This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Start Menu Locked Up, unable to restart machine.

Have a situation where installing SOPHOS causes the Start Menu of Windows 10 1709 to stop working, also seems to stop all "User Experience" things, such as Settings Page etc. When you try to restart, you get the error:

task host is stopping background tasks windows 10 Device install reboot required

You have to hard kill it to reboot/shutdown the machine. 

This is a fresh installation of USB
Installed Acrobat Reader, Media Player classic, Irfran View, GreenShot, Chrome and Java.

Used the new Deployment from SOPHOS MSP Admin Console and the "Download Complete Windows Installer"

Used the following command to install:
SophosSetup.exe --customertoken="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" --mgmtserver="dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com" --products="antivirus;intercept" --quiet

I seem to be able to "jostle" the start menu by right clicking on the start button.  

At this stage, I am unable to install SOPHOS AV



This thread was automatically locked due to age.
Parents
  • Hi All,

    I installed Windows 1703 and replicated all previous steps I took with 1709.  

    It installed fine, and after the reboot no issues. 

    The issue has something to do with 1709.

  • Hi

    My laptop, which was working fine now no longer works. I had to uninstall SOPHOS, reboot and then it worked.

    I've also just had a client who has SOPHOS Home who is unable to use their machine now.

    I think it is Hitman Pro

  • Yep same here, removing Sophos and it all works fine. I can understand the difficulty of this issue as it seems to have only occurred since windows released 1709, but nonetheless Intercept X etc is expensive and currently we have unprotected systems with others potentially with the same issue. I thought as long as we always shutdown and avoid restarts it would be a workaround,but it seems this does not always work. The only other workaround we have is to create a second windows profile and log off and into the second profile and back again, this seems to work, but not something we can ask users to do. Kevin
  • Can you explain please?

    Are you saying for at least some time if you shut the machine down and do a cold start instead of rebooting it did not happen? Is that what you mean?

    The profile thing is just strange I will try that on my lab machine now.

  • Interesting, I was unaware of the profile part.

    So, if you leave SOPHOS AV installed, but remove InterceptX, are you getting resolution?

    What use to work was, install 1706 or some earlier version, and then update to 1709 (or the latest) and everything will be fine, however, this does not appear to be the case.

    Lodging a ticket with SOPHOS is going to take a while, but maybe I have to.

    I am unsure about this Shut Down / Restart thing, this is new, did you find these action affected this bug?

  • FYI we have a partner ticket open with escalation and I will post the details here for sure.

     

    Wait how long has this been a known issue? I thought we found a bug not something that has been known for a long time. That is very concerning.

    In our test lab (about 20 machines) every IX the machine is basically toast. With that said I did a new Dell yesterday with only EPA and it did not blow the machine up but it ran poorly. For example it took about 45 seconds to open task manager. We ad no choice but to deploy it without protection other than Windows Defender because of time constraints.

  • Apologies I did not explain this too well. I have one user where if we shutdown and start it up each day, it generally works ok, but will fail if a restart is done for whatever reason. We suspect other uses are doing this. Another system seems to fail more consistently whether starting up or a doing a reboot. We spent a lot of time rebuilding systems trying to isolate the issue and found adding a second windows user profile helped a little instead of shutting down and rebooting each time trying to get it to work. So log out of one profile and into the second one and back again and this seems... to work, well as a poor workaround I know. Kevin
  • I ran into this mid october.  I downloaded the latest ISO from MS under SPLA and used that install. I fully deployed the machine, and installed SOPHOS, great. I then was about to ship to client when I forgot to install some custom app they use.  When I went to install it, Start Button wasn't working.  I spent a good 4-5 hours working on the assumption that Windows was faulty. (I couldn't understand how a fresh install could go so wrong).  In this time, I reinstalled the machine following the exact steps, same issue. So I knew it wasn't a bad install etc.

    After giving up, I Re-Installed again and noticed that it only happened when SOPHOS was installed and rebooted.

    I then downloaded the prior version of Windows, installed SOPHOS and no issue.  I then updated to 1709 and it was stable and fine.

    My laptop, which I had to remove SOPHOS from was installed over a year ago, so the version of Windows 10 has no issues with SOPHOS, but just 2 days ago, I had the exact issue, start button dead unless I spam right click to make it come to life a bit, Windows Apps gone, everything running in slow motion.

    I am now DEEPLY concern I am going to be getting support calls about this, and i have no recourse but to remove SOPHOS. EMBARRESSING!!!!!!!!!!!!!

  • Yes we are in the same boat. We are new partners and luckily have only deployed about 8 sites. Still enough to be bad although right now the only thing saving us is this users mostly have not been forced to update to the latest Windows OS. With that said we have already been absolutely roasted by the companies having the issue. Several folks were down all day before we could figure out what was going on. All happening on new machines but was it caused by removal of old product (Intune) etc.

