This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosNetFilter causing BSOD

Hello,

We have a client with 26 computers joined to a domain.  Eight of the computers started to have a BSOD as soon as the user would login to their domain profile, or if started to browse the web.  After looking at the dumps we noticed that the cause is SophosNetFilter.

Via Sophos central we turned off the web filter policy, as well as Real-Time Internet scanning.  Once we disabled these settings, the computers stopped crashing and they have been working fine since.  The version of the Sophos Endpoint on the computers is 2023.2.1.6.

The only change on the systems and network was the Windows update KB5034766 that was installed the night prior. 



This thread was automatically locked due to age.
Parents Reply Children
  • Yes we are using Teramind!  Thank you! I will get in touch with support and Teramind.

  • Same issue here. BSOD when using MS Edge to browse certain web pages.

    In the mix:

    • Sophos Home
    • Recent Windows updates (March 2024)
    • Windows 10 and Windows 11 (virtual machines)
    • ESXi7

    I'm not using TeraMind; I have no idea what it is even.

    Crash Dump highlights:

    PROCESS_NAME: SophosNtpServi

    FAILURE_BUCKET_ID: AV_vmxnet3!unknown_function

    (Happy to provide one or many dump files if needed).

    Before identifying Sophos being in the mix (or the victim of Windows updates) I tried:

    1. Upgrading ESXi7 to the latest 7.0U3p.

    2. Changing NICs on the guests from E1000e to VMXNET3 (I have since changed back).

    3. Updating NIC drivers (was possible after updating ESXi).

    4. Removing Windows updates (seemed to fix initially, but later I still hit a BSOD - and besides, I can't hold those things off forever, due to MS update policies). - I suspect the uninstall didn't remove everything.

    So, for now, unfortunately, my work around is to remove Sophos Home. (I don't see any other short term option).

    Regards,

    Wayne.