Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 113 replies
  • Answers 1 answer
  • Subscribers 24 subscribers
  • Views 19161 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple PCs frozen right after update.

Sophos User5115

Over the last couple weeks, since we received the Core Agent update to 2.19.8 on 10/4, we've had multiple older machines freeze completely.  Screen freezes, no keyboard or mouse, NIC unresponsive.  We have to do a hard shut down to bring them down and back up.  Not positive that this update is the culprit, but on the computers that have been freezing 2 to 3 times a day, we uninstalled Sophos and they've been behaving for a couple days now. 

Models affected:  HP xw4400, HP xw4600, Z400.  All have been running Win10 21H1 with last update back in September.  "Newer" computers (e.g. Z420, Z4 G4) have not had this problem.  Event logs show nothing out of the ordinary around the time of crash.  

Just curious if anybody else has run into this in the last week.    



This thread was automatically locked due to age.
  • 0 in reply to Sophos User5115

    Tim, we (Sophos) probably have multiple issues, but I will put a 3/12/21 Windows HDD baseline in the one test PC and update Sophos to 2.19.8 core and see what happens. Laptop has 2.20.4.1 core and  running music, coming up on the 3 hr cliff mark.  Ran for 5 hours no problem. Drivers on laptops must be better??? Surely someone in Sophos development must have the insight into this! I reflect back on the movie, Space Cowboys... maybe they still need us old farts to solve the problems again. Miss those days, best mission was Apollo 13!  Duct tape and a determination to git er dun!!  I recall being in a situation back in '86 with a microprocessor system trying to capture why it was cratering. Simple communication collision. But the process to find it? Priceless.

  • 0

    Any updates from Sophos on what Sophos' problems are????  Sophos wants me to run MS Process Monitor and SDU logs. Can't do the PM part as the PC FREEZES BEFORE I CAN SAVE THE LOGS, DOH!  Maybe time to switch over to Linux....

  • 0 in reply to Ronald Woods

    I've been working with their support and they had me go through the same stuff.  After they were convinced that the PCs have a complete processor freeze and can't collect squat at the time of crash, they had me turn on the Sophos event log and are having me send it in every time it crashes.  Problem is, I have to remember to delete the log every few hours or so before it gets too big.  Haven't heard anything further though.       

  • 0 in reply to Ronald Woods

    I haven't heard anything yet.  I am basically waiting on updates from this thread as to what direction I go.  I have a case open but haven't bothered to send them anything because I am not going to waste my time sending them useless crap like they are having others already send.

  • 0 in reply to Tim Ingraham1

    yup, ahhh hears ya. Trying to sort out what Sophos did in conjunction with what MS is doing with Win updates is a can of worms. Finding the smoking gun(s) isn't going to be easy. One work around is to stop the SophosFileScanner from running when I play music. I even volunteered to send Sophos one of my spare Opt 780 PCs so they could test on!  The problem does NO occur on the older laptops I have nor on the newer PCs I purchased in prep for Win 11 and getting familiar with the newer H/W on these things, SSD on the MoBo etc. Still, something happened after Mar/May 2021 Windows updates, but not sure if Sophos did something between then and Oct 2021 when the freezes started. Are the Dell drivers "better" on the laptops than on the desktop PCs??? That's partly why I picked up a newer laptop and desktop that use SSD on MoBo in prep for Win 11. But I installed a SSD (SATA) on one of the older desktops that were freezing, but it still freezes, so it may not be disk access or maybe???

  • 0 in reply to Ronald Woods

    Well had an interesting event when testing, When the PC froze it also caused a high level of network collisions on my network or data transmission. Will watch for that next time I run tests...

  • 0 in reply to Ronald Woods

    I'd be interested to know, if you disable Tamper Protection, if enabled, then: Stop and disable the Sophos Auto Update Service.  Then stop the Sophos Protection Service. 

    After than, under

    %ProgramData%\Sophos\Endpoint Defense\Data\DecisionRulesV2\[number]\

    cut behave.dec to the desktop for example to get it out of the way, then start the SSP Service.

    Do you see the issue in this configuration?

    Also, relative to when the SSPService starts, how long does it take to hang?
    %ProgramData%\Sophos\Endpoint Defense\ssp.log
    has the line "A Starting SSP service" as a way to work it out, before or after.

    Thanks.

  • 0

    We are also seeing the same issues as everyone else on this thread.  Old Dell systems that were working fine locking up starting on September 15th.  All newer systems have no issues.  The Dell systems meet the specifications that Sophos support gave me when I originally opened a ticket with them in October.  Support asked for the same logs which of course you can't get when the systems lock up.  So they gave us a basic troubleshooting directions and closed the ticket on us.  I knew the issue was most likely Sophos since it happened in the middle of the month with no warning.  We did not update Windows at the time so it was not a Microsoft issue.  We were running Win 10 20H2.  The image was created in February with no issues till September.  We upgraded to Win 10 21H1 to see if it fixed any issues which it did not.  I even reimaged my test PC to Win 10 20H2 from February (no updates) still froze up.  I made sure drivers were updated as much as possible (no fix).  The only thing that resolved the issue was removing Sophos completely or a USB network adapter.  I have a few people able to get through a full day without freezing with the adapter but I was able to get my test PC to freeze on a second day of testing.  Sophos needs to step up to the plate to resolve this, at least with a temporary fix (get us the older version of the agent?)

  • 0 in reply to rockinronnie

    It seem there could be a chipset issue with the older hardware and Sophos.

    What is everyone running?
    We have HP 6000 Pro SFF

    Intel Core 2 DUO CPU's with Intel Q43 Express chipset

  • 0 in reply to Vman

    I agree with your assessment:

    Dell Optiplex 980 SFF

    Intel Core i5 CPU with Intel Q57 Express chipset

Unfiltered HTML