This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PC cannot connect to any wi-fi - Sophos Endpoint is not allowing it.

Hi everyone,

Two PCs in the organization I manage can no longer connect to any wi-fi(office, home or hotspot).

The users reported that the issue started on Thursday 16/06/2022. They were suddenly disconnected from the wi-fi they were connected to, and from tat time could no longer reconnect, or connect to any other wi-fi.

I have reset the wi-fi adapter, and attempted to update(using a LAN cable for internet connection) – but Microsoft reported that the driver is up to date.

However, after i uninstalled Sophos Intercept X Endpoint that was running on both PCs, they could connect to any wi-fi normally as before, but upon re-installation of the Endpoints, the issue came up again.

I formatted one the PCs and reloaded the Operating System. It could connect to wi-fi, but once I installed the Sophos Endpoint, it could no longer connect, - “Can’t connect to this network” is the message displayed after entering the wi-fi password.

I connected a USB wi-fi adapter(manufactured by Realtek) on one of the PCs, nd the PC could connect to wi-fi normally with it.

The PC model is HP 250 G2

OS is Windows 10 Pro

The wi-fi adapter model is QCWB335(written on the adapter card)

The wi-fi manufacturer is Qualcomm Atheros

*But the driver installed for it by Microsoft which had been working is Qualcomm-Atheros-QCA9565, as seen in Device Manager

 

I am suspecting that that there must have been an update from Sophos that is causing this abnormal behaviour, because all other systems in the organization are working fine right now.

I need help to fix this as soon as possible.

Thanks



This thread was automatically locked due to age.
Parents
  • As a test, if you disable Tamper Protection, then run in an admin prompt:

    sc.exe stop SntpService

    sc.exe stop sntp

    does it then work again?  Just curious if you can conclude it's the NTP component.

  • Hi,

    Thanks for your suggestion. 

    It worked, but after restarting the system, it could not connect.

    There has to be a permanent solution to this.

    I'm open to more suggestions until we get the permanent solution. Hopefully someone from Sophos should see this and address it.

  • OK, well at least we know the component. Next I would isolate the feature of the component.

    In Sophos Central, there is the Threat Protection policy that is applied to the user or computer.

    I would create a test Threat Protection policy and assign the computer to it.  In that new policy change first the IPS setting to off:

    This will change at the endpoint the intrusion_prevention_system_enabled DWORD from 1 to 0 (off) under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[revision]

    Where: The revision "key" is pointed to by the latest value under the parent key,namely:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter

    Once you have Network Threat Protection up and running with IPS off, does it work?

    If so, IPS is the issue, if not, leave IPS disabled and turn off the option above IPS: "Detection malicious connections..."

    As IPS is off, the parent option will be disabled, i.e.:

    After saving this policy, wait for the client to pickup the new policy, should be less than 1 minute.

    You will get a new revision key, etc as evidence the policy has arrived.

    Does it work then?

    Hope it gets you nearer the issue.

Reply
  • OK, well at least we know the component. Next I would isolate the feature of the component.

    In Sophos Central, there is the Threat Protection policy that is applied to the user or computer.

    I would create a test Threat Protection policy and assign the computer to it.  In that new policy change first the IPS setting to off:

    This will change at the endpoint the intrusion_prevention_system_enabled DWORD from 1 to 0 (off) under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[revision]

    Where: The revision "key" is pointed to by the latest value under the parent key,namely:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter

    Once you have Network Threat Protection up and running with IPS off, does it work?

    If so, IPS is the issue, if not, leave IPS disabled and turn off the option above IPS: "Detection malicious connections..."

    As IPS is off, the parent option will be disabled, i.e.:

    After saving this policy, wait for the client to pickup the new policy, should be less than 1 minute.

    You will get a new revision key, etc as evidence the policy has arrived.

    Does it work then?

    Hope it gets you nearer the issue.

Children