This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Auto-Updates are causing Laptop to Freeze

I have been having a problem for a couple of months, which is now getting worse, related to Sophos auto-updating.

Sometimes when it is updating the computer will freeze for 5min to several hours (it is currently doing the latter):
- usually the first sign is that firefox or thunderbird will say not responding and grey out slightly
- then in some sequence other programs will say not responding (in the beginning part of this problem I can use other programs like Excel)
- Task Manager will not open
- sometimes after long pauses there will be responses to previous clicks (an excel file will be saved for example)
- during this, the mouse *is* responsive and I can typically toggle between open windows using Alt-Tab
- the clock sometimes stops updating part way through
- every time this happens Sophos is in the process of updating
- eventually the freeze stops and (most of the time) the computer functions normally.

I have run literally a dozen virus checks and that is not an issue.

There is a consistent set of lines in Windows Event Viewer which occur just as the updating troubles begin:

Error 6/14/2012 12:43:25 PM SAVOnAccess 81 None " The on-access scan of file ""\Device\HarddiskVolume1\ProgramData\Sophos Web Intelligence\s ..."" of process mbamservice.ex, start check timestamp [ 1cd4a53cd486cc1] did not complete in time: file was not scanned.
"
OR
Error 6/13/2012 1:24:59 PM SAVOnAccess 81 None " The on-access scan of file ""\Device\HarddiskVolume1\ProgramData\Sophos Web Intelligence\s ..."" of process mbamservice.ex, start check timestamp [ 1cd499071ed829f] did not complete in time: file was not scanned.

This suggests a conflict between Sophos and Malwarebytes Anti-Malware. However the problem persists even when:

- I have turned off MAM (turned off real time protection)

- excluded Malwarebytes folders (c:\programdata\malwarebytes AND c:\ proram files (x86)\malwarebytes' anti-malware) from sophos' scanning

I also have other lines related to Firefix and Thunderbird in the Event Viewer. I have added exclusions to these folders as well in Sophos.

At this point I have given up and turned off auto-updating all together.

If anyone has any suggestions on what might be going I would greatly appreciate it!

My machine:
Dell Latitude E6320
Win 7 Enterprise x64
Sophos Endpoint Security and Control version 9.5
Windows Firewall On
No other Antivirus/Firewall programs installed (I previously had malwarebytes installed but have disabled it and the problem persists: see above)

PS I did see a related thread, /search?q= 1043 , but am not sure how this was resolved.

This thread was automatically locked due to age.

Parents

0 jak over 12 years ago

Hi,
One sure fire way to troubleshoot this, aside from keep uninstalling applications until the hang no longer exists would be to crash the machine when in the hung state and obtain a full memory dump of the machine You could submit this to Support and they would be able to tell you when the machine was crashed and therefore hung, where the deadlock is and what components are at loggerheads.
Creating a dump of the machine when in this state can be easy, other times it can be more tricky. A quick search on Google for instructions, to save me retyping :) threw up: http://www.novell.com/support/kb/doc.php?id=7004093 which is quite good at explaining how to configure the machine to create a full dump and methods to initiate a crash when the hang occurs.
"CrashOnCtrlScroll" would be my preferred method but is slightly reliant on hardware/OS. Ideally you would reduce the memory in the machine to say 1 or 2GB before re-creating the problem so the dump file isn't as large but they do compress so worth zipping up. Support have an FTP server you could send it to.
If you're feeling brave you could have a go at interpreting the memory dump yourself, you would need to install Windbg (http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx ). http://www.dumpanalysis.org/blog/index.php/2007/02/09/crash-dump-analysis-patterns-part-9a/ is a good site.
It might be tricky for you to get SAV 10 if you're under the control of your university but maybe you could contact the person looking after Sophos.
Regards,
Jak
:25961
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 12 years ago

Hi,
One sure fire way to troubleshoot this, aside from keep uninstalling applications until the hang no longer exists would be to crash the machine when in the hung state and obtain a full memory dump of the machine You could submit this to Support and they would be able to tell you when the machine was crashed and therefore hung, where the deadlock is and what components are at loggerheads.
Creating a dump of the machine when in this state can be easy, other times it can be more tricky. A quick search on Google for instructions, to save me retyping :) threw up: http://www.novell.com/support/kb/doc.php?id=7004093 which is quite good at explaining how to configure the machine to create a full dump and methods to initiate a crash when the hang occurs.
"CrashOnCtrlScroll" would be my preferred method but is slightly reliant on hardware/OS. Ideally you would reduce the memory in the machine to say 1 or 2GB before re-creating the problem so the dump file isn't as large but they do compress so worth zipping up. Support have an FTP server you could send it to.
If you're feeling brave you could have a go at interpreting the memory dump yourself, you would need to install Windbg (http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx ). http://www.dumpanalysis.org/blog/index.php/2007/02/09/crash-dump-analysis-patterns-part-9a/ is a good site.
It might be tricky for you to get SAV 10 if you're under the control of your university but maybe you could contact the person looking after Sophos.
Regards,
Jak
:25961
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data