freeze/thaw VSS failures when Sophos AV is utilized

When can we expect an update from Microsoft? Within several weeks, months, years? We are experiencing problems since several months now.....

I can confirm this problem also exists on our Server 2016 Essentials with Acronis Backup 12.5 Standard Server. I disabled Tamper Protection and Sophos Health Service for now, but this leaves us in a very uncomfortable situation. Our customer has no internal IT and we provide all IT Services for him, but it is crucial for us to have all remote management informations. Now we are blind in terms of Sophos Server Protection.

Hi is there a time period where the problem will be fixed?

Because this thread is open a very long time now.

Hi Everyone,

I completely understand that this issue is open for quite some time. Microsoft is now working to release a fix and back-port the fix to Windows Server 2016. In addition to the fix from Microsoft, we have developed and are currently testing a workaround for the Sophos Central Server Protection product that will enable affected customers to configure the Sophos Health Service polling interval via a registry key, thus avoiding the conflict. We will provide a further update when we have confirmed dates for both the Microsoft and Sophos releases.

Any update on this? We are using Veritas Backup Exec and are experiencing the same issues on our test server. The server is Windows 2012 R2 and fully patched. When runnning manual backup is fine, but on first scheduled backup running at 11:30 at night these issues appeared.

Hi Robert,

For now, if you're backup software can run a before and after script I would suggest having the before script stop the Sophos Health Service:

sc stop "sophos health service"

Then the after script can run:

sc start "sophos health service"

Of course, to be able to stop and start the service Tamper Protection would have to be disabled.

In the next release of Sophos Health to server, I understand that via a registry key (to be disclosed) you can change the default Health registry write time from 15 seconds to a value such as 90 seconds.  This will workaround the Microsoft issue.

There is a chance that Microsoft will fix the issue which will mean the above options are no longer required.  I guess the chance to Microsoft fixing the issue in 2012 is less than in 2016 but it may happen.

Regards,
Jak

Hi Robert,

We have not received a confirmed update from Microsoft since we are currently expecting them to fix this flaw from their end via an update. However, it is expected to be released via RS5 update starting with Windows Server 2016, though we would still prefer to get a confirmed release information from Microsoft before we publish the fix details.

We apologize for the time taken and request you to kindly help us with more time while we wait for confirmation Microsoft on the same. Additionally, Microsoft has not released any confirmation of a possible fix for Windows Server 2012 yet and hence requesting you to please help us with more time.

Here are the steps for the Sophos workaround:
https://community.sophos.com/kb/en-us/132691

Regards,

Jak

we are in 2019 already, and beside workaround of stopping the health service, I do not see a solution. Am I correct ?

Well Microsoft have declared they are going to fix the issue according to their KB article. For now you can create a registry key to alter the frequency of the transactional registry write performed by Sophos Health service  to work around the bug.