This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple computers getting netio.sys BSOD after 2022.2.1.9 update

We're having an outbreak of DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD's in driver NETIO.SYS. Netio.sys caused BSOD's are usually tied to network drivers but that doesn't make sense because this started happening all of a sudden on multiple computers. These are fully patched/updated Windows 10 Pro computers. The common thing we're seeing is Sophos was updated to version 2022.2.1.9 around 7/20/22 on all of them. Any insight from Sophos on if the blue screen of death crashes are being caused by the latest version of Sophos? 



This thread was automatically locked due to age.
  • Well, sort of...

    We did file our own case on Monday and are now working through the process with a dedicated support representative.

    At least for our case I can confirm that support won't hand out the patched driver without FIRST getting at least one full memory dump and the SDU logs. "Active memory dump" will be sufficient, though.

    So in the meantime we have set up two of our more heavily affected users with the required settings in order to collect the required type of memory dumps.

    Basically we are "waiting for BSODs" now (the same users totalled 5 BSODs together yesterday... but you know the deal with Murphy...).

    Once I manage to collect and upload them, they will have a look into that - probably to verify if the case is the same one the patched driver is supposed to address.

    Depending on that we'll see how this proceeds...

  • Thanks for the update. Then we'll have to open a case.

  • In the meantime we did provide two full memory dumps from two different users and machines this monday.

    I did not hear back since, and we still don't have access to the test driver. I assume they are checking if our cases have the same or a similar reason, and if the test driver even addresses that same issue or not.

    Also after providing the dumps I enabled the full workaround solution according to the KB for the "known-to-be-affected" users.
    Only to learn yesterday, that the workaround - although making the issue less frequent - does not reliably work. One of the users just had another BSOD. Thankfully he was set up to provide memory dumps, so Sophos engineers now got a 3rd full dump with SDU logs for a case that is NOT mitigated by the "turn off security" workaround.

  • Received the test driver, next step is rolling it out for our most heavily affected users. Keeping fingers crossed!

  • Hello Samuel, where did you receive the test driver?

  • from Support after "paying the bill" - providing a full memory dump

  • Yeah, we ended up providing three full dumps from two different machines. The last dump was after enabling the full "workaround" for all affected machines...

    Anyway today the test driver was rolled out to the first machine and the workaround was disabled for it. Now we will have to wait and see...

  • Quick update: The results from our testing look promising. The two machines that we are testing the patch on each experienced 4 BSODs in a 3 day period two weeks ago, before enabling the workaround for affected users.

    In the last 3 days those two machines produced zero regular BSODs (with the workaround disabled for them, of course).

    Unfortunately one machine still had a single BSOD, but after the reboot a pending windows update was installed, and current assumption with Sophos support agent is that background installation of the windows update might have removed the "manually deployed" patched driver - that is, the patched driver might not have been active at that point.

    Anyway even if the driver was active, 1 instead of 8 BSODs in a given time frame sounds like a substantial improvement.

  • Hello

    Any update with this testing this patch?