I believe I may have discovered an issue relating to Windows 10 and the Sophos endpoint agent. I upgraded to Windows 10 yesterday and checked device manager to find that my DVD-RW was not functioning properly. If I uninstall the device, rescan for hardware changes and let it automatically reinstall, it functions properly again. Upon rebooting, the DVD-RW stops functioning again until I repeat the aforementioned steps. I have noticed that after rebooting, a second driver is added for the DVD-RW from Sophos: sdcfilter.sys. Presumably this is needed for the endpoint agent to perform device control functions such as blocking writable drivers which we do utilize in our environment. I'm not positive this is causing the issue, but that evidence suggests that. I am going to report this to Sophos support in hopes that it might be a bug that could be corrected in the upcoming 10.6 release for all those early adopters but I thought I'd post it on the forums as well in case anyone had a similar experience. I've attached two screenshots to support my post.
Hi, If you get it back into the working state as you have done previously by essentially removing the sdcfilter (lower filter). Then find the inf file for the sdcfilter driver in the AutoUpdate cache, e.g.: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\ClassFilterDrivers\wnet_amd64\ right click on the sdcfilter.inf file and choose install. Does the lower filter appear as listed and the device functional? I wonder if a fresh install vs an in-place upgrade causes this? Regards, Jak
I've the same problem on Lenovo L540/T540p notebooks. After installing UTM Endpoint Protection everythink works fine. After some reboots (I can't specify that) the DVD drive is not visible in the windows explorer.
The device manager shows:
Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. To fix this problem you should uninstall and then reinstall the hardware device. (Code 19)
But there are no lower or upper filters in the registry. Is there a solution for that?
Sophos Endpoint Protection 11.0.8 UTM
For computers where the CD-ROM device isn't functioning, I wonder if the sdcfilter service is not present on the computer but referenced as a lowerfilter on the device which leads to the issue?
If anyone has this problem, I would be interested to know:
1. If the computer was an upgrade to Windows 10 or a fresh install?
2. If an upgrade, was the computer upgraded from Win 7, Win 8, Win 8.1?
3. If the computer has the service sdcfilter? As a test to see if the service is present, in a command prompt run:
sc query sdcfilter
Note: The driver file sdcfilter.sys, should reside under: \windows\system32\drivers\
If you look in Device Manager at the CDROM device, in the broken state it will have a warning triangle. Looking at the properties of the CD-ROM and then clicking on the "Driver" tab and clicking the "Driver Details" tab should show at least the path to cdrom.sys and sdcfilter.sys when device control is installed. If the file is referenced, but the service isn't present this will lead to the issue. Right clicking on the appropriate .inf file for sdcfilter and choosing install would add the service back so that might explain why the suggested fix works.
Thanks for the feedback.
Same problem here. Just clean installed latest downloadable Windows 10 Insider Preview build (14373 if I recall correctly) (after which I did have at some point the DVD-drive working without a problem). Installed Endpoint software from Sophos UTM and after that upgraded to latest Windows 10 Insider Preview build (14393). At this point I discovered the DVD-drive missing and with exclamation mark in device manager. I'm not sure if just before this latest upgrade the DVD-drive was present as this was not something I was then looking for.
Turned out the sdcfilter service was not present. So I installed the sdcfilter.inf from the location mentioned above and restarted. Then my DVD-drive was functional again. So this is a confirmation that I needed to manually (re)install sdcfilter service.
Managing several Sophos UTMs and a Sophos XG both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Interesting... I've been looking through some logs related to the upgrade. Do you see something similar in the file: \windows\inf\setupapi.upgrade.log:
It seems that the sdcfilter service was not migrated by Windows. The same goes for the GearAspiWDM service which I believe belongs to or is part of the iTunes install.
I don't recall being warned following the upgrade that the "migration" wasn't 100% successful. That said, given the exit code seems to be 0x00000000, that would suggest success?
Some here after Update from 1511 to 1607 today.
The fix "reinstall sdcfilter" is working for me too.
What a mess, Sophos.
Same problem after Update Windows 10 Pro from 1607 to 1703