Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 63 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 2095147 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Start Menu Locked Up, unable to restart machine.

Burt Mascareigne

Have a situation where installing SOPHOS causes the Start Menu of Windows 10 1709 to stop working, also seems to stop all "User Experience" things, such as Settings Page etc. When you try to restart, you get the error:

task host is stopping background tasks windows 10 Device install reboot required

You have to hard kill it to reboot/shutdown the machine. 

This is a fresh installation of USB
Installed Acrobat Reader, Media Player classic, Irfran View, GreenShot, Chrome and Java.

Used the new Deployment from SOPHOS MSP Admin Console and the "Download Complete Windows Installer"

Used the following command to install:
SophosSetup.exe --customertoken="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" --mgmtserver="dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com" --products="antivirus;intercept" --quiet

I seem to be able to "jostle" the start menu by right clicking on the start button.  

At this stage, I am unable to install SOPHOS AV



This thread was automatically locked due to age.
Parents
  • 0

    Hi All,

    I installed Windows 1703 and replicated all previous steps I took with 1709.  

    It installed fine, and after the reboot no issues. 

    The issue has something to do with 1709.

  • 0 in reply to Burt Mascareigne
    I totally agree, like you and others we cannot leave systems unprotected. We are a new Sophos customer only since November. I stuck my neck out to get Sophos and now we have this. I will be talking, to my supplier tomorrow as well logging a case and escalate it as I guess this is the only way to get priority for a resolution.
  • 0 in reply to DBASQL

    I've logged an urgent case here in the UK, I've been doing various tests for the support here. The L2 support seem to be aware or have heard of this issue. Does anyone know if this issue has already been escalated  and if so any numbers so we can attach? My support case is: #7862295

    Regards

    Kevin

  • 0 in reply to kevin clarke1

    We are facing the same issue with different fresh installs of Windows 10 and re-installs of EPA.

    Machine performance goes down and Start Menu freezes. 

  • 0 in reply to Michael Van Nynatten

    Hi Michael,

    Yep totally agree this is what we are experiencing as well. This morning I have a newly built system with pretty much nothing else installed other than Sophos and it freezes in the same way, Start menus, Edge and Settings.

    I have a case open here with support they are investigating  my procmon outputs and SDU logs.

    Regards

    kevin

  • 0 in reply to kevin clarke1

    Any Updates?

    Everyone I was in contact with seems to have gone dark.

    I was able to try an older computer this weekend. I installed Sophos then the 1709 update and it seemed to work although there was an revision update to the client and it was installed without IX

  • 0 in reply to DBASQL

    No, I still have the same issue. I think I have worked it out. 

     

    It is the same issue SOPHOS originally had, Windows Defender.

    Even though  SOPHOS disable certain things, Defender is still running, more specifically, Exploitation Protection by Windows Defender.

    I went through and disabled these AND THEN i went to GPO and disabled it there. 

    After reboot, my start button worked.  Unsure if co-incidence or not, or if it actually fixed, did this last night.

  • 0 in reply to Burt Mascareigne
    Hi all, Sophos got back to me today and advised to just install only the advanced endpoint and not Intercept x or login with non-admin accounts. It is escalated to the Dev team. We can’t work with non-admin accounts so I’m taking Intercept x off the failing systems. They could not give an approx time for a patch but this is what they are working towards with MS. Kevin
  • 0 in reply to kevin clarke1

    Okay thanks for the info...

     

    Windows Defender I don't think is the issue we have had issues with and without.

     

    You must be special we had this opened for weeks and cant even get an update.

    I can confirm in each instance we log out and back in to a new profile it seems to work. We are trying a beta release but we did not get clear indication if that is a shot in the dark or an actual fix. We have not received any feedback about what exactly or superficially causing the issue, at this point we are assuming its a guess.

  • 0 in reply to DBASQL

    I have little faith in SOPHOS support. I just don't have the time to invest helping them, I am by myself with over 200 seats, I'm just trying to get myself out of trouble

     

    I am curious, did you try the Defender thing?

    If you go to Defender Security Settings

    App & Browser Control, Exploit.  Turn it all off.

    Then, in gpedit.msc

    Comp Conf -> Admin -> Win Comp -> Windows Def Anti V

    Turn off Win Def Anti V

     

    I am really keen to see if this fixes it, 2nd machine that had an issue, that I did this, and it seems OK. 

     

    Maybe I am special, and everything is just a co-incidence lol

  • 0 in reply to Burt Mascareigne

    I did do this but after the fact. Perhaps this needs to be done on the machine and then the Sophos install?

    I did it will the local GP because I only have the test lab no domain for this currently.

    What I can say with certainty any other product like ccleaner, malwarebytes, acronis 2018 etc. causes major panic so I started with Defender.

    With that said it clearly states on Sophos related sites that it will work in conjunction with Defender and is made to do so.

Reply
  • 0 in reply to Burt Mascareigne

    I did do this but after the fact. Perhaps this needs to be done on the machine and then the Sophos install?

    I did it will the local GP because I only have the test lab no domain for this currently.

    What I can say with certainty any other product like ccleaner, malwarebytes, acronis 2018 etc. causes major panic so I started with Defender.

    With that said it clearly states on Sophos related sites that it will work in conjunction with Defender and is made to do so.

Children
  • 0 in reply to DBASQL

    Ok, fair enough, I'm on machine 3 with success.  Interestingly, on the 3rd, i had to ENABLE it, turn off Exploit and then disable it via GPO.

    It definitely feels like a Windows Driver / Filter issue, so it is beyond direct control, you have to tinker with stuff on the surface to get it to change / remove filters at the bottom near the Kernel, though, I could be 100% wrong.  As said, 3rd machine fixed, at least I have something to play with to get it to to work for the client's that complain.

  • 0 in reply to Burt Mascareigne

    One more thing to add I did discover on two machines the system interrupt was 100% the CPU for whats its worth.

Unfiltered HTML