This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PC cannot connect to any wi-fi - Sophos Endpoint is not allowing it.

Hi everyone,

Two PCs in the organization I manage can no longer connect to any wi-fi(office, home or hotspot).

The users reported that the issue started on Thursday 16/06/2022. They were suddenly disconnected from the wi-fi they were connected to, and from tat time could no longer reconnect, or connect to any other wi-fi.

I have reset the wi-fi adapter, and attempted to update(using a LAN cable for internet connection) – but Microsoft reported that the driver is up to date.

However, after i uninstalled Sophos Intercept X Endpoint that was running on both PCs, they could connect to any wi-fi normally as before, but upon re-installation of the Endpoints, the issue came up again.

I formatted one the PCs and reloaded the Operating System. It could connect to wi-fi, but once I installed the Sophos Endpoint, it could no longer connect, - “Can’t connect to this network” is the message displayed after entering the wi-fi password.

I connected a USB wi-fi adapter(manufactured by Realtek) on one of the PCs, nd the PC could connect to wi-fi normally with it.

The PC model is HP 250 G2

OS is Windows 10 Pro

The wi-fi adapter model is QCWB335(written on the adapter card)

The wi-fi manufacturer is Qualcomm Atheros

*But the driver installed for it by Microsoft which had been working is Qualcomm-Atheros-QCA9565, as seen in Device Manager

 

I am suspecting that that there must have been an update from Sophos that is causing this abnormal behaviour, because all other systems in the organization are working fine right now.

I need help to fix this as soon as possible.

Thanks



This thread was automatically locked due to age.
Parents
  • Dell branded notebook cannot connect to any wifi - Sophos Endpoint is not allowing it.
    
    Unable to connect to this network!
    I have the same problem for 3 days without connecting?
  • I assume it has a Qualcomm Atheros NIC.  If you disable IPS in policy (threat protection). 

    This will change at the endpoint the intrusion_prevention_system_enabled DWORD from 1 to 0 (off) under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[revision]

    Where: The revision "key" is pointed to by the latest value under the parent key, namely:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter

    Assuming you can get it on the network to get the policy to get that policy from Central.  To do that you might have to:

    - Connect it to the internet with a different NIC and wait for the policy.  Then reboot.

    or:

    - Disable Tamper Protection locally if enabled for which you will need the password from Sophos Central. 
    Stop the Sophos Network Threat Protection service. This should allow you to connect to the wireless network to get the policy that has been set in Central to disable IPS. Again check the above registry key to confirm.  Then reboot or start the Sophos Network Threat Protection service.  At this point it should work with just IPS disabled.

    or:

    -  Disable Tamper Protection locally if enabled for which you will need the password from Sophos Central.
    Set the DWORD intrusion_prevention_system_enabled to 0 from 1 as mentioned above and then restart the Sophos Network Threat Protection service.  This should allow you to connect.  The danger being, that if the policy in Central isn't changed to disable IPS, the policy could get re-applied.

    Can you confirm this works? 

    If you don't have access to Sophos Central you might need to ask the person who does.

Reply
  • I assume it has a Qualcomm Atheros NIC.  If you disable IPS in policy (threat protection). 

    This will change at the endpoint the intrusion_prevention_system_enabled DWORD from 1 to 0 (off) under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[revision]

    Where: The revision "key" is pointed to by the latest value under the parent key, namely:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter

    Assuming you can get it on the network to get the policy to get that policy from Central.  To do that you might have to:

    - Connect it to the internet with a different NIC and wait for the policy.  Then reboot.

    or:

    - Disable Tamper Protection locally if enabled for which you will need the password from Sophos Central. 
    Stop the Sophos Network Threat Protection service. This should allow you to connect to the wireless network to get the policy that has been set in Central to disable IPS. Again check the above registry key to confirm.  Then reboot or start the Sophos Network Threat Protection service.  At this point it should work with just IPS disabled.

    or:

    -  Disable Tamper Protection locally if enabled for which you will need the password from Sophos Central.
    Set the DWORD intrusion_prevention_system_enabled to 0 from 1 as mentioned above and then restart the Sophos Network Threat Protection service.  This should allow you to connect.  The danger being, that if the policy in Central isn't changed to disable IPS, the policy could get re-applied.

    Can you confirm this works? 

    If you don't have access to Sophos Central you might need to ask the person who does.

Children
No Data