Windows 2020 H2 - Sophos Antivirus service fails and puts computer into self isolation

Just raised case with sophos support - running sophos core agent 2.10.7 beta, endpoint advanced 10.8.9.1 beta and sophos Intercept x 2.0.18 Beta.  

Ran windows update for 2020 H2 and sophos put device into self isolate as Antivirus service cannot run (just says starting and error -2147467259

  • Anything of use in the startup log?

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp

  • Hi

    How many machines are facing this issue? Check out the steps listed in this article and see if it helps to fix the issue. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Not sure - haven't had a chance to look at it in more detail... but this is from the earliest startup log when PC was having the problem.

    We did get the laptop working again...but not ideal - and at moment Sophos want to just close the ticket because we manually got the device back to working state.- but it leaves me concerned as this happened to be the first device that got the Windows 2020 H2 update. As of yet, I don't know if an isolated incident or going to be a general problem

    1.by taking the laptop out of Self-isolate policy on Sophos central.

    2.manually restarting Sophos Device control service ( antivirus service still failed and showed as red status)

    3. reboot Laptop

    3. push a manual update from Sophos central.

    4. could see on the laptop - Sophos receiving an update.

    5. once update completed - after a couple of minutes - Sophos status showed all green (antivirus started) - and laptop back to normal.

    2020-10-21 14:49:42 Entering wWinMain
    2020-10-21 14:49:42 Entering CInfrastructureModule::ServiceMain
    2020-10-21 14:49:42 Entering CInfrastructureModule::PreMessageLoop
    2020-10-21 14:49:42 CInfrastructureModule::StartComponentManager: Creating marshalling wrapper instance
    2020-10-21 14:49:42 CMarshallingWrapper::CMarshallingWrapper: AtlMarshalPtrInProc (m_IComponentManagerStream)() returned 0x80040155
    2020-10-21 14:49:42 Exception caught in CInfrastructureModule::PreMessageLoop
    2020-10-21 14:49:42 CEventLogger::LogEventError unable to log the following error to the EventLog: a0030000 CInfrastructureModule::PreMessageLoop (null) (null)

    2020-10-21 14:49:42 Leaving CInfrastructureModule::PreMessageLoop
    2020-10-21 14:49:52 Leaving CInfrastructureModule::ServiceMain
    2020-10-21 14:49:52 Leaving wWinMain