This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple PCs frozen right after update.

Over the last couple weeks, since we received the Core Agent update to 2.19.8 on 10/4, we've had multiple older machines freeze completely.  Screen freezes, no keyboard or mouse, NIC unresponsive.  We have to do a hard shut down to bring them down and back up.  Not positive that this update is the culprit, but on the computers that have been freezing 2 to 3 times a day, we uninstalled Sophos and they've been behaving for a couple days now. 

Models affected:  HP xw4400, HP xw4600, Z400.  All have been running Win10 21H1 with last update back in September.  "Newer" computers (e.g. Z420, Z4 G4) have not had this problem.  Event logs show nothing out of the ordinary around the time of crash.  

Just curious if anybody else has run into this in the last week.    



This thread was automatically locked due to age.
Parents
  • Massive update from Sophos. I have been pushing Sophos support, manager & escalation.

    Apparently they have made changes with the threat control policy and how they work.

    Sophos have made this change today and all should start to work better now. with no client updates needed.

    We are working past our freeze window of about 3 hours and almost into our 4th hour.

Reply
  • Massive update from Sophos. I have been pushing Sophos support, manager & escalation.

    Apparently they have made changes with the threat control policy and how they work.

    Sophos have made this change today and all should start to work better now. with no client updates needed.

    We are working past our freeze window of about 3 hours and almost into our 4th hour.

Children
  • None of my product versions have changed since the other day. Will run tests and see...

  • Well, by golly, by gee, My systems are running, no freeze, and have passed the 3 hr music playing mark even when the SophosFileScanner process is running, which is exactly where it would freeze the system. So will let it run a few more hours and see. Hopefully, the rest of you have the same good results..

  • Gotta say, I went the whole day without crashing on my test machine.  About time.  I'd like to know exactly what the cause was.  

  • Yup, me too on the cause. I pestered Sophos on various issues related to what I saw happening on the process level and got NO response from the "rep" handling my case and was passed from one case handler to another. Guess I was too much of a hot potato to deal with. Devil's in the details!! Keep pestering Sophos for the cause and maybe we'll get an answer, but it might be too deep in the process level to explain or gives away trade secrets on how they deal with threats. Been running since 13:34 PST and now is 18:19 PST w/o a freeze. Hope it holds and they haven't pushed the bubble to some other corner of the S/W. Hope others are having the same good results.

  • Hi Ronald, Maybe you can test my theory below? Thanks.

  • Will give it a try. "Process Hacker"?  My audio is on the MoBo, no separate card.  I see audiodg in the Resource Monitor but not Task Manager. Not sure how to get a dump of audiodg.

  • I also played music continuously on 3 different PCs since 3PM until this morning. No freezing of PCs.

  • USER930...  OK...Found the advanced tab of TM and tried the dump of audiodg while music playing (VLC media Player.....  Got the msg,  "Pls wait while process written to file, then the buzzing on speakers and freeze. These are on tower PCs not laptops. I never had laptop hangs when playing music, just the towers, EXCEPT the newer Optiplex 5090 desktop, which I thought, Verrrrry eeeenteresting".  Old audio chip issues???

  • I guess that proves it. Reading the memory of audiodg.exe process while it is playing audio is the trigger. I reproduced this on a HP Compaq 6000 with on board sound. Interestingly if I disable the on board sound card and use a USB one it’s fine. I suspected maybe a third party module in audiodg for the card but Process Explorer doesn’t suggest this is the case. All Microsoft modules. 

  • All MS modules, you mean the audiodg is MS module or?   So I wonder if MS did something too since May, when I was able to play music. I don't have any BUs for Sept to isolate MS or Sophos. Did the dump on audiodg in the new Opt 5090 desktop and got a momentary interruption (buzz), then it recovered after the dump completed.  I have a March '21 BU disk and I'll see if I can get to MS present baseline w/o Sophos update to see what happens and test the audiodg dump on the Mar '21 baseline BU disk before I do any updates.