This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Communication error between on-access driver and service for a firewall IPConnect event.

Hello

I am seeing Event 577 on several Win7 clients on our domain. I've seen it on about 5 out of 30 so far. It started a few weeks ago - machines become slow or unresponsive and need to be forcibly restarted, or in some cases while they can access the Internet, the affected machines are unable to access our local intranet (SharePoint Express 2013). It is ocurring on Dell Optiplex 7010's but today's machine is a Vostro 470.

--------------------------------------------

Log Name: System
Source: SAVOnAccess
Date: 07/06/2019 10:27:34
Event ID: 577
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Charlotte.htlincs.local
Description:
Communication error between on-access driver and service for a firewall IPConnect event.

Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SAVOnAccess" />
<EventID Qualifiers="57405">577</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-06-07T09:27:34.344268600Z" />
<EventRecordID>408923</EventRecordID>
<Channel>System</Channel>
<Computer>Charlotte.htlincs.local</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000400010000000000000041023DE0C9001C02830100C0000000000000000000000000000000009A0000C0</Binary>
</EventData>
</Event>

---------------------------------------------

577 is preceeded by 592:
Communication error between on-access driver and service for a cross-process thread creation event.

Has anyone else seen this or have any recommendations, please? When I was researching this about a week ago I saw a post that recommended disabling HIPS. I tried that but it made no difference so HIPS was re-enabled.

Cheers.

Mark

This thread was automatically locked due to age.

Parents

0 QC over 5 years ago

Hello Mark,

I think it's necessary to open a case with Support. While you can turn driver logging on your own you'll likely need help in interpreting the output.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Blood over 5 years ago in reply to QC

Thank you, Christian. I will open a case with Support.

Mark
Cancel
Vote Up 0 Vote Down

Cancel
0 Blood over 5 years ago in reply to Blood

Despite Sophos Support's best efforts we never got to the bottom of this. We have recently undergone a network upgrade and the SEC installation was installed from scratch on a new Win2019 server and SEC on the old 2012 server uninstalled and the server was decommissioned. After I set everything up again the problem disappeared. It had become quite serious, with some machines becoming unresponsive for up to 30 minutes.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Blood over 5 years ago in reply to Blood

Despite Sophos Support's best efforts we never got to the bottom of this. We have recently undergone a network upgrade and the SEC installation was installed from scratch on a new Win2019 server and SEC on the old 2012 server uninstalled and the server was decommissioned. After I set everything up again the problem disappeared. It had become quite serious, with some machines becoming unresponsive for up to 30 minutes.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Yashraj S over 5 years ago in reply to Blood

Hi Blood

Please accept my sincere apologies for the inconvenience caused. Can you please message me all the case numbers surrounding this issue? I would like to look into it for you.

Thanks,

Yashraj Singha
Manager | Global Community Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel