This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PDF Viewing via Edge and Chrome is freezing since Sophos

We're rolling out Sophos Central Endpoint Advanced to a firm that use to have Panda 360. The migration is going fine but have several machines with the same problem. That is if Adobe Reader is not installed OR is not the default program to open PDFs, then either Edge or Chrome opens the PDF and freezes/locks up when either saving the file or printing it, viewing is absolutely fine. It has only ever started to occur since the introduction of Sophos. I know this because the rest of machines with Panda still in use, dont have this issue and never have.

At this stage I dont know if the issue only affects those on VPN. The firm has a lot working from home and so far it seems to affect those on SSL VPN via their Sophos UTM device. I've yet to hear anyone in the office(s) have the same issue.

I've turned off Remote File Scanning, made no difference.

Out of interest, has anyone else experienced this?



This thread was automatically locked due to age.
  • Hi SGICT,

    Do you know if the files users interact with are stored locally on their devices, or are the files being accessed from a file share? If files are being accessed from a file share, could you try copying those files locally to see if it returns the same behaviour? 

    Let me know if turning off the scanning feature "Protect from remotely run ransomware" results in any improvements. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Could be many features/layers.  Given it's easy to reproduce it shouldn't take long to narrow down the feature.

    I would suggest the following approach:

    1. Create a new threat protection policy and link it to a test computer with the issue.

    2. In the advanced section of the policy, disable this option:

     Turn on anti-ransomware protection and all exploit mitigations

    When the client receives this policy, it will set the Hitman Pro service and driver to manual startup.  It will prompt to reboot the computer.

    After the reboot. Try and reproduce the issue.  If it works, then it's a HMPA problem, if not, then it has ruled out HMPA.

    This is a good first distinction.

    ---

    The next test, would be to disable some of the Network Threat Protection features.  I would start by disabling the following options in the Threat Protection policy:

    Does it work then??

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\[uniqueid]\web_protection

    web_scanning_enabled = 0 would be good evidence the policy has arrived.

    I would probably also create a new Web Control policy for this test computer and link that.  If you disable Web Control in that policy, as well you should see that the process SophosNetFilter.exe exits.  It is a child process of the SophosNTPService.exe process.

    I would suggest restarting and then re-test.

    ---

    Maybe you can report back the out come of these tests.

  • Many thanks for the replies. Its Easter holidays now so wont be able to test until at least next Tuesday.

    The files are local and only occurs when PDFs are viewed via the browsers. So the user will log onto a website, download the PDF (locally) but as soon as they view it in the browser that is when the program freezes.

    Will report back