Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 15 subscribers
  • Views 10371 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosNetFilter causing BSOD

Yoni26

Hello,

We have a client with 26 computers joined to a domain.  Eight of the computers started to have a BSOD as soon as the user would login to their domain profile, or if started to browse the web.  After looking at the dumps we noticed that the cause is SophosNetFilter.

Via Sophos central we turned off the web filter policy, as well as Real-Time Internet scanning.  Once we disabled these settings, the computers stopped crashing and they have been working fine since.  The version of the Sophos Endpoint on the computers is 2023.2.1.6.

The only change on the systems and network was the Windows update KB5034766 that was installed the night prior. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Yonatan,

    Thanks for reaching out to the Sophos Community Forum. 

    I'd suggest gathering a full memory dump from an affected device, as well as an SDU log. Once you have these, please open a support case via the Sophos Support Portal or by reaching Sophos Support directly using the regional contact numbers on this page. I suspect our team will want to take a much closer look into your issue.

    Could you try running the "fltmc" command on one of the affected devices to verify if any additional drivers are loaded into the operating system? 

    If you have any minidump files already gathered from the previous crashes, could you send one to me via private message? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • +1 in reply to Qoosh

    The following advisory was recently published. Let me know if Teramind is also present on the affected device(s).
    - BSOD when Sophos and Teramind are running together - Netio.sys

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Yes we are using Teramind!  Thank you! I will get in touch with support and Teramind.

  • 0 in reply to Qoosh

    Same issue here. BSOD when using MS Edge to browse certain web pages.

    In the mix:

    • Sophos Home
    • Recent Windows updates (March 2024)
    • Windows 10 and Windows 11 (virtual machines)
    • ESXi7

    I'm not using TeraMind; I have no idea what it is even.

    Crash Dump highlights:

    PROCESS_NAME: SophosNtpServi

    FAILURE_BUCKET_ID: AV_vmxnet3!unknown_function

    (Happy to provide one or many dump files if needed).

    Before identifying Sophos being in the mix (or the victim of Windows updates) I tried:

    1. Upgrading ESXi7 to the latest 7.0U3p.

    2. Changing NICs on the guests from E1000e to VMXNET3 (I have since changed back).

    3. Updating NIC drivers (was possible after updating ESXi).

    4. Removing Windows updates (seemed to fix initially, but later I still hit a BSOD - and besides, I can't hold those things off forever, due to MS update policies). - I suspect the uninstall didn't remove everything.

    So, for now, unfortunately, my work around is to remove Sophos Home. (I don't see any other short term option).

    Regards,

    Wayne.

Reply
  • 0 in reply to Qoosh

    Same issue here. BSOD when using MS Edge to browse certain web pages.

    In the mix:

    • Sophos Home
    • Recent Windows updates (March 2024)
    • Windows 10 and Windows 11 (virtual machines)
    • ESXi7

    I'm not using TeraMind; I have no idea what it is even.

    Crash Dump highlights:

    PROCESS_NAME: SophosNtpServi

    FAILURE_BUCKET_ID: AV_vmxnet3!unknown_function

    (Happy to provide one or many dump files if needed).

    Before identifying Sophos being in the mix (or the victim of Windows updates) I tried:

    1. Upgrading ESXi7 to the latest 7.0U3p.

    2. Changing NICs on the guests from E1000e to VMXNET3 (I have since changed back).

    3. Updating NIC drivers (was possible after updating ESXi).

    4. Removing Windows updates (seemed to fix initially, but later I still hit a BSOD - and besides, I can't hold those things off forever, due to MS update policies). - I suspect the uninstall didn't remove everything.

    So, for now, unfortunately, my work around is to remove Sophos Home. (I don't see any other short term option).

    Regards,

    Wayne.

Children
No Data
Unfiltered HTML