We are having issues where Sophos Network Threat Protection (NTP) is causing all Windows SMB file transfers to time out, all other network traffic seems unaffected. If the NTP feature is disabled in the local endpoint settings GUI the issue still occurs, however if the Windows service relating to SophosNtpService.exe is stopped the issue immediately goes away and network file access is normal. If the Windows service is started again manually or via a reboot the issue still doesn't come back in the limited testing so far.
Versions are: Intercept X 2022.1.1.22 (core agent 2022.2.1.9).
I don't have a ticket just yet as i'm waiting on our support portal account to get approvedThanks for any help
how are you doing the file transfers? through a mounted drive? Program? Web browser?
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Tested with UNC path, and whatever Windows uses for folder redirection as this fails upon login
that's a strange scenario. since you're finding that the service needs to be stopped - that tells me there is an issue with the hook it puts into the network stack.
Do you have a packet capture of the file access attempts with the issue happening and without it happening?
I got a capture of it happening and submitted it to support , I wasn't able to get a sensible capture file size when the issue is not happening as the attachments uploads were limited to 25MB. I'm a little weary of posting a giant packet capture on public forums though! If you wish to look internally my case ID is 05639710
Since you have a support case going - I will let them investigate it.