Windows boot and associated issues following Core Agent 2.7.6 and Intercept X 2.0.17 update
As of Sophos Endpoint Core Agent 2.7.6 (Started release May 20th for Endpoints, June 4th for Servers) and Intercept X 2.0.17 (Started release May 11th for Endpoints, June 02nd for Servers) all files and drivers are signed with only SHA256 (Previously they were SHA1 and SHA256 signed). This is a Microsoft driven change. In March 2019, Microsoft released an update to Windows 7 and Windows 2008 R2 to support SHA256 only driver signing. This Microsoft update is required in order to run Sophos Endpoint.
Systems which are current with Windows Updates will not be impacted.
Applies from the following Sophos product(s) and version(s) Central Server Core Agent 2.7.6Central Windows Core Agent 2.7.6Central Windows Endpoint Intercept X 2.0.17
Windows 7 SP1 Windows 2008 R2
As of Sophos Endpoint Core Agent 2.7.6, customers running unpatched operating systems may see the following:
C:\Windows\system32\drivers\SophosED.sys. error 0xc00004228 "cannot verify the digital signature"
For Intercept X 2.0.17 customers will see the following:
This is due to Sophos using only the SHA-2 hash algorithm. Please see below Microsoft article regarding this issue
An updated Core Agent 2.7.7 has been released today 22nd May. This update to the Core Agent will prevent the boot issue from occurring following a restart of the computer.
Note: While this update will resolve the boot issue it will not resolve any other issue. To resolve these you must perform Windows Updates to get the latest updates. Alternately, install Windows KBs 4474419 and 4490628.
Note: Customers using Controlled updates or Scheduled Updates may need to check their Policies to ensure they apply the new Core Agent 2.7.7.
This article will be updated as information becomes available
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.