This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple PCs frozen right after update.

Over the last couple weeks, since we received the Core Agent update to 2.19.8 on 10/4, we've had multiple older machines freeze completely.  Screen freezes, no keyboard or mouse, NIC unresponsive.  We have to do a hard shut down to bring them down and back up.  Not positive that this update is the culprit, but on the computers that have been freezing 2 to 3 times a day, we uninstalled Sophos and they've been behaving for a couple days now. 

Models affected:  HP xw4400, HP xw4600, Z400.  All have been running Win10 21H1 with last update back in September.  "Newer" computers (e.g. Z420, Z4 G4) have not had this problem.  Event logs show nothing out of the ordinary around the time of crash.  

Just curious if anybody else has run into this in the last week.    



This thread was automatically locked due to age.
Parents
  • Any updates from Sophos on what Sophos' problems are????  Sophos wants me to run MS Process Monitor and SDU logs. Can't do the PM part as the PC FREEZES BEFORE I CAN SAVE THE LOGS, DOH!  Maybe time to switch over to Linux....

  • I haven't heard anything yet.  I am basically waiting on updates from this thread as to what direction I go.  I have a case open but haven't bothered to send them anything because I am not going to waste my time sending them useless crap like they are having others already send.

  • yup, ahhh hears ya. Trying to sort out what Sophos did in conjunction with what MS is doing with Win updates is a can of worms. Finding the smoking gun(s) isn't going to be easy. One work around is to stop the SophosFileScanner from running when I play music. I even volunteered to send Sophos one of my spare Opt 780 PCs so they could test on!  The problem does NO occur on the older laptops I have nor on the newer PCs I purchased in prep for Win 11 and getting familiar with the newer H/W on these things, SSD on the MoBo etc. Still, something happened after Mar/May 2021 Windows updates, but not sure if Sophos did something between then and Oct 2021 when the freezes started. Are the Dell drivers "better" on the laptops than on the desktop PCs??? That's partly why I picked up a newer laptop and desktop that use SSD on MoBo in prep for Win 11. But I installed a SSD (SATA) on one of the older desktops that were freezing, but it still freezes, so it may not be disk access or maybe???

Reply
  • yup, ahhh hears ya. Trying to sort out what Sophos did in conjunction with what MS is doing with Win updates is a can of worms. Finding the smoking gun(s) isn't going to be easy. One work around is to stop the SophosFileScanner from running when I play music. I even volunteered to send Sophos one of my spare Opt 780 PCs so they could test on!  The problem does NO occur on the older laptops I have nor on the newer PCs I purchased in prep for Win 11 and getting familiar with the newer H/W on these things, SSD on the MoBo etc. Still, something happened after Mar/May 2021 Windows updates, but not sure if Sophos did something between then and Oct 2021 when the freezes started. Are the Dell drivers "better" on the laptops than on the desktop PCs??? That's partly why I picked up a newer laptop and desktop that use SSD on MoBo in prep for Win 11. But I installed a SSD (SATA) on one of the older desktops that were freezing, but it still freezes, so it may not be disk access or maybe???

Children
  • Well had an interesting event when testing, When the PC froze it also caused a high level of network collisions on my network or data transmission. Will watch for that next time I run tests...

  • I'd be interested to know, if you disable Tamper Protection, if enabled, then: Stop and disable the Sophos Auto Update Service.  Then stop the Sophos Protection Service. 

    After than, under

    %ProgramData%\Sophos\Endpoint Defense\Data\DecisionRulesV2\[number]\

    cut behave.dec to the desktop for example to get it out of the way, then start the SSP Service.

    Do you see the issue in this configuration?

    Also, relative to when the SSPService starts, how long does it take to hang?
    %ProgramData%\Sophos\Endpoint Defense\ssp.log
    has the line "A Starting SSP service" as a way to work it out, before or after.


    Thanks.