We have had several customer reports that since the release of Central Windows Advanced 10.8.1 or Central Intercept X 2.0.0; Our 'Malicious Traffic Detection' component has been causing issues with DNS. This has caused machines to fail to log on and also cause general internet issues.
All reports currently indicate that affected customer's are also running an XG Firewall.
Applies to the following Sophos product(s) and version(s) Central Windows Endpoint 10.8.1Central Windows Endpoint Intercept X 2.0.0
Customer's may see a loss of network connectivity on Windows 7 Endpoints. Symptoms include being unable to log in to networked machines.
This is currently under further investigation, please monitor this knowledge base article for future updates
UPDATE: This issue has now been reproduced in house and we are working on creating a debug version of Malicious Traffic Detection in order to investigate this further. So far analysis has concluded that the issue is only present when having a series of conditions present in the environment.
Please open a support ticket with Sophos Technical Support providing the below information
To workaround this issue you will need to disable the policy setting "Detect network traffic to command and control servers" from within your Central Threat Protection Policy.
This article will be updated when information becomes available
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.