intercept emanations from the computer hardware (e.g. the monitor or cables) while VeraCrypt is running on it (or otherwise remotely monitor the hardware and its use, directly or indirectly, while VeraCrypt is running on it).
  • Secure any data stored in a VeraCrypt volume‡ if an attacker without administrator privileges can access the contents of the mounted volume (e.g. if file/folder/volume permissions do not prevent such an attacker from accessing it).
  • Preserve/verify the integrity or authenticity of encrypted or decrypted data. -
  • Prevent traffic analysis when encrypted data is transmitted over a network.
  • Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if he or she can observe the volume (dismounted or mounted) before and after data is written to it, or if the storage medium/device allows +
  • Prevent traffic analysis when encrypted data is transmitted over a network.
  • Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if he or she can observe the volume (unmounted or mounted) before and after data is written to it, or if the storage medium/device allows the attacker to determine such information (for example, the volume resides on a device that saves metadata that can be used to determine when data was written to a particular sector).
  • Encrypt any existing unencrypted data in place (or re-encrypt or erase data) on devices/filesystems that use wear-leveling or otherwise relocate data internally.
  • Ensure that users choose cryptographically strong passwords or keyfiles.
  • Secure any computer hardware component or a whole computer.
  • Secure any data on a computer where the security requirements or precautions listed in the chapter @@ -65,9 +65,9 @@ Known Issues & Limitations).
  • Mount any partition/device-hosted VeraCrypt volume.
  • Complete the pre-boot authentication process and, thus, gain access to data on an encrypted system partition/drive (and start the encrypted operating system).
  • Skip the pre-boot authentication process (this can be prevented by disabling the option Settings > ‘System Encryption’ > ‘Allow pre-boot authentication to be bypassed by pressing the Esc key’; note that this option can be enabled or disabled only by an administrator). -
  • Dismount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her. However, this does not apply to ‘system favorite volumes’, which he or she can dismount (etc.) +
  • Unmount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her. However, this does not apply to ‘system favorite volumes’, which he or she can unmount (etc.) regardless of who mounted them (this can be prevented by enabling the option -Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and dismount system favorite volumes in VeraCrypt’; note that this option can be enabled or disabled only by an administrator). +Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and unmount system favorite volumes in VeraCrypt’; note that this option can be enabled or disabled only by an administrator).
  • Create a file-hosted VeraCrypt volume containing a FAT or no file system (provided that the relevant folder permissions allow it).
  • Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted VeraCrypt volume (provided that the file permissions allow it).
  • Access the filesystem residing within a VeraCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this). @@ -87,7 +87,7 @@ Settings > ‘System Favorite Volumes’ > ‘Under Mac OS X, a user without administrator privileges can (assuming the default VeraCrypt and operating system configurations):

    • Mount any file-hosted or partition/device-hosted VeraCrypt volume provided that the file/device permissions allow it. -
    • Dismount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her. +
    • Unmount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and properties of) any VeraCrypt volume mounted by him or her.
    • Create a file-hosted or partition/device-hosted VeraCrypt volume provided that the relevant folder/device permissions allow it.
    • Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted VeraCrypt volume (provided that the file/device permissions allow it).
    • Access the filesystem residing within a VeraCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this). diff --git a/doc/html/Security Requirements for Hidden Volumes.html b/doc/html/Security Requirements for Hidden Volumes.html index 3b5dbdb3..7ac28c40 100644 --- a/doc/html/Security Requirements for Hidden Volumes.html +++ b/doc/html/Security Requirements for Hidden Volumes.html @@ -44,7 +44,7 @@ hidden VeraCrypt volume, you must follow the security requirements and preca all security issues and attacks that might adversely affect or limit the ability of VeraCrypt to secure data stored in a hidden VeraCrypt volume and the ability to provide plausible deniability.

    • When creating a volume that you want to make a system favorite later, you must explicitly set the keyboard layout associated with VeraCrypt to US layout and you have to type the same keyboard keys you type when you enter the pre-boot authentication password.

