Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
[UPDATE Jan 11th 2018 - 08:59 UTC]
On Friday Jan 5th 2018 Sophos started updating our product lines to add the registry key requested by Microsoft in order for the automatic security update detailed here: ADV180002.
To ensure an efficient roll out, these updates are happening in stages over a period of days and are subject to change. No issues with the update, registry key or subsequent install of the Microsoft security updates have been reported.
IMPORTANT: For server operating systems, Microsoft states "Customers have to enable mitigations to help protect against speculative execution side-channel vulnerabilities". To enable the mitigations Microsoft customers need to enable three additional registry keys, these may cause performance issues and will not be set by Anti-Virus vendors. For more information see: Windows Server guidance to protect against speculative execution side-channel vulnerabilities.
Completed Jan 8th 2018
This article provides information on how you can determine whether your Endpoint/Server has the Sophos update that automatically creates the following registry key and value:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000”
This is to allow the Microsoft patch to update via Windows Update for the issue detailed in the following article:
The following Products are covered:
Note: As this update is being applied over a number of days, you may not see the versions listed below on an initial check. If you require this patch to be applied before you receive the Sophos update, you can manually set the registry key and value or you can manually download and apply the patch without the registry key.
Sophos AutoUpdate Installed V 5.8.411 and above
NOTE: You require access to Sophos Enterprise Console to check which subscription is assigned to your endpoints/servers. If the versions listed below do not appear on your endpoint/server you may be assigned to a different subscription. If you need to check your subscription we recommend contacting your Sophos IT administrator in your organisation.
Sophos AutoUpdate Version 5.10.139 and above
Sophos AutoUpdate Version 5.7.533 and above
Sophos AutoUpdate 5.10.139 and above
Sophos AutoUpdate 5.7.533 and above
SGVM Scanning Service Version 1.1.1 and above
Sophos AutoUpdate Version 188.8.131.521 and above
Sophos AutoUpdate 184.108.40.2061 and above
Version 1.2.11 and above
Version 1.2.11 Beta and above
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.