Multiple computers getting netio.sys BSOD after 2022.2.1.9 update

We're having an outbreak of DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD's in driver NETIO.SYS. Netio.sys caused BSOD's are usually tied to network drivers but that doesn't make sense because this started happening all of a sudden on multiple computers. These are fully patched/updated Windows 10 Pro computers. The common thing we're seeing is Sophos was updated to version 2022.2.1.9 around 7/20/22 on all of them. Any insight from Sophos on if the blue screen of death crashes are being caused by the latest version of Sophos? 

Added tags
[edited by: Gladys at 3:07 PM (GMT -7) on 5 Aug 2022]
Parents Reply
  • Quick update: The results from our testing look promising. The two machines that we are testing the patch on each experienced 4 BSODs in a 3 day period two weeks ago, before enabling the workaround for affected users.

    In the last 3 days those two machines produced zero regular BSODs (with the workaround disabled for them, of course).

    Unfortunately one machine still had a single BSOD, but after the reboot a pending windows update was installed, and current assumption with Sophos support agent is that background installation of the windows update might have removed the "manually deployed" patched driver - that is, the patched driver might not have been active at that point.

    Anyway even if the driver was active, 1 instead of 8 BSODs in a given time frame sounds like a substantial improvement.

  • Hello

    Any update with this testing this patch? 

  • Not a single BSOD on the two test machines ever since. Other than on unpatched machines... Had to move more users into the BSOD-Mitigation group today.

    Our case was seemingly escalated to the "GES" team yesterday morning. Now we're just waiting for feedback.

  • Hey Samuel,

    How have things been going for you with testing? I havent had a chance to do anything other than company-wide implement the "official" workaround and we are still getting occasional BSODs. Not really happy with this whole experience.

  • We kept our two test users on the test driver and we have not seen any adverse effects.

    We got one more netio.sys BSOD for one of those users - but the manually installed test driver seems to get disabled by system protection particularly when Windows updates are being installed, which was the case then -  so that is not necessarily significant. In total we got 2 netio.sys BSODs for two machines since we started testing. The driver is now in daily production use for 37 days for those users, and they used to get anything from 5-10 BSODs per week without the fix.

    Last update I got from a "Global Escalation Engineer" (after asking back myself again, of course...):

    Thank you for the email. The October release has now been rescheduled for a planned release, on November the 10th 2022.

    But of course also some expectation management:

    ... this is the planned date and can be pulled at the very last minute.

    So I keep my fingers crossed that Sophos manages to get this shipped "soon".