    System favorite volumes can be configured to be available within VeraCrypt only to users with administrator privileges -(select Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and dismount system favorite volumes in VeraCrypt’). This option should be enabled on servers to ensure that - system favorite volumes cannot be dismounted by users without administrator privileges. On non-server systems, this option can be used to prevent normal VeraCrypt volume actions (such as ‘Dismount All’, auto-dismount, etc.) from affecting +    (select Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and unmount system favorite volumes in VeraCrypt’). This option should be enabled on servers to ensure that + system favorite volumes cannot be unmounted by users without administrator privileges. On non-server systems, this option can be used to prevent normal VeraCrypt volume actions (such as ‘Unmount All’, auto-unmount, etc.) from affecting system favorite volumes. In addition, when VeraCrypt is run without administrator privileges (the default on Windows Vista and later), system favorite volumes will not be displayed in the drive letter list in the main VeraCrypt application window.

    To configure a VeraCrypt volume as a system favorite volume, follow these steps:

      diff --git a/doc/html/Troubleshooting.html b/doc/html/Troubleshooting.html index 3eece663..e3cfb49f 100644 --- a/doc/html/Troubleshooting.html +++ b/doc/html/Troubleshooting.html @@ -314,7 +314,7 @@ Replace the motherboard with a different one (different type and/or brand). Problem:
      -When mounting or dismounting a VeraCrypt volume, the system crashes (a 'blue screen' error screen appears or the +When mounting or unmounting a VeraCrypt volume, the system crashes (a 'blue screen' error screen appears or the computer abruptly restarts).
      OR
      diff --git a/doc/html/Unencrypted Data in RAM.html b/doc/html/Unencrypted Data in RAM.html index 9c4de777..96fe5813 100644 --- a/doc/html/Unencrypted Data in RAM.html +++ b/doc/html/Unencrypted Data in RAM.html @@ -40,11 +40,11 @@ It is important to note that VeraCrypt is disk encryption software, which encrypts only disks, not RAM (memory).
      Keep in mind that most programs do not clear the memory area (buffers) in which they store unencrypted (portions of) files they load from a VeraCrypt volume. This means that after you exit such a program, unencrypted data it worked with may remain in memory - (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*). Also note that if you open a file stored on a VeraCrypt volume, for example, in a text editor and then force dismount on the VeraCrypt - volume, then the file will remain unencrypted in the area of memory (RAM) used by (allocated to) the text editor. This also applies to forced auto-dismount.
      + (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*). Also note that if you open a file stored on a VeraCrypt volume, for example, in a text editor and then force unmount on the VeraCrypt + volume, then the file will remain unencrypted in the area of memory (RAM) used by (allocated to) the text editor. This also applies to forced auto-unmount.
      -Inherently, unencrypted master keys have to be stored in RAM too. When a non-system VeraCrypt volume is dismounted, VeraCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted (or cleanly shut down), all non-system VeraCrypt volumes - are automatically dismounted and, thus, all master keys stored in RAM are erased by the VeraCrypt driver (except master keys for system partitions/drives — see below). However, when power supply is abruptly interrupted, when the computer is reset (not +Inherently, unencrypted master keys have to be stored in RAM too. When a non-system VeraCrypt volume is unmounted, VeraCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted (or cleanly shut down), all non-system VeraCrypt volumes + are automatically unmounted and, thus, all master keys stored in RAM are erased by the VeraCrypt driver (except master keys for system partitions/drives — see below). However, when power supply is abruptly interrupted, when the computer is reset (not cleanly restarted), or when the system crashes, VeraCrypt naturally stops running and therefore cannot erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.**
      @@ -70,8 +70,8 @@ Hibernation File).

