Safely dismounting TruCrypt volumes and safely removing USB external drive in Windows 10

We use an external drive with a TrueCrypt volume (used for backups).  We have noticed recently that when dismounting it gives us a "Volume contains files or folders being used by applications or system" "Force dismount?".

We use Cobian Backup to backup our data to the TC drive.  When this message appears, we just exit the apps and sometimes remove it from memory and done it works.  But this time, that didn't work.

We have googled the problems and in some cases it says that it is Windows Indexing that is causing the problem.  We disabled it, and still problem.

Another finding is setting the drive policy to "Quick Removal", which we already had setup from the start.

Based on our findings, we are understand that even though the message appear, we can remove without problem.

Please advice possible cause & proper steps to follow to resolve it.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Since truecrypt is not considered safe anymore (unfixed security issues with its driver), you should switch to veracrypt or bitlocker.
That said, I have seen that message myself but never had any problems with forcing a dismount.
Dave HoweSoftware and Hardware EngineerCommented:
unfixed privesc in the TC driver isn't really an issue, but it's symptomatic of the larger problem (that the tc driver isn't maintained any more) so really you should go to veracrypt before there *is* a significant issue. But that aside...

there is a handy utility here that can show you files currently open; Process Explorer also has "find" functionality that can let you find file handles for a substring (such as x:\)

the files held open tend to be harmless, but its good for peace of mind to at least know what they are :D

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
janaAuthor Commented:
Thanx for the link, we will check those tools out.

TrueCrypt is not considered safe anymore??? Will place another question for this because we use TC in everything.

Back to the question.

Yes we did force the dismount prior seeing your response, connected again and its seems all ok; nothing lost.  Based on you guys experience, why would TC not permit dismount the volume and display the "force" message?  (even though we assured nothing was accessing the volume)

Also, if we have the drive policy to "Quick Removal" active, just disconnecting the USB drive with TC, is it still save? (even though it displays the "force" message))
Dave HoweSoftware and Hardware EngineerCommented:
Truecrypt is unmaintained, rayluvs - while there is only one known issue in it so far (an unprivileged user can run system-level calls by abusing the truecrypt driver) and it passed the NCC audit with only a few observations on the key schedule. veracrypt is the successor, can open TC volumes, and has had the issues found so far patched (so truecrypt to veracrypt is a simple upgrade)

TC will not allow you to dismount the volume if a file handle is open on it - without using force. the two utilities I mentioned earlier will list open file handles, so let you find which program is holding the volume open.

pulling the volume while mounted is not advised - you can't guarantee any changes to the directory index files are written unless cleanly unmounted (forced or not)
janaAuthor Commented:
Good enough.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.