Two PCs in the organization I manage can no longer connect to any wi-fi(office, home or hotspot).
The users reported that the issue started on Thursday 16/06/2022. They were suddenly disconnected from the wi-fi they were connected to, and from tat time could no longer reconnect, or connect to any other wi-fi.
I have reset the wi-fi adapter, and attempted to update(using a LAN cable for internet connection) – but Microsoft reported that the driver is up to date.
However, after i uninstalled Sophos Intercept X Endpoint that was running on both PCs, they could connect to any wi-fi normally as before, but upon re-installation of the Endpoints, the issue came up again.
I formatted one the PCs and reloaded the Operating System. It could connect to wi-fi, but once I installed the Sophos Endpoint, it could no longer connect, - “Can’t connect to this network” is the message displayed after entering the wi-fi password.
I connected a USB wi-fi adapter(manufactured by Realtek) on one of the PCs, nd the PC could connect to wi-fi normally with it.
The PC model is HP 250 G2
OS is Windows 10 Pro
The wi-fi adapter model is QCWB335(written on the adapter card)
The wi-fi manufacturer is Qualcomm Atheros
*But the driver installed for it by Microsoft which had been working is Qualcomm-Atheros-QCA9565, as seen in Device Manager
I am suspecting that that there must have been an update from Sophos that is causing this abnormal behaviour, because all other systems in the organization are working fine right now.
I need help to fix this as soon as possible.
i have same problem happen today
As a test, if you disable Tamper Protection, then run in an admin prompt:
sc.exe stop SntpService
sc.exe stop sntp
does it then work again? Just curious if you can conclude it's the NTP component.
Thanks for your suggestion.
It worked, but after restarting the system, it could not connect.
There has to be a permanent solution to this.
I'm open to more suggestions until we get the permanent solution. Hopefully someone from Sophos should see this and address it.
OK, well at least we know the component. Next I would isolate the feature of the component.
In Sophos Central, there is the Threat Protection policy that is applied to the user or computer.
I would create a test Threat Protection policy and assign the computer to it. In that new policy change first the IPS setting to off:
This will change at the endpoint the intrusion_prevention_system_enabled DWORD from 1 to 0 (off) under:HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[revision]
Where: The revision "key" is pointed to by the latest value under the parent key,namely:HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter
Once you have Network Threat Protection up and running with IPS off, does it work?
If so, IPS is the issue, if not, leave IPS disabled and turn off the option above IPS: "Detection malicious connections..."
As IPS is off, the parent option will be disabled, i.e.:
After saving this policy, wait for the client to pickup the new policy, should be less than 1 minute.
You will get a new revision key, etc as evidence the policy has arrived.
Does it work then?
Hope it gets you nearer the issue.
Thanks a lot. I sincerely appreciate your time researching into it, but i don't think it is about the policy, since the same policy applies to the Endpoints on all the other PCs on the network which are not experiencing the issue. What do you think?
I have reached out a a Sophos agent for support, hoping to get a response from Technical Support soon.
I'l drop the update here as soon as i get a response, and the issue is fixed.
For the computers which are failing, I think you still need to try toggling the 2 features options in policy to know which is significant.