Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 12060 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Auto-Updates are causing Laptop to Freeze

MadProfessor

I have been having a problem for a couple of months, which is now getting worse, related to Sophos auto-updating.

Sometimes when it is updating the computer will freeze for 5min to several hours (it is currently doing the latter):
- usually the first sign is that firefox or thunderbird will say not responding and grey out slightly
- then in some sequence other programs will say not responding (in the beginning part of this problem I can use other programs like Excel)
- Task Manager will not open
- sometimes after long pauses there will be responses to previous clicks (an excel file will be saved for example)
- during this, the mouse *is* responsive and I can typically toggle between open windows using Alt-Tab
- the clock sometimes stops updating part way through
- every time this happens Sophos is in the process of updating
- eventually the freeze stops and (most of the time) the computer functions normally.

I have run literally a dozen virus checks and that is not an issue.

There is a consistent set of lines in Windows Event Viewer which occur just as the updating troubles begin:

Error 6/14/2012 12:43:25 PM SAVOnAccess 81 None " The on-access scan of file ""\Device\HarddiskVolume1\ProgramData\Sophos Web Intelligence\s ..."" of process mbamservice.ex, start check timestamp [ 1cd4a53cd486cc1] did not complete in time: file was not scanned.
"
OR
Error 6/13/2012 1:24:59 PM SAVOnAccess 81 None " The on-access scan of file ""\Device\HarddiskVolume1\ProgramData\Sophos Web Intelligence\s ..."" of process mbamservice.ex, start check timestamp [ 1cd499071ed829f] did not complete in time: file was not scanned.

This suggests a conflict between Sophos and Malwarebytes Anti-Malware. However the problem persists even when:

- I have turned off MAM (turned off real time protection)

- excluded Malwarebytes folders (c:\programdata\malwarebytes AND c:\ proram files (x86)\malwarebytes' anti-malware) from sophos' scanning

I also have other lines related to Firefix and Thunderbird in the Event Viewer. I have added exclusions to these folders as well in Sophos.

At this point I have given up and turned off auto-updating all together.

If anyone has any suggestions on what might be going I would greatly appreciate it!


My machine:
Dell Latitude E6320
Win 7 Enterprise x64
Sophos Endpoint Security and Control version 9.5
Windows Firewall On
No other Antivirus/Firewall programs installed (I previously had malwarebytes installed but have disabled it and the problem persists: see above)

PS I did see a related thread, /search?q= 1043 , but am not sure how this was resolved.

:25955


This thread was automatically locked due to age.
  • 0

    Hi,

    It sounds like a deadlock based on the time it hangs for and the event log entries you see.

    Are you able to remove Malwarebytes completely and reboot and wait for the next update to see if it hangs. 

    It might be worth updating the endpoint to the latest version of SAV if you are able also, 10.0.5 is the latest but I would start by removing Malwarebytes as it would be a quick test.  Typically turning off realtime scanning doesn't disable the file system filter drivers.

    Regards,

    Jak

    :25957
  • 0

    Jak::

    Thanks for your super prompt response!

    I shold have mentioned that I had this problem occur earlir, before I even had malwarebytes installed so I am not sure if this is the only source of the problem (and in the long run I do want to have MAB running on my machine).

    The software was installed at my university so I am not sure if I can update versions as you suggest: is there a way for me to update to 10.05 on my own?

    Thanks!

    MP

    :25959
  • 0

    Hi,

    One sure fire way to troubleshoot this, aside from keep uninstalling applications until the hang no longer exists would be to crash the machine when in the hung state and obtain a full memory dump of the machine  You could submit this to Support and they would be able to tell you when the machine was crashed and therefore hung, where the deadlock is and what components are at loggerheads.

    Creating a dump of the machine when in this state can be easy, other times it can be more tricky.  A quick search on Google for instructions, to save me retyping :) threw up: http://www.novell.com/support/kb/doc.php?id=7004093 which is quite good at explaining how to configure the machine to create a  full dump and methods to initiate a crash when the hang occurs.

    "CrashOnCtrlScroll" would be my preferred method but is slightly reliant on hardware/OS.  Ideally you would reduce the memory in the machine to say 1 or 2GB before re-creating the problem so the dump file isn't as large but they do compress so worth zipping up.  Support have an FTP server you could send it to.

    If you're feeling brave you could have a go at interpreting the memory dump yourself, you would need to install Windbg (http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx ).   http://www.dumpanalysis.org/blog/index.php/2007/02/09/crash-dump-analysis-patterns-part-9a/ is a good site.

    It might be tricky for you to get SAV 10 if you're under the control of your university but maybe you could contact the person looking after Sophos.

    Regards,

    Jak

    :25961
  • 0

    Jak:

    Thanks: I am hoping to avoid a crash right now since I am working on a big project and restarting involves a lot of work.

    But when I am done I will try this route,

    If there is anything else that can be suggested now in lieu of a crash, please let me know!

    Thanks again,

    MP

    :25973
  • 0 in reply to MadProfessor

    Any Luck with this... im currently experiencing this on about 5% of my machines randomly... which is killing me as we cant find the actual problem. 

     

    any advise would be appreciated... 

  • 0 in reply to Eduardo Resendez

    This is a very old thread.  What issue do you have exactly?  

Unfiltered HTML