Over the last couple weeks, since we received the Core Agent update to 2.19.8 on 10/4, we've had multiple older machines freeze completely. Screen freezes, no keyboard or mouse, NIC unresponsive. We have to do a hard shut down to bring them down and back up. Not positive that this update is the culprit, but on the computers that have been freezing 2 to 3 times a day, we uninstalled Sophos and they've been behaving for a couple days now.
Models affected: HP xw4400, HP xw4600, Z400. All have been running Win10 21H1 with last update back in September. "Newer" computers (e.g. Z420, Z4 G4) have not had this problem. Event logs show nothing out of the ordinary around the time of crash.
Just curious if anybody else has run into this in the last week.
If anyone is still having the issue, I suspect the issue is with some form of memory scanning.
If you use Process Hacker to inspect the memory (memory tab) of the audiodg,exe process, regardless of Sophos…
Our customer has same problem with HP Compaq 8100 Elite CMT PCs since October, and now they find that the freeze often occurs when Google Chrome is opened.
The same, it will not freeze after removing Sophos Endpoint.
I'm glad I'm not the only one, though it doesn't seem to matter whether chrome is involved or not. So far the majority of the computers that have been crashing are just used for RDP and nothing else because of their age.
Are you able to force a complete or active dump of the computer when in the hung state? Say 30 seconds after it's hung? This is the information of most use here I would say.
Turned on the dump on power off, but the last couple computers that crashed with didn't dump anything. I noticed the event log lists that the unexpected shutdown is always at the time of the freeze rather than when it's actually powered off.
Maybe try the crash on ctrl scroll option, or change the keys if you don't have a scroll lock. A complete dump is the best way forward for a hang otherwise you could be trying settings for weeks if it's not reproducible.
No dice with that either. Computers are completely unresponsive and take no input. The event log considers them shutdown in this state even when they are still technically on.