      * Allegedly, for 1.5-35 seconds under normal operating temperatures (26-44 °C) and up to several hours when the memory modules are cooled (when the computer is running) to very low temperatures (e.g. -50 °C). New types of memory modules allegedly exhibit a much shorter decay time (e.g. 1.5-2.5 seconds) than older types (as of 2008).
      -** Before a key can be erased from RAM, the corresponding VeraCrypt volume must be dismounted. For non-system volumes, this does not cause any problems. However, as Microsoft currently does not - provide any appropriate API for handling the final phase of the system shutdown process, paging files located on encrypted system volumes that are dismounted during the system shutdown process may still contain valid swapped-out memory pages (including portions - of Windows system files). This could cause 'blue screen' errors. Therefore, to prevent 'blue screen' errors, VeraCrypt does not dismount encrypted system volumes and consequently cannot clear the master keys of the system volumes when the system is shut down +** Before a key can be erased from RAM, the corresponding VeraCrypt volume must be unmounted. For non-system volumes, this does not cause any problems. However, as Microsoft currently does not + provide any appropriate API for handling the final phase of the system shutdown process, paging files located on encrypted system volumes that are unmounted during the system shutdown process may still contain valid swapped-out memory pages (including portions + of Windows system files). This could cause 'blue screen' errors. Therefore, to prevent 'blue screen' errors, VeraCrypt does not unmount encrypted system volumes and consequently cannot clear the master keys of the system volumes when the system is shut down or restarted.

      diff --git a/doc/html/Using VeraCrypt Without Administrator Privileges.html b/doc/html/Using VeraCrypt Without Administrator Privileges.html index 742ae0e9..1bb1bbb9 100644 --- a/doc/html/Using VeraCrypt Without Administrator Privileges.html +++ b/doc/html/Using VeraCrypt Without Administrator Privileges.html @@ -40,7 +40,7 @@

      In Windows, a user who does not have administrator privileges can use VeraCrypt, but only after a system administrator installs VeraCrypt on the system. The reason for that is that VeraCrypt needs a device driver to provide transparent on-the-fly encryption/decryption, and users without administrator privileges cannot install/start device drivers in Windows.

      -After a system administrator installs VeraCrypt on the system, users without administrator privileges will be able to run VeraCrypt, mount/dismount any type of VeraCrypt volume, load/save data from/to it, and create file-hosted VeraCrypt volumes on the system. +After a system administrator installs VeraCrypt on the system, users without administrator privileges will be able to run VeraCrypt, mount/unmount any type of VeraCrypt volume, load/save data from/to it, and create file-hosted VeraCrypt volumes on the system. However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall VeraCrypt, cannot change passwords/keyfiles for VeraCrypt partitions/devices, cannot backup/restore headers of VeraCrypt partitions/devices, and they cannot run VeraCrypt in ‘portable’ mode.

      diff --git a/doc/html/VeraCrypt Background Task.html b/doc/html/VeraCrypt Background Task.html index 2ded6d50..bc56155b 100644 --- a/doc/html/VeraCrypt Background Task.html +++ b/doc/html/VeraCrypt Background Task.html @@ -39,7 +39,7 @@

      VeraCrypt Background Task

      When the main VeraCrypt window is closed, the VeraCrypt Background Task takes care of the following tasks/functions:

        -
      1. Hot keys
      2. Auto-dismount (e.g., upon logoff, inadvertent host device removal, time-out, etc.) +
      3. Hot keys
      4. Auto-unmount (e.g., upon logoff, inadvertent host device removal, time-out, etc.)
      5. Auto-mount of favorite volumes
      6. Notifications (e.g., when damage to hidden volume is prevented)
      7. Tray icon

      WARNING: If neither the VeraCrypt Background Task nor VeraCrypt is running, the above- mentioned tasks/functions are disabled.

      diff --git a/doc/html/VeraCrypt Hidden Operating System.html b/doc/html/VeraCrypt Hidden Operating System.html index 8881b925..fcaeef57 100644 --- a/doc/html/VeraCrypt Hidden Operating System.html +++ b/doc/html/VeraCrypt Hidden Operating System.html @@ -219,7 +219,7 @@ As the password for the system partition is not very strong (because it is short

