Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 43 replies
  • Answers 2 answers
  • Subscribers 25 subscribers
  • Views 133177 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues with server protection on file server

GregBeck

Has anyone seen any issues with Sophos Central on file servers? 

We moved from on the on premises version of Sophos to the Sophos Cloud version.  When I updated our main file servers we started running into an issue where a server would stop serving files after a while (a few hours on the most active one/two weeks on another).  When on the desktop of the server everything seems fine. No CPU/memory/disk issue, \\server\share works fine locally.  

Remotely \\server\share just hangs for 30+ seconds until the connection times out.   Nothing seems to get the server running again except rebooting the whole thing.  It will then work fine for a while then break.   I can't find anything the event log or Sophos logging to point me in the direction of what is breaking.  

After I uninstalled Sophos on the busiest server the issue hasn't returned.  

 

Has anyone run into anything similar? 

 

I do have a ticket created with support.  At this point they just want me to test disabling features one by one until I can narrow the problem down.  I am trying to recreate the issue without needing actual users traffic.  I personally suspect the Cryptoguard (Intercept X?) since that is the part that is also causing us grief on the client side.



This thread was automatically locked due to age.
  • 0

    Ok Here is my experience with the Server Lock down feature running on Windows Server 2016.

    • File server: Lags, slow logging in, office applications freeze up during peak times.
    • Domain Controller: Netlogon folder becomes slow to access.
    • Citrix Server (SQL Server): Server responsiveness becomes almost unusable.. Tried throwing loads of RAM at it but makes no difference.
    • All Servers: Randomly the start button will completely stop working on the server.
    • All Servers: Sophos Shield vanishes from the task manager bar. (Spoke to Sophos and never found a solution, however sophos is still running apparently). Only way to get it back is to reboot the server and it will then stay for about a day or so and then "gone" again.
    • IIS Server: 32bit IIS applications stop working,  64bit ones are fine.. Probably Access Database Engine.
    • All Servers: Software Protection Service stops working (Windows Activation). Sometimes will start if you keep trying around 4-5 times.
    • Random: Some servers refuse to lock down and get stuck on creating white list forever and sophos updates stop working.

    To fix all of the above:

    Disable Sophos lockdown! 

    Conclusion:

    Great feature, but sadly currently not fit for purpose due to issues above. It's a real shame as I really want this feature because of its security benefits.

    Something Interesting that I noticed:

    When lock down is enabled, It seems that I can rename un-trusted executables to trusted executables to bypass the lockdown policy! 

  • 0 in reply to Bryan Aydelotte

    We are having problems with Sophos server being installed on Windows Server 2019 file servers. The server will not shut down or reboot. And the file sharing gets blocked after a few minutes of file transfer. Uninstalling the software fixes these problems. The versions we are using are:

    Server Core Agent: 2.2.7

    Server Anti-virus: 10.8.4.227

    Server Intercept X: 2.0.11

    We are uninstalling the software on our servers. In a corporate environment you can't have reliability issues on your file share servers - they need to be rock solid. Hopefully, Sophos will come up with a fix since they have known about these issues since 2018.

  • 0

    Also having this issue on all of our 2008 R2 file servers.

     

    Issues include:

     

    1. Unable to restart - server hangs at shutting down during weekly reboot schedule - forcing a restart allows server to spin up correctly. An uninstall/reinstall fixes this for me. After uninstall reinstall, I have not seen issue come back.

     

    2. Spiked CPU performance due to failed client update/client stuck on "updating". This one was resolved by booting into safe mode, disabling all Sophos Services, manually disabling Tamper Protection due to the client being stuck in update mode then rebooting and uninstalling/reinstalling. This one reoccurs occasionally on random servers.

     

    We are currently working towards migrating our data to VMs with newer OSs. We don't have an issue with the client functioning on 2012 and above.

     

    Thanks,

    Bryan

  • 0 in reply to Rouven Schuerken

    Hi Rouven, have you logged a support case. We will need to investigate this as the original issue reported in this thread was replicated, resolved and confirmed as fixed in a prior Central Server release. 

    Please send me your support case number so that I can escalate the ticket.

    Regards,

    Stephen

  • 0 in reply to GregBeck

    Hi there - I updated the Server Protection last Weekend and today the same Problem: inaccessible file Shares, slow logon/logoff times.

    Had to disable the HitmanPro Service and reboot the Server.

    This is what my console gives me, the core is 2.11, the intercept-x  2.03 (any above 2.01 should include the fix?)

     

     

  • 0 in reply to StephenMcKay

    StephenMcKay said:

    The fix is in the 2.0.1 release of Sophos Server Protection

     

    Thank you

  • 0 in reply to GregBeck

    Hi Greg,

    The fix is in the 2.0.1 release of Sophos Server Protection

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    It sounds like the version with the fix has been released.   Can someone confirm what version(s) the fix is in?

  • 0 in reply to GregBeck

    Hi all,

    Today we have started to release the latest build that includes a fix for this issue to the EAP. The rollout will continue until Tuesday, this is only an Early Access Program (EAP) and so shouldn't be used for production servers. 

    Assuming a successful release to the EAP I am expecting to roll it our to all customers in the next few weeks.

    Regards,

    Stephen 

  • 0 in reply to GregBeck
    Hi GregBeck,
     
    Here's the latest information regarding this fix: 
     
    Unfortunately, The Central Server v1.5.6 release - "HitManPro.Alert (CryptoGuard) has been updated to address a customer issue." - did not include the fix for this specific issue you are referring to.
     
    The development of the solution for the issue you are experiencing is almost complete, but it has not yet been released as it requires additional testing.
     
    The current plan is to include this fix via the Early Access Program, but we do not have the exact dates as to when will that EAP version become available right now (the desired time frame is the next couple of weeks, but this can change).  
    The expected official release for the fix is on-plan for mid July (subject to change based on further testing) .
     
    Please let me know if you have any additional questions. 
     
    We greatly appreciate your patience and understanding.  

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Unfiltered HTML