This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PDF Viewing via Edge and Chrome is freezing since Sophos

We're rolling out Sophos Central Endpoint Advanced to a firm that use to have Panda 360. The migration is going fine but have several machines with the same problem. That is if Adobe Reader is not installed OR is not the default program to open PDFs, then either Edge or Chrome opens the PDF and freezes/locks up when either saving the file or printing it, viewing is absolutely fine. It has only ever started to occur since the introduction of Sophos. I know this because the rest of machines with Panda still in use, dont have this issue and never have.

At this stage I dont know if the issue only affects those on VPN. The firm has a lot working from home and so far it seems to affect those on SSL VPN via their Sophos UTM device. I've yet to hear anyone in the office(s) have the same issue.

I've turned off Remote File Scanning, made no difference.

Out of interest, has anyone else experienced this?



This thread was automatically locked due to age.
Parents
  • Could be many features/layers.  Given it's easy to reproduce it shouldn't take long to narrow down the feature.

    I would suggest the following approach:

    1. Create a new threat protection policy and link it to a test computer with the issue.

    2. In the advanced section of the policy, disable this option:

     Turn on anti-ransomware protection and all exploit mitigations

    When the client receives this policy, it will set the Hitman Pro service and driver to manual startup.  It will prompt to reboot the computer.

    After the reboot. Try and reproduce the issue.  If it works, then it's a HMPA problem, if not, then it has ruled out HMPA.

    This is a good first distinction.

    ---

    The next test, would be to disable some of the Network Threat Protection features.  I would start by disabling the following options in the Threat Protection policy:

    Does it work then??

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\[uniqueid]\web_protection

    web_scanning_enabled = 0 would be good evidence the policy has arrived.

    I would probably also create a new Web Control policy for this test computer and link that.  If you disable Web Control in that policy, as well you should see that the process SophosNetFilter.exe exits.  It is a child process of the SophosNTPService.exe process.

    I would suggest restarting and then re-test.

    ---

    Maybe you can report back the out come of these tests.

Reply
  • Could be many features/layers.  Given it's easy to reproduce it shouldn't take long to narrow down the feature.

    I would suggest the following approach:

    1. Create a new threat protection policy and link it to a test computer with the issue.

    2. In the advanced section of the policy, disable this option:

     Turn on anti-ransomware protection and all exploit mitigations

    When the client receives this policy, it will set the Hitman Pro service and driver to manual startup.  It will prompt to reboot the computer.

    After the reboot. Try and reproduce the issue.  If it works, then it's a HMPA problem, if not, then it has ruled out HMPA.

    This is a good first distinction.

    ---

    The next test, would be to disable some of the Network Threat Protection features.  I would start by disabling the following options in the Threat Protection policy:

    Does it work then??

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\[uniqueid]\web_protection

    web_scanning_enabled = 0 would be good evidence the policy has arrived.

    I would probably also create a new Web Control policy for this test computer and link that.  If you disable Web Control in that policy, as well you should see that the process SophosNetFilter.exe exits.  It is a child process of the SophosNTPService.exe process.

    I would suggest restarting and then re-test.

    ---

    Maybe you can report back the out come of these tests.

Children
No Data