Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 14178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Turning on Web Protection destroys PC's

Scott2020

Hello.  Yesterday I installed Sophos 9.5 and created a new av and hips policy for a test group.  As part of the group I turned on the new features, but under "web protection" I had set "block access to malicious websites" left OFF.  I decided to try this out, so I turned it ON and pushed out to my test group.  Seconds after the update, I had 3 machines crash with svchost.exe errors, and an NTAUTHORITY process with a 60 second countdown trying to shut the machine down.

We restarted these machines and now we can't log into them.  There are several svchost.exe errors and then random critical errors preventing us from doing anything on the machines.

On one machine I was able to boot with last known good configuration and recovered it.

These are Windows XP SP3 machines with the latest Windows updates.  No firewall or other AV turned on.

Anyone else have this problem?

:3825


This thread was automatically locked due to age.
Parents
  • 0

    Hi everyone,

    Just wanted to add some notes here for benefit of others facing similar issues. The new Live URL Filtering feature ("Web Protection") in 9.5 uses a Layered Service Provider (LSP) to provide protection while browsing the web. Generally this has proven to be quite reliable and useful, but there are some exceptions. Unfortunately we didn't catch all of these issues during internal testing and beta testing, and in this specific case the results have been ugly. Apologies for that.

    There are at present two different third-party software packages (using LSPs) which are known to cause this type of issue:

    1. NVIDIA App Filter (installed by default by some PC vendors)

    2. APC InfrastruXure Client version 4.7 (discontinued, but still quite popular for managing APC products)

    The issue with the NVIDIA software will be addressed in the 9.5.2 update.

    The issue with the APC software has unfortunately only been discovered in the field after release, and the engineering team are investigating with the intention of addressing this as soon as possible.

    As with all issues related to Sophos' software, please contact our Support team when you run into difficulties. In particular to compatibility issues like this thread highlights, they can help get systems back into working order rapidly. They will also escalate to the engineering team so the underlying software issues can be addressed.

    For clarity, the new Web Protection feature is unrelated to the Detours and BHO feature. Disabling those features is not a recommended course of action when dealing with incompatibilities like this one.

    Thanks,

    Bob Cook

    Development Manager, Sophos

    (I'm the manager for the engineering team that developed the Web Protection technology)

    :4244

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Reply
  • 0

    Hi everyone,

    Just wanted to add some notes here for benefit of others facing similar issues. The new Live URL Filtering feature ("Web Protection") in 9.5 uses a Layered Service Provider (LSP) to provide protection while browsing the web. Generally this has proven to be quite reliable and useful, but there are some exceptions. Unfortunately we didn't catch all of these issues during internal testing and beta testing, and in this specific case the results have been ugly. Apologies for that.

    There are at present two different third-party software packages (using LSPs) which are known to cause this type of issue:

    1. NVIDIA App Filter (installed by default by some PC vendors)

    2. APC InfrastruXure Client version 4.7 (discontinued, but still quite popular for managing APC products)

    The issue with the NVIDIA software will be addressed in the 9.5.2 update.

    The issue with the APC software has unfortunately only been discovered in the field after release, and the engineering team are investigating with the intention of addressing this as soon as possible.

    As with all issues related to Sophos' software, please contact our Support team when you run into difficulties. In particular to compatibility issues like this thread highlights, they can help get systems back into working order rapidly. They will also escalate to the engineering team so the underlying software issues can be addressed.

    For clarity, the new Web Protection feature is unrelated to the Detours and BHO feature. Disabling those features is not a recommended course of action when dealing with incompatibilities like this one.

    Thanks,

    Bob Cook

    Development Manager, Sophos

    (I'm the manager for the engineering team that developed the Web Protection technology)

    :4244

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Children
No Data
Unfiltered HTML