Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 9814 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DPM server bluescreens after sophos endpoint installation (bluescreens stop when disabling Sophos services)

ManagedServices

All,

DPM: 2010
Os: Windows Server 2008 R2

After pushing the Antivirus client on the DPM server strange bluescreens have appeared (all faulting with DRIVER IRQ NOT LESS OR EQUAL in sis.sys). When disabling the sophos services on the server the bluescreens disappear.

It seems to happen when Sophos tries to scan the DPM volumes (\\.......). I've followed the guide from Microsoft for the exclusions and also excluded remote locations.

Any ideas?

Best regards!



This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    If you are using Sophos Cloud to manage the server installs, policy permits process exclusions. If you are using on-premise, then at the current time, process exclusions are made in the registry - community.sophos.com/.../4011. I would first suggest ensuring the process is excluded as per best practice. If there is still a problem I would probably run driver verifier (Start->Run, type: verifier) