Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 3 answers
  • Subscribers 15 subscribers
  • Views 42687 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 10 BSOD

Shane Molloy

Hi, 

Signed up for a trial of Sophos Endpoint Cloud and installed onto my home Windows 10 Pro PC. After the first reboot, it would always BSOD just before it would show the login screen. The only way to stop this happening was disable the Hitman Pro service. The BSOD would show memory management as the error. 

My PC comes up clean with other AV scans. Some other employees have installed it without problems and i'm going to try on my laptop later. 

Wanted to flag this in case anyone else came across the problem. I haven't found out the reason for it but i haven't had a chance to look at the memory dump yet. 

 



This thread was automatically locked due to age.
Parents
  • 0

    HI 

    Could you post your logs from HitMan Pro , Path of the logs is C:\ProgramData\HitmanPro.Alert\Logs , If you do not wish to post any sensitive information you may private message me with the link to this forum . 

    Thanks and Regards

    Aditya Patel | Network and Security engineer.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya, 

     

    Log contents below. The last entry is just before the BSOD. 

     

    2016-10-30T11:51:03.717Z [Service] Startup (build 563)
    2016-10-30T11:51:03.758Z [NewApplication] Browsers, $programfiles\Mozilla Firefox\firefox.exe (C:\Program Files (x86)\Mozilla Firefox\firefox.exe)
    2016-10-30T11:51:03.814Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115103806-1.xml
    2016-10-30T11:51:03.818Z [NewApplication] Plugins, $programfiles\Mozilla Firefox\plugin-container.exe (C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe)
    2016-10-30T11:51:03.862Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115103855-2.xml
    2016-10-30T11:51:03.869Z [NewApplication] Browsers, $programfiles\Google\Chrome\Application\chrome.exe (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe)
    2016-10-30T11:51:03.903Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115103896-3.xml
    2016-10-30T11:51:03.910Z [NewApplication] Browsers, $programfiles\Internet Explorer\iexplore.exe (C:\Program Files\Internet Explorer\iexplore.exe)
    2016-10-30T11:51:04.014Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104004-4.xml
    2016-10-30T11:51:04.022Z [NewApplication] Browsers, $programfiles\Internet Explorer\iexplore.exe (C:\Program Files (x86)\Internet Explorer\iexplore.exe)
    2016-10-30T11:51:04.094Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104088-5.xml
    2016-10-30T11:51:04.100Z [NewApplication] Browsers, $windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe)
    2016-10-30T11:51:04.339Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104333-6.xml
    2016-10-30T11:51:04.346Z [NewApplication] Browsers, $windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe)
    2016-10-30T11:51:04.374Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104366-7.xml
    2016-10-30T11:51:04.381Z [NewApplication] Office, $programfiles\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe)
    2016-10-30T11:51:04.488Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104482-8.xml
    2016-10-30T11:51:04.495Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\WINWORD.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE)
    2016-10-30T11:51:04.557Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104551-9.xml
    2016-10-30T11:51:04.564Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\EXCEL.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE)
    2016-10-30T11:51:04.979Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115104972-10.xml
    2016-10-30T11:51:04.985Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\POWERPNT.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE)
    2016-10-30T11:51:05.071Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105065-11.xml
    2016-10-30T11:51:05.078Z [NewApplication] Office, $programfiles\Windows NT\Accessories\WORDPAD.EXE (C:\Program Files\Windows NT\Accessories\WORDPAD.EXE)
    2016-10-30T11:51:05.165Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105160-12.xml
    2016-10-30T11:51:05.172Z [NewApplication] Media, $programfiles\Windows Media Player\wmplayer.exe (C:\Program Files (x86)\Windows Media Player\wmplayer.exe)
    2016-10-30T11:51:05.220Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105213-13.xml
    2016-10-30T11:51:05.226Z [NewApplication] Media, $programfiles\VideoLAN\VLC\vlc.exe (C:\Program Files (x86)\VideoLAN\VLC\vlc.exe)
    2016-10-30T11:51:05.259Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105253-14.xml
    2016-10-30T11:51:05.268Z [NewApplication] Other, $programfiles\Skype\Phone\Skype.exe (C:\Program Files (x86)\Skype\Phone\Skype.exe)
    2016-10-30T11:51:05.649Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105630-15.xml
    2016-10-30T11:51:05.657Z [NewApplication] Java, $programfiles\java\jre1.8.0_111\bin\java.exe (c:\program files (x86)\java\jre1.8.0_111\bin\java.exe)
    2016-10-30T11:51:05.739Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105733-16.xml
    2016-10-30T11:51:05.745Z [NewApplication] Java, $programfiles\java\jre1.8.0_111\bin\javaw.exe (c:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe)
    2016-10-30T11:51:05.964Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115105956-17.xml
    2016-10-30T11:51:05.971Z [NewApplication] Java, $programfiles\java\jre1.8.0_111\bin\javaws.exe (c:\program files (x86)\java\jre1.8.0_111\bin\javaws.exe)
    2016-10-30T11:51:06.036Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115106030-18.xml
    2016-10-30T11:51:06.043Z [NewApplication] Java, $programfiles\java\jre1.8.0_111\bin\jp2launcher.exe (c:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe)
    2016-10-30T11:51:06.135Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20161030115106129-19.xml
    2016-10-30T11:51:06.147Z [Service] Running
    2016-10-30T11:51:06.391Z [Protected] PID 6324, Features 0300000000000106, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    2016-10-30T11:51:06.876Z [Protected] PID 5344, Features 0300000000000106, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
    2016-10-30T11:51:07.112Z [Protected] PID 8984, Features 0300000000000102, C:\Windows\System32\conhost.exe
    2016-10-30T11:51:07.201Z [Protected] PID 11216, Features 0300000000000106, C:\Program Files\Windows Defender\MpCmdRun.exe
    2016-10-30T11:51:07.316Z [Protected] PID 7932, Features 0300000000000102, C:\Windows\SysWOW64\msiexec.exe
    2016-10-30T11:51:07.628Z [Protected] PID 5412, Features 0300000000000102, C:\Windows\System32\msiexec.exe
    2016-10-30T11:51:07.922Z [Protected] PID 1696, Features 0300000000000102, C:\Windows\System32\conhost.exe
    2016-10-30T11:51:08.444Z [Protected] PID 5176, Features 0300000000000106, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    2016-10-30T11:51:08.518Z [Protected] PID 10548, Features 0300000000000106, C:\Windows\System32\dllhost.exe
    2016-10-30T11:51:09.233Z [Protected] PID 12016, Features 030000000000010E, C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    2016-10-30T11:51:17.495Z [Protected] PID 3712, Features 0300000000000106, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
    2016-10-30T11:51:27.062Z [Protected] PID 2552, Features 0300000000000106, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    2016-10-30T11:51:47.565Z [Protected] PID 5580, Features 0300000000000106, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    2016-10-30T11:51:47.638Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20161030115147
    2016-10-30T11:51:47.793Z [Protected] PID 5160, Features 0000003000000106, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    2016-10-30T11:51:47.884Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20161030115147
    2016-10-30T11:51:52.280Z [Protected] PID 10012, Features 0000003000000106, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
    2016-10-30T11:51:52.479Z [Protected] PID 9224, Features 0000003000000106, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
    2016-10-30T11:52:07.107Z [Protected] PID 9028, Features 0000003000000102, C:\Windows\System32\consent.exe
    2016-10-30T11:52:07.784Z [Protected] PID 10588, Features 0000003000000106, C:\Windows\System32\dllhost.exe
    2016-10-30T11:52:07.821Z [Protected] PID 5536, Features 0000003000000106, C:\Windows\System32\dllhost.exe
    2016-10-30T11:52:09.432Z [Protected] PID 12276, Features 0000003000000102, C:\Windows\System32\notepad.exe
    2016-10-30T11:52:32.750Z [Protected] PID 2780, Features 0000003000000106, C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    2016-10-30T11:52:48.297Z [Protected] PID 7188, Features 0000003000000102, C:\Windows\System32\conhost.exe
    2016-10-30T11:52:48.343Z [Protected] PID 6348, Features 0000003000000102, C:\Windows\System32\schtasks.exe
    2016-10-30T11:52:48.403Z [Protected] PID 6656, Features 0000003000000102, C:\Windows\System32\conhost.exe
    2016-10-30T11:52:48.426Z [Protected] PID 2612, Features 0000003000000102, C:\Windows\System32\schtasks.exe
    2016-10-30T11:53:00.150Z [Protected] PID 444, Features 0000003000000102, C:\Windows\System32\LogonUI.exe
    2016-10-30T11:53:00.736Z [Protected] PID 4684, Features 0000003000000106, C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    2016-10-30T11:53:00.817Z [Protected] PID 7348, Features 0000003000000106, C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    2016-10-30T11:53:01.200Z [Protected] PID 9448, Features 0000003000000106, C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
    2016-10-30T11:53:01.821Z [Protected] PID 11076, Features 0000003000000102, C:\Windows\System32\SearchFilterHost.exe
    2016-10-30T11:53:02.392Z [Protected] PID 9832, Features 000000361FBF0106, C:\Program Files (x86)\Skype\Phone\Skype.exe
    2016-10-30T11:53:02.727Z [Protected] PID 7820, Features 0000003000000102, C:\Windows\System32\conhost.exe
    2016-10-30T11:53:02.774Z [Protected] PID 1572, Features 0000003000000102, C:\Windows\System32\compattelrunner.exe
    2016-10-30T11:53:07.319Z [Service] System shutdown
    2016-10-30T11:53:07.319Z [Service] Stopping...
    2016-10-30T11:53:08.100Z [Service] Stopped
    2016-10-30T11:55:28.771Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20161030115528

     

     

    Thanks, 

    Shane

  • 0 in reply to Shane Molloy

    HI Shane, 

    Seems mosy of your Microsoft Applications were dropped and are you facing each time you reboot or the first time, Also I would suggest you to open a Service request and private message me the service request and the link to this thread for reference.

    Thanks and Regards

    Aditya Patel 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya, 

    Every reboot it happens. I'll open a service request and send you on the details on Tuesday. 

     

    Thanks

    Shane

  • 0 in reply to Shane Molloy

    HI All, 

    Seems the issue is occurred with the new Windows update Aniversary Edition 10  as they have added Digital Driver Verification check. It may such instance is added and would be rectified . But till then we have a workaround to disable such feature by following the Steps . 

    On installation a number of messages appear on the Desktop advising 'A digitally signed driver is required'. The following drivers may be reported:

    • SNTP Driver
    • HitmanPro.Alert Support Driver
    • Sophos Endpoint Defense Driver

    This issue occurs on new installations of Windows Anniversary edition (version 1607) only, when Secure Boot is also enabled.

    To resolve, choose one of the following options:

    1. Disable Secure Boot as detailed in the following Microsoft article:

      https://technet.microsoft.com/en-us/library/dn481258.aspx

      Note: This will permanently disable the functionality. You may want to re-enable this functionality following the installation.

    2. Change the startup settings:

      1. Press and hold the Shift key on your keyboard and click the Restart button.
      2. Choose Troubleshoot > Advanced options > Startup Settings and click the Restart button.
      3. When your computer restarts you’ll see a list of options. Press F7 on your keyboard to select Disable driver signature enforcement.
      4. Your computer will now restart and you’ll be able to install unsigned drivers.

        Note: This method temporarily disables driver signing enforcement so be sure to run the installation as soon as possible.

    3. Use Command prompt:

      1. Press Windows Key + X to open Power User Menu. Select Command Prompt (Admin) from the menu.
      2. Type the following command then press Enter:

        bcdedit.exe /set nointegritychecks on

        Note: This disables driver signature enforcement permanently.

      3. To enable driver signature enforcement , open the Command Prompt as administrator, type the following command and press Enter:

        bcdedit.exe /set nointegritychecks off

    After applying the workaround:

    1. Double click the Sophos Endpoint icon to open the interface
    2. Click the About link in the bottom right hand corner
    3. Click Update Now to trigger an update and complete the installation

    Let us know if you face the issue after the BUG Fix WINEP 6071. 

    Thanks and regards

    Aditya Patel

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Thanks very much Aditya, much appreciated. 

Reply Children
No Data
Unfiltered HTML