Some customers have reported issues relating to Windows 10 machines being slow to boot, or booting with some services that have failed to start after installing Sophos Intercept X or Exploit Prevention.
This only affects machines running Windows 10 Redstone 3 (version 1709, Fall Creators update) or later.
Sophos have investigated and have found the cause of this issue to be due to Windows Defender Exploit Guard, namely their 'Code Integrity Guard' functionality, over-actively checking the integrity and signature of some Sophos components that are legitimately interacting with 'svchost.exe' during day-to-day usage. This issue will only occur if 'Code Integrity Guard' is set to Audit mode.
Although the cause of this issue lies outside the Sophos controlled infrastructure we are looking to make changes to our product to mitigate this issue in a future release.
This article describes the steps to resolve the issue in the interim.
The following sections are covered:
Applies to the following Sophos products and versions Central Windows Endpoint Intercept X 2.0.8Sophos Exploit Protection
The current resolution for this issue is to disable 'Code Integrity Guard' the below steps cover this:
Following this change the issue should no longer occur.
For larger organisations there may be a requirement to disable this on a larger scale. This can be carried out via Group Policies and is documented in the below Microsoft documentation
Microsoft Article - Import, export, and deploy exploit protection configurations
Disabling this "Audit only" mode should not affect the security of the system as this functionality is only monitoring, and not actively protection, applications.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.