This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple PCs frozen right after update.

Over the last couple weeks, since we received the Core Agent update to 2.19.8 on 10/4, we've had multiple older machines freeze completely.  Screen freezes, no keyboard or mouse, NIC unresponsive.  We have to do a hard shut down to bring them down and back up.  Not positive that this update is the culprit, but on the computers that have been freezing 2 to 3 times a day, we uninstalled Sophos and they've been behaving for a couple days now. 

Models affected:  HP xw4400, HP xw4600, Z400.  All have been running Win10 21H1 with last update back in September.  "Newer" computers (e.g. Z420, Z4 G4) have not had this problem.  Event logs show nothing out of the ordinary around the time of crash.  

Just curious if anybody else has run into this in the last week.    



This thread was automatically locked due to age.
Parents
  • Massive update from Sophos. I have been pushing Sophos support, manager & escalation.

    Apparently they have made changes with the threat control policy and how they work.

    Sophos have made this change today and all should start to work better now. with no client updates needed.

    We are working past our freeze window of about 3 hours and almost into our 4th hour.

  • Gotta say, I went the whole day without crashing on my test machine.  About time.  I'd like to know exactly what the cause was.  

  • All MS modules, you mean the audiodg is MS module or?   So I wonder if MS did something too since May, when I was able to play music. I don't have any BUs for Sept to isolate MS or Sophos. Did the dump on audiodg in the new Opt 5090 desktop and got a momentary interruption (buzz), then it recovered after the dump completed.  I have a March '21 BU disk and I'll see if I can get to MS present baseline w/o Sophos update to see what happens and test the audiodg dump on the Mar '21 baseline BU disk before I do any updates.

  • Reading What is AUDIODG.EXE? | Microsoft Docs as a bit of background, it has this statement:

    The first is that there's 3rd party code that gets loaded into audiodg.exe.  Audio hardware vendors have the ability to install custom DSPs (called Audio Processing Objects or APOs) into the audio pipeline.

    So it would suggest that third party non-Microsoft DLLs can be loaded into it.  But if I look on my computer with the problem, all the modules are Microsoft, it's not like there is some fancy third party audio processing going on.

    I believe a quick hang is fine when you initiate a dump of the process, as that is the process being suspended to take the dump but it recovers in a fraction of a second.  The machines suffering from this issue just buzz and hang I suspect.

    What is really frustrating is you can't crash the computer to get a dump file when hung.  I've tried keyboard (crash on ctrl scroll, power button holds) and remote kernel debugging over serial cable and the network interface. It's not possible to break into the machine.

  • SO is Sophos taking a dump of exe and dll for virus scanning? This wasn't a problem back in Mar/May 2021. I see audiodg.exe has a file date stamp of 13 Oct 2021 and was updated 9 Nov 2021, but who updated it?  Will check other BUs and see what I find. When I run the Win 10 32 bit PC, there is no freeze!

  • We did not use Audio to create our issue.

    Our users all used Amazon AWS Workspaces (VDI's) and always just over 3 hours into user turn on and use of their systems and the connection it would freeze the system.

    Yes we have the same hardware but why on the 3 hour mark?

  •  I believe the background memory scan runs every 3 hours, relative to the SSPService starting.

  • Interesting, but the timer would only start when I started to play music on my systems. Other wise I had no freezing. It seems if Sophos scanned the audiodg.exe 3 hrs after it started, that would explain the freeze. I tried to test things by stopping the music before the 3 hr mark, then start playing a little while later and it would freeze well before the next 3 hr time. Wonder if Sophos kept a log of exes that had run and the time of those starting. I was going to test things by waiting for more than 3 hrs and then starting the music, but never got around to it. Key issue is audiodg.exe, but what did Sophos do to stop the system from freezing? Did it keep some exes from being scanned? Where would that list of exceptions be kept?  Any comments back from Sophos, although it is the weekend...

    nice work/analysis users!!!

  • I wonder what USER5115 had running on their systems that hung the system? Mine only hung when music played. Didn't see any comments about items/apps that were playing that caused freezes. Concerned now about hackers identifying  what exes are on the exception list and corrupting those exes.

  • No music or sounds caused it for me.  PCs were for the most part only used as dummy remote desktop clients, particularly the one I was testing on.   I usually leave it on all night and some days it would already be frozen when I got into work.  The only time I could get it to not crash was to not have anything plugged into it.  No crashes Friday though.  I'll give it a few days next week to make sure before I start turning everyone's policy back on.  

  • Network driver files got scanned?? causing a freeze.  I did check the two audio files, audiodg.exe, one on a 3/12/21 HDD and the other on the present HDD 11/20/21 and using Beyond Compare I compared binary wise the two versions. They were different and different vs # and dates, old one was 10.0.19041.804 digital date/size 1/28/21 585,224 bytes, the other 10.0.19041.1320   date/size 10/13/21  585,240 bytes   What sys files were used in your network connections? I have Intel 82567LM-3

  • So far so good, but did get a momentary 1/10th sec buzz when playing music on Youtube every now and then. Haven't been able to pin point the process running that causes it or why it's picking on Youtube.

Reply Children
No Data