Latest W10 Feature Update + Sophos = unbootable machine?

Hi all, anyone have machines that were rendered unbootable over the past few weeks?

I've had 6 laptops do the same thing, where they get to the Windows spinning circle and then a black screen. Recovery tools dont work, safe mode also wont boot. Rebuild is necessary.

The machines arent all from the same vendor, and its highly unlikely that 6 (all less than 6 months old) machines would die within a week of each other.

They all do have Sophos central with Intercept X, I wanted to check to see if anyone else had this problem?

Thanks,

Nathan

Top Replies

  • Hi

    What is the version of the Sophos installed? Could you please perform the steps mentioned in this article in any one of the machines and see if you are able to find the exact component causing…

Parents
  • We've run in to the very same thing the past week.  I have 7 machines now that have become inoperable.  I can't prove that its Sophos Endpoint as the cause of this, but this all started with each of these machines having issues with sophos services being in error.

    It was quite difficult to actually get Sophos removed, but even when I did, it seems the damage was already done.  Still investigating, but I haven't found a solution other than a clean install at this point.

  • Hi Andy, what kind of errors are you getting? So far I've been getting either the black spinning circle on bootup then nothing, or BSOD 0xc0000017 which I'm unable to repair, majority now are BSOD, havent had a spinning circle for a few weeks.

    I haven't narrowed it down, but I feel that it has something to do with 1803-1903, as all machines I've had are those builds, 2004 and 20H2 haven't had the problem (but I dont have many of those).

    Funnily enough its only laptops, haven't had the problem on a desktop yet, and we have around a 50/50 split of around 170 machines. Weve had around 15 machines crash so far, but I've been forcing all machines up to 20H2, so hopefully it goes away.

  • We are almost exclusively on 20H2, sorry to say.  No blue screens yet, however my primary culprit machines stuck on the W10 "Restarting" message, the black spinning circle as you mentioned, or a permanent hang on "Applying Local Users and Group Policy".  In my case, simply unplugging the network cable before I restart typically works just fine.  Once I get the login screen, I can then get in no problem.  If I restart while network is connected, it'll never make it back to a login screen.

    On the machines where I have actually been able to get Sophos uninstalled using SophosZap, things don't really return to normal.  I still have issues running MS Updates, reboots, etc.  It just seems like some very odd issues involving, sophos, networking, and the boot process.  So far it seems like once it happens, there is no recovering from it.  I have 10 cases of this so far out of about 150 machines.

    Very frustrating, and without trying to come across as a jerk, sophos support hasn't been real interested in trying to troubleshoot with me.  I havent gotten much more than a few articles about verifying whitelist settings for my proxy and firewall, lol.  I've reached out to our reseller to see if they have any type of escalation process, so I'll definitely post if I come up with anything.

Reply
  • We are almost exclusively on 20H2, sorry to say.  No blue screens yet, however my primary culprit machines stuck on the W10 "Restarting" message, the black spinning circle as you mentioned, or a permanent hang on "Applying Local Users and Group Policy".  In my case, simply unplugging the network cable before I restart typically works just fine.  Once I get the login screen, I can then get in no problem.  If I restart while network is connected, it'll never make it back to a login screen.

    On the machines where I have actually been able to get Sophos uninstalled using SophosZap, things don't really return to normal.  I still have issues running MS Updates, reboots, etc.  It just seems like some very odd issues involving, sophos, networking, and the boot process.  So far it seems like once it happens, there is no recovering from it.  I have 10 cases of this so far out of about 150 machines.

    Very frustrating, and without trying to come across as a jerk, sophos support hasn't been real interested in trying to troubleshoot with me.  I havent gotten much more than a few articles about verifying whitelist settings for my proxy and firewall, lol.  I've reached out to our reseller to see if they have any type of escalation process, so I'll definitely post if I come up with anything.

Children
No Data