This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 10 CD/DVD-ROM issue

Hello all,

I believe I may have discovered an issue relating to Windows 10 and the Sophos endpoint agent.  I upgraded to Windows 10 yesterday and checked device manager to find that my DVD-RW was not functioning properly.  If I uninstall the device, rescan for hardware changes and let it automatically reinstall, it functions properly again.  Upon rebooting, the DVD-RW stops functioning again until I repeat the aforementioned steps.  I have noticed that after rebooting, a second driver is added for the DVD-RW from Sophos: sdcfilter.sys.  Presumably this is needed for the endpoint agent to perform device control functions such as blocking writable drivers which we do utilize in our environment.  I'm not positive this is causing the issue, but that evidence suggests that.  I am going to report this to Sophos support in hopes that it might be a bug that could be corrected in the upcoming 10.6 release for all those early adopters but I thought I'd post it on the forums as well in case anyone had a similar experience.  I've attached two screenshots to support my post.

J

:58206


This thread was automatically locked due to age.
  • Here's a PowerShell script that 'fixes' it... at least until Microsoft drops the next build.

    Your paths may vary (I'm on Sophos Central)

    $dev = (Get-WmiObject Win32_PNPEntity | Where-Object{$_.ConfigManagerErrorCode -ne 0})

    if(($dev.configmanagererrorcode -eq 19) -and ($dev.DeviceID -like '*CDROM*'))
    {
        $path = "$env:systemdrive\programdata\sophos\autoupdate\cache\decoded\savxp\drivers\sdcfilter\wnet_amd64\sdcfilter.sys"

        regsvr32 /s $path
     
        $path2 = "$env:systemdrive\programdata\sophos\autoupdate\cache\decoded\savxp\drivers\sdcfilter\wnet_amd64\sdcfilter.inf"

        rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 $path2
    }
  • Has there been any progress on fixing this automatically? I have about 40 computers now without functional DVDROM drives due to Sophos Antivirus. The manual fix described in this thread works, but no way I'm going to each system to preform it. I need Sophos to automate the fix.

     

    FYI final year of my Sophos contract, so customer retention is on the line here.

  • Sorry, still nothing.  My case was ‘escalated’ at least a month ago and I didn’t hear a peep from them.  Contacted them again recently and all I got was ‘we’re working on it’ (I’m paraphrasing).

    I agree with you, problems like this should be corrected immediately.  It is not acceptable for a piece of software to have a breaking bug open this long.  I can remember seeing this bug as far back as a year ago, but I didn’t realize what was causing it so didn’t open a case until recently.  Sophos should expect to lose customers over this, and they would frankly deserve it.

  • I still have my outstanding support call and I have not heard anything recently.

    If I chase them, I get told that Sophos are in talks with Microsoft to find a solution.

    Oh and so you know, the problem still occurs if you do the 1709 feature update as well.

    I have passed this information back to Sophos to let them know that I am having to rebuild all my PCs in order to keep up to date as I am unable to run Feature Updates due to this issue.

    With a site of 500+ Windows PCs, this is a hefty task to carry out, knowing that the next update will be out in 6 months.

    If I get any positive news, I will update.

    Cheers,

    Barry.

  • I just run a startup script from AD that contains the following ...

    sc create sdcfilter binpath= %windir%\system32\drivers\sdcfilter.sys type= kernel
    sc description sdcfilter "Sophos CD-Rom Class filter driver"

    YMMV

     

    Brent

     

  • I have just heard from Sophos:

    “it appears we released version 11.5.9 which should have the fix in place.”

  • Sean,

    Thanks for the update. I have client version 11.5.9 installed which is excellent news.

    However, today I got an update from my support engineer at Sophos:

    "Hello Barry,

    I can see that Microsoft have now replied back to our developers and they plan to address this issue. This is to be addressed in a newer version of our software, however the release date for this version is currently unknown.

    I will continue to monitor this ticket and see when we'll be aiming to get this new version published. 

    Regards, "

    This gives me the impression that the solution isn't in place yet, but progress is being made.

    I will post an update when I get it.

    Cheers,

    Barry.

  • This appears to be fixed in the latest version of SAV - 10.7.6 - downloads.sophos.com/.../sesc_onprempreview_rneng.html

    As a test, from a working state, to uninstall the driver to essentially re-create Windows not migrating the service on Windows 10 upgrade:

    sc delete scdfilter

    Now, wait for the next ide update - the install log notices that SAV is not complete and switches to a major update and the service is restored.

    If you're missing this service in the on-premise world, then having the client install the Preview version should add it back shortly after. 

    Regards,

    Jak

  • Barry,

    Sorry to have gotten your hopes up earlier, it would appear that I was mis-informed by support.

    I followed this procedure:

    1. Verify computer is on Windows 10 1703
    2. Verify computer has Sophos 11.5.9
    3. Verify CDROM is working
    4. Update computer to Windows 10 1709 using in-place upgrade
    5. After upgrade, CDROM is no longer working

    So, I would conclude that version 11.5.9 does not fix the problem... I let support know this and I suppose I'll keep waiting for them to get their act together.

  • The fix to repair the install of SAV comes with the first update following the upgrade of Windows.  The issue appears to be Windows not migrating the service and the next opportunity to ensure the driver is installed is the first update following the Windows upgrade.

    I've only tested 10.7.6 on-premise, I don't know if the fix in the Sophos Anti-Virus component that comes with 11.5.9 but either way it will be on the next update.

    EDIT:

    From http://downloads.sophos.com/readmes/sesc_cloudclient_win7andlater_rneng.html it appears that 11.5.9 has 10.7.6, so I assume it will have the fix.

    Regards,

    Jak