Intercept X on Windows Server 2016 - unable to backup/create VSS for host

Just in case you stumble on Sophos Central Server: Volume Shadow Copy backups randomly fail - There was a Microsoft bug exposed by Sophos Health and its use of transactional registry writing. There is a chance that Microsoft have fixed the underlying cause and Sophos Health no longer users transactional registry writing. So I'm sure this is not it.

Can you reproduce the error on demand?

Is it 100% reproducible?  Hopefully as it will make troubleshooting easier.

Yes. It is reproducable. Backup doesn't run  any more! Tried the reg key setting without success.

Error 513 loffowed by error 517 in evenlog.

Yes. It is reproducable. Backup doesn't run  any more! Tried the reg key setting without success.

Error 513 loffowed by error 517 in evenlog.

Isolating the component that might be interacting would be my first tests given that you can reproduce it easily it seems. There are really 3 main components to focus on: HMPA, SAV and the Core agent. I would try:

1. Rename hmpalert.sys from \windows\system32\drivers\ and reboot.  This will eliminate HMPA from the issue.
Does it work?

2. Add a realtime scanning exclusion of C: and any other drive for this computer creating a new threat protection policy and linking this one computer to it.  This would at least prove that scanning is related.
You should see under the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\Scanning\Config
in the OnAccessExcludeFilePaths value, the drives, e.g. C: D: as a test the policy has arrived.
Does it work?

3. Stop the SAV components of interest from an admin prompt, i.e. the service and unloading the driver by running:
net stop savservice
fltmc unload savonacess

Check running fltmc.exe that savonaccess is not loaded.
Does it work?

4. Rename sophosed.sys under \windows\system32\drivers\
Reboot
Does it work?

These are all high level checks to help narrow down which component could be involved.