This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blue Screen of Death | SophosNtpService | Windows Updates March 2024

I posted this as a reply on a different thread, but it seems to have not gotten any attention, so I am posting it now as an independent thread.

I am experiencing on multiple machines with Sophos Home installed, the following:

Quasi-random BSOD (tcpip.sys) when browsing certain web pages (using MS Edge).

I have figured out the contributing factors to be:

  1. Recent Windows (March 2024) "quality" updates.
  2. Sophos Home installed.
  3. Virtual Machines (network drivers are in the mix).

Additionally, I am running these virtual machines on ESXi7 and it affects both Windows 10 and Windows 11.

Before writing this post, I tried:

  1. Upgrading ESXi7 to the latest (March 2024) update: 7.0-U3p.
  2. Updating virtual NIC drivers.
  3. Changing type of virtual NICs (e.g., E1000e to VMXNET3).
  4. Removing the March 2024 Windows updates (only a temporary measure).

After reviewing the crash dumps, I obtained the following information that points to a conflict between Sophos and something else.

  • PROCESS_NAME: SophosNtpServi
  • FAILURE_BUCKET_ID: AV_vmxnet3!unknown_function

I confirmed that un-installing Sophos Home prevents the problem from occurring.

I further confirmed, immediately before making this new post, that the issue still exists after updating Sophos.

I am able to provide crash dumps if needed.



This thread was automatically locked due to age.
Parents
  • Hi  ,

    Thank you for reaching out.

    If you are a Sophos Home Premium customer, I'd suggest reaching out to the Sophos Home support team by logging in on the following page.
    - Sophos Home Sign In

    While the Sophos Central managed endpoint and Sophos Home products are similar, the Sophos Home team would be best suited to assist with your issue. 

    You can also interact with the team over Twitter/X @SophosHome


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Gladys,

    I have a work around which is to remove Sophos (and ultimately try to find another vendor if it's not eventually resolved). That works for me since it only appears to affect VMware based virtual machines (though I suspect this use case comes up quite a bit in the business world).

    I was merely reporting the issue to Sophos. I have logged into my Sophos Home account and created a ticket there that just duplicates the same information. I have now reported the same issue three times. I really don't care what happens now. You may use the information to improve your product, or you may choose to ignore it. I have done my part to try to help.

    Regards,

    Wayne.

Reply
  • Hi Gladys,

    I have a work around which is to remove Sophos (and ultimately try to find another vendor if it's not eventually resolved). That works for me since it only appears to affect VMware based virtual machines (though I suspect this use case comes up quite a bit in the business world).

    I was merely reporting the issue to Sophos. I have logged into my Sophos Home account and created a ticket there that just duplicates the same information. I have now reported the same issue three times. I really don't care what happens now. You may use the information to improve your product, or you may choose to ignore it. I have done my part to try to help.

    Regards,

    Wayne.

Children