    1. When an attacker gets hold of your computer when a VeraCrypt volume is mounted (for example, when you use a laptop outside), he can, in most cases, read any data stored on the volume (data is decrypted on the fly as he reads it). Therefore, it may be wise to limit the time the volume is mounted to a minimum. Obviously, this may be impossible or difficult if the sensitive data is stored on an encrypted system partition or on an entirely encrypted system drive (because you would also have to limit the time you work - with the computer to a minimum). Hence, you can answer that you created a separate partition (encrypted with a different key than your system partition) for your most sensitive data and that you mount it only when necessary and dismount it as soon as possible + with the computer to a minimum). Hence, you can answer that you created a separate partition (encrypted with a different key than your system partition) for your most sensitive data and that you mount it only when necessary and unmount it as soon as possible (so as to limit the time the volume is mounted to a minimum). On the system partition, you store data that is less sensitive (but which you need to access often) than data you store on the non-system partition (i.e. on the outer volume).
      2. diff --git a/doc/html/VeraCrypt RAM Encryption.html b/doc/html/VeraCrypt RAM Encryption.html index 5bfb6aa5..033a4522 100644 --- a/doc/html/VeraCrypt RAM Encryption.html +++ b/doc/html/VeraCrypt RAM Encryption.html @@ -58,7 +58,7 @@
    2. The master keys are decrypted for every request, requiring a fast decryption algorithm. For this, ChaCha12 is utilized.
    3. Once a volume is mounted, its master keys are immediately encrypted using the described algorithm.
    4. For each I/O request for a volume, the master keys are decrypted only for the duration of that request and then securely wiped.
      5. -
    5. Upon volume dismounting, the encrypted master keys are securely removed from memory.
      6. +
    6. Upon volume unmounting, the encrypted master keys are securely removed from memory.
    7. At Windows shutdown or reboot, the memory region allocated during startup is securely wiped.
    diff --git a/doc/html/ru/Command Line Usage.html b/doc/html/ru/Command Line Usage.html index c3fc1efe..e0d41dfa 100644 --- a/doc/html/ru/Command Line Usage.html +++ b/doc/html/ru/Command Line Usage.html @@ -82,7 +82,7 @@ избранных томов. Обратите внимание, что ключ /auto подразумевается, если указаны ключи /quit и /volume. Если требуется подавить вывод на экран окна программы, используйте ключ /quit. - /dismount или /d/unmount или /d Размонтировать том с указанной буквой диска (пример: /d x). Если буква диска не указана, то будут размонтированы все смонтированные на данный момент тома VeraCrypt. diff --git a/doc/html/ru/Documentation.html b/doc/html/ru/Documentation.html index 00fcc0ea..81f74c84 100644 --- a/doc/html/ru/Documentation.html +++ b/doc/html/ru/Documentation.html @@ -59,7 +59,7 @@
  • Меню программы
  • Монтирование томов
    • -
  • Обычное размонтирование против принудительного +
  • Обычное размонтирование против принудительного
  • О рисках, связанных со сторонними расширениями файлов
  • Распараллеливание
  • Конвейеризация diff --git a/doc/html/ru/Normal Dismount vs Force Dismount.html b/doc/html/ru/Normal Dismount vs Force Dismount.html deleted file mode 100644 index 1bc91dcf..00000000 --- a/doc/html/ru/Normal Dismount vs Force Dismount.html +++ /dev/null @@ -1,77 +0,0 @@ - - - - -VeraCrypt - Бесплатное надёжное шифрование дисков с открытым исходным кодом - - - - - - -
    -VeraCrypt -
    - - - -
    -

    -Документация ->> -Чем обычное размонтирование отличается от принудительного -

    - -
    -

    Чем обычное размонтирование отличается от принудительного

    -

    Важно понимать различия между операциями Обычное размонтирование и Принудительное размонтирование, так как это потенциально влияет на пользовательские данные.