     

    We then started deploying on fully updated machines in the lab and that did not go well.

     

    Oddly I can confirm that I just took a machine that was totally whacked, logged in as administrator (had not been used at all), shut down, cold boot, logged in as whacked user and it seems fine now. WTH

    I can say that some of the machines we had issues with did not show the problems right away so it remains to be seen if this holds up.

    If this was reported that long ago and not looked in to deeply I am a bit shocked.

  • I totally agree, like you and others we cannot leave systems unprotected. We are a new Sophos customer only since November. I stuck my neck out to get Sophos and now we have this. I will be talking, to my supplier tomorrow as well logging a case and escalate it as I guess this is the only way to get priority for a resolution.
  • I've logged an urgent case here in the UK, I've been doing various tests for the support here. The L2 support seem to be aware or have heard of this issue. Does anyone know if this issue has already been escalated  and if so any numbers so we can attach? My support case is: #7862295

    Regards

    Kevin

Reply
  • I've logged an urgent case here in the UK, I've been doing various tests for the support here. The L2 support seem to be aware or have heard of this issue. Does anyone know if this issue has already been escalated  and if so any numbers so we can attach? My support case is: #7862295

    Regards

    Kevin

Children
  • We are facing the same issue with different fresh installs of Windows 10 and re-installs of EPA.

    Machine performance goes down and Start Menu freezes. 

  • Hi Michael,

    Yep totally agree this is what we are experiencing as well. This morning I have a newly built system with pretty much nothing else installed other than Sophos and it freezes in the same way, Start menus, Edge and Settings.

    I have a case open here with support they are investigating  my procmon outputs and SDU logs.

    Regards

    kevin

  • Any Updates?

    Everyone I was in contact with seems to have gone dark.

    I was able to try an older computer this weekend. I installed Sophos then the 1709 update and it seemed to work although there was an revision update to the client and it was installed without IX

  • No, I still have the same issue. I think I have worked it out. 

     

    It is the same issue SOPHOS originally had, Windows Defender.

    Even though  SOPHOS disable certain things, Defender is still running, more specifically, Exploitation Protection by Windows Defender.

    I went through and disabled these AND THEN i went to GPO and disabled it there. 

    After reboot, my start button worked.  Unsure if co-incidence or not, or if it actually fixed, did this last night.

  • Hi all, Sophos got back to me today and advised to just install only the advanced endpoint and not Intercept x or login with non-admin accounts. It is escalated to the Dev team. We can’t work with non-admin accounts so I’m taking Intercept x off the failing systems. They could not give an approx time for a patch but this is what they are working towards with MS. Kevin
  • Okay thanks for the info...

     

    Windows Defender I don't think is the issue we have had issues with and without.

     

    You must be special we had this opened for weeks and cant even get an update.

    I can confirm in each instance we log out and back in to a new profile it seems to work. We are trying a beta release but we did not get clear indication if that is a shot in the dark or an actual fix. We have not received any feedback about what exactly or superficially causing the issue, at this point we are assuming its a guess.

  • I have little faith in SOPHOS support. I just don't have the time to invest helping them, I am by myself with over 200 seats, I'm just trying to get myself out of trouble

     

    I am curious, did you try the Defender thing?

    If you go to Defender Security Settings

    App & Browser Control, Exploit.  Turn it all off.

    Then, in gpedit.msc

    Comp Conf -> Admin -> Win Comp -> Windows Def Anti V

    Turn off Win Def Anti V

     

    I am really keen to see if this fixes it, 2nd machine that had an issue, that I did this, and it seems OK. 

     

    Maybe I am special, and everything is just a co-incidence lol

  • I did do this but after the fact. Perhaps this needs to be done on the machine and then the Sophos install?

    I did it will the local GP because I only have the test lab no domain for this currently.

    What I can say with certainty any other product like ccleaner, malwarebytes, acronis 2018 etc. causes major panic so I started with Defender.

    With that said it clearly states on Sophos related sites that it will work in conjunction with Defender and is made to do so.

  • Ok, fair enough, I'm on machine 3 with success.  Interestingly, on the 3rd, i had to ENABLE it, turn off Exploit and then disable it via GPO.

    It definitely feels like a Windows Driver / Filter issue, so it is beyond direct control, you have to tinker with stuff on the surface to get it to change / remove filters at the bottom near the Kernel, though, I could be 100% wrong.  As said, 3rd machine fixed, at least I have something to play with to get it to to work for the client's that complain.

  • One more thing to add I did discover on two machines the system interrupt was 100% the CPU for whats its worth.