We're having an outbreak of DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD's in driver NETIO.SYS. Netio.sys caused BSOD's are usually tied to network drivers but that doesn't make sense because this started happening all of a sudden on multiple computers. These are fully patched/updated Windows 10 Pro computers. The common thing we're seeing is Sophos was updated to version 2022.2.1.9 around 7/20/22 on all of them. Any insight from Sophos on if the blue screen of death crashes are being caused by the latest version of Sophos?
Yes, it's mindblowing that it would take a multi billion $ company this long to fix it. At least have an option for those affected by bad sofwtare updates to rollback to the previous version instead…
We are starting to see more user reports about this in our environment. Mostly Lenovo machines, and we're also using Cisco AnyConnect.
Over two weeks since I reported it and still no resolution.
I apologize for the frustrations. Looking into the development ticket open for this issue, there’s work being done each day. Our team is actively working towards finding a resolution.
If you need an immediate work-around to be implemented, you can use the following steps published in the KBA, though I understand that this is not ideal for all organizations.
Turn off the following within Sophos Central:
Hello Qoosh, is there any update on the development ticket? We still have daily occurrences of BSODs. So far none after disabling the protection features for affected users as per the KB, but we can't generally disable those for all systems.
On 8/22 I was asked to test a build that fixes the issue. I wasn't able to test it since we can't use our call center agents as guinea pigs since every time their computer crashes from a BSOD it causes a negative customer experience. Hopefully there is light at the end of the long drawn out tunnel.
I can see an update today stating that the latest test build has allowed systems to remain stable for about a week without any crashing symptoms.
If you require the test build sooner, I suggest working with our support team to get access to it. I don't have an ETA yet for when this will be released to all customers.
I have send email to my Sophos contact case# for access to this new build. We had about 20 new incidents with this issue today... The Sophos temporary workaround is NOT the best solution.