Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 14186 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Turning on Web Protection destroys PC's

Scott2020

Hello.  Yesterday I installed Sophos 9.5 and created a new av and hips policy for a test group.  As part of the group I turned on the new features, but under "web protection" I had set "block access to malicious websites" left OFF.  I decided to try this out, so I turned it ON and pushed out to my test group.  Seconds after the update, I had 3 machines crash with svchost.exe errors, and an NTAUTHORITY process with a 60 second countdown trying to shut the machine down.

We restarted these machines and now we can't log into them.  There are several svchost.exe errors and then random critical errors preventing us from doing anything on the machines.

On one machine I was able to boot with last known good configuration and recovered it.

These are Windows XP SP3 machines with the latest Windows updates.  No firewall or other AV turned on.

Anyone else have this problem?

:3825


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    What does the output of:

    netsh winsock show catalog > out.txt

    show?

    I see that Sophos Web Protection uses a LSP to do its work, maybe there is a conflict with another on the machine.

    I assume you can start the machines in safe mode with command prompt, i.e. without networking and from there you can perhaps rename C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (or similar on yout platform) which might allow these machines to boot in order to find any other applications which have installed a LSP?  Hopefully you can find a conflict which would explain the problem.

    Thanks,

    Jak

    :3838
Reply
  • 0

    Hi,

    What does the output of:

    netsh winsock show catalog > out.txt

    show?

    I see that Sophos Web Protection uses a LSP to do its work, maybe there is a conflict with another on the machine.

    I assume you can start the machines in safe mode with command prompt, i.e. without networking and from there you can perhaps rename C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (or similar on yout platform) which might allow these machines to boot in order to find any other applications which have installed a LSP?  Hopefully you can find a conflict which would explain the problem.

    Thanks,

    Jak

    :3838
Children
No Data
Unfiltered HTML