    - -

    Обычное размонтирование

    - -

    Во время обычного размонтирования VeraCrypt выполняет следующие действия:

    - -
      -
    1. Даёт запрос операционной системе Windows заблокировать том, запрещая дальнейшие операции ввода-вывода.
      2. -
    2. Даёт запрос Windows аккуратно изъять том из системы. Этот шаг аналогичен выполняемому пользователем извлечению устройства через область уведомлений в панели задач.
      3. -
    3. Указывает диспетчеру монтирования Windows размонтировать том.
      4. -
    4. Удаляет связь между буквой диска и виртуальным устройством тома.
      5. -
    5. Удаляет виртуальное устройство тома и стирает ключи шифрования из ОЗУ.
      6. -
    - -

    В этой последовательности действий шаги 1 и 2 могут завершиться ошибкой, если в томе есть открытые файлы. Имейте в виду, что даже если все пользовательские приложения, обращающиеся к файлам на томе, закрыты, Windows может по-прежнему держать файлы открытыми до тех пор, пока не будет полностью очищен кэш ввода-вывода.

    - -

    Принудительное размонтирование

    - -

    Процесс принудительного размонтирования хотя и отличается, но во многом он похож на обычное размонтирование. По сути, выполняются те же действия, но игнорируются любые сбои, которые могут возникнуть на шагах 1 и 2, после чего продолжается остальная часть процедуры. Однако если есть файлы, открытые пользователем, или ещё не очищен кэш ввода-вывода тома, это может привести к потенциальной потере данных. Эта ситуация аналогична принудительному удалению USB-устройства из компьютера, когда Windows всё ещё сообщает, что оно используется.

    - -

    Если все приложения, использующие файлы на подключённом томе, были успешно закрыты, а кэш ввода-вывода полностью очищен, то при выполнении принудительного размонтирования не должно происходить ни потери данных, ни повреждения данных или файловой системы. Как и при обычном размонтировании, после успешного завершения принудительного размонтирования ключи шифрования стираются из ОЗУ.

    - -

    Как выполнить принудительное размонтирование

    - -

    В VeraCrypt есть три способа выполнить принудительное размонтирование:

    - -
      -
    1. Через всплывающее окно, которое появляется, если не удалась попытка обычного размонтирования.
      2. -
    2. Через настройки программы, включив опцию Принудительное авторазмонтирование даже при открытых файлах или папках в группе параметров Автоматическое размонтирование.
      3. -
    3. Через командную строку, указав ключ /force или /f вместе с ключом /d или /dismount.
      4. -
    - -

    Во избежание непреднамеренной потери или повреждения данных всегда соблюдайте следующие меры предосторожности при размонтировании тома VeraCrypt:

    -
      -
    1. Перед размонтированием убедитесь, что все файлы на томе закрыты.
      2. -
    2. После закрытия всех файлов не спешите, дайте Windows некоторое время, чтобы полностью очистился кэш ввода-вывода.
      3. -
    3. Учтите, что некоторые антивирусные программы после сканирования могут оставлять дескрипторы файлов в томе открытыми, препятствуя обычному размонтированию. Если возникает такая проблема, попробуйте исключить том VeraCrypt из сканирования антивирусным ПО. Кроме того, проконсультируйтесь с поставщиком вашего антивируса, чтобы понять, как его продукт взаимодействует с томами VeraCrypt и как убедиться, что он не удерживает открытыми дескрипторы файлов.
      4. -
    - - -
    diff --git a/doc/html/ru/Normal Unmount vs Force Unmount.html b/doc/html/ru/Normal Unmount vs Force Unmount.html new file mode 100644 index 00000000..1d02e6db --- /dev/null +++ b/doc/html/ru/Normal Unmount vs Force Unmount.html @@ -0,0 +1,77 @@ + + + + +VeraCrypt - Бесплатное надёжное шифрование дисков с открытым исходным кодом + + + + + + +
    +VeraCrypt +
    + + + +
    +

    +Документация +>> +Чем обычное размонтирование отличается от принудительного +

    + +
    +

    Чем обычное размонтирование отличается от принудительного

    +

    Важно понимать различия между операциями Обычное размонтирование и Принудительное размонтирование, так как это потенциально влияет на пользовательские данные.

