This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple computers getting netio.sys BSOD after 2022.2.1.9 update

We're having an outbreak of DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD's in driver NETIO.SYS. Netio.sys caused BSOD's are usually tied to network drivers but that doesn't make sense because this started happening all of a sudden on multiple computers. These are fully patched/updated Windows 10 Pro computers. The common thing we're seeing is Sophos was updated to version 2022.2.1.9 around 7/20/22 on all of them. Any insight from Sophos on if the blue screen of death crashes are being caused by the latest version of Sophos? 

This thread was automatically locked due to age.
  • If you are experiencing this issue, please check the following:

    If your system is joined to the EAP, please turn off IPS in the Threat Protection policy and save, OR remove the system from the EAP and then test.

    We have seen some network drivers cause a conflict with IPS when running at a lower level (For modern standby support), which was part of the 2022.1 and higher releases. This can then cascade into a problem with core windows drivers. These appear to be heavily network adapter chipset and driver specific.

    James Magnan
    Technical Team Lead, Global Escalations

  • We have not joined any early access programs. I've created a custom Threat Protection policy that disables the following:

    Real-time Scanning - Local Files and Network Shares

    Real-time Scanning - Internet

    Protect critical functions in web browsers (Safe Browsing)

    Protect web browsers

    Protect web browser plugins

    Protect network traffic

    AMSI Protection

    We still continue to experience random crashes. Sophos Support hasn't replied since I provided SDU logs yesterday. This has become a big problem. 

  • Can you please let me know your ticket number and I'll make sure it gets looked at.

  • Thanks James. I just sent you a PM with the ticket number. 

  • Hey BBallLAL,

    Are you still having this issue? Have you found a fix? We are just starting to experience the same BSODs starting this week.

  • Only temporay fix is to disable all three settings under ‘Real-time Scanning – Internet’ and ‘Web Control’. Development seems to be clueless on a fix. They asked if we could provide our Cisco AnyConnect software along with a VPN account for them to test with, we can't exactly give them access to our internal network so we haven't done that. Not looking too promising.  

  • Ok so I have created temp computer group a temp computer-based policy to disable the Threat Protection settings you mentioned. I also need to create a user group and Web Control policy?

Reply Children