For a few days we have been receiving computers from our employees where the login no longer works:
When entering the user name, the keyboard hung or you couldn't get rid of the start image.If I managed to log in, the screen remained black.
The "Hitmanpro.alert service" caused the problem: after disabling it in safe mode, everything worked fine again. There seems to be a connection with the Windows Update problems from May. We could no longer trace exactly which patches it was.Maybe it help someone else
Thanks for reaching out to the Sophos Community Forum.
Could you try running the command "fltmc" in an Admin Command Prompt? This will display the drivers that are loaded into your system. I would like to see if there is anything additional loaded that may conflict.
If you haven't already, I recommend opening a support case with our team so that we can take a closer look into the issue with you.
After having removed Sophos from the affected devices, does re-deploying Sophos onto the system cause the issue to return?
thanks. here are the results from fltmc. Hitman service is deactivated her.We do not re-deploying Sophos until yet, because we had first to repair the 12 PC´s. I will test redeploying Sophos soon and post results here
Filtername Anzahl von Instanzen Höhe Frame
----------------------------- -------------------- ---- -----
bindflt 1 409800 0
Sophos Endpoint Defense 1 389220 0
hmpalert 0 345800 0
SAVOnAccess 4 324000 0
storqosflt 0 244000 0
wcifs 1 189900 0
CldFlt 1 180451 0
FileCrypt 0 141100 0
luafv 1 135000 0
npsvctrig 1 46000 0
Wof 2 40700 0
FileInfo 4 40500 0
I suggest checking if signing in to a local account on one of the affected devices returns any different results. If roaming profiles are being used, there is a chance that the user profile is not being received successfully on the local device or is not loading up in time.
Looks like Windows updates are now also causing a similar problem with TrendMicro in connection with ransom protection.
It really amazes me that the same thing happened to us with Sophos and I can't find anyone else. Am I always too early with Microsoft patches?