    + +

    Обычное размонтирование

    + +

    Во время обычного размонтирования VeraCrypt выполняет следующие действия:

    + +
      +
    1. Даёт запрос операционной системе Windows заблокировать том, запрещая дальнейшие операции ввода-вывода.
      2. +
    2. Даёт запрос Windows аккуратно изъять том из системы. Этот шаг аналогичен выполняемому пользователем извлечению устройства через область уведомлений в панели задач.
      3. +
    3. Указывает диспетчеру монтирования Windows размонтировать том.
      4. +
    4. Удаляет связь между буквой диска и виртуальным устройством тома.
      5. +
    5. Удаляет виртуальное устройство тома и стирает ключи шифрования из ОЗУ.
      6. +
    + +

    В этой последовательности действий шаги 1 и 2 могут завершиться ошибкой, если в томе есть открытые файлы. Имейте в виду, что даже если все пользовательские приложения, обращающиеся к файлам на томе, закрыты, Windows может по-прежнему держать файлы открытыми до тех пор, пока не будет полностью очищен кэш ввода-вывода.

    + +

    Принудительное размонтирование

    + +

    Процесс принудительного размонтирования хотя и отличается, но во многом он похож на обычное размонтирование. По сути, выполняются те же действия, но игнорируются любые сбои, которые могут возникнуть на шагах 1 и 2, после чего продолжается остальная часть процедуры. Однако если есть файлы, открытые пользователем, или ещё не очищен кэш ввода-вывода тома, это может привести к потенциальной потере данных. Эта ситуация аналогична принудительному удалению USB-устройства из компьютера, когда Windows всё ещё сообщает, что оно используется.

    + +

    Если все приложения, использующие файлы на подключённом томе, были успешно закрыты, а кэш ввода-вывода полностью очищен, то при выполнении принудительного размонтирования не должно происходить ни потери данных, ни повреждения данных или файловой системы. Как и при обычном размонтировании, после успешного завершения принудительного размонтирования ключи шифрования стираются из ОЗУ.

    + +

    Как выполнить принудительное размонтирование

    + +

    В VeraCrypt есть три способа выполнить принудительное размонтирование:

    + +
      +
    1. Через всплывающее окно, которое появляется, если не удалась попытка обычного размонтирования.
      2. +
    2. Через настройки программы, включив опцию Принудительное авторазмонтирование даже при открытых файлах или папках в группе параметров Автоматическое размонтирование.
      3. +
    3. Через командную строку, указав ключ /force или /f вместе с ключом /d или /unmount.
      4. +
    + +

    Во избежание непреднамеренной потери или повреждения данных всегда соблюдайте следующие меры предосторожности при размонтировании тома VeraCrypt:

    +
      +
    1. Перед размонтированием убедитесь, что все файлы на томе закрыты.
      2. +
    2. После закрытия всех файлов не спешите, дайте Windows некоторое время, чтобы полностью очистился кэш ввода-вывода.
      3. +
    3. Учтите, что некоторые антивирусные программы после сканирования могут оставлять дескрипторы файлов в томе открытыми, препятствуя обычному размонтированию. Если возникает такая проблема, попробуйте исключить том VeraCrypt из сканирования антивирусным ПО. Кроме того, проконсультируйтесь с поставщиком вашего антивируса, чтобы понять, как его продукт взаимодействует с томами VeraCrypt и как убедиться, что он не удерживает открытыми дескрипторы файлов.
      4. +
    + + +
    -- cgit v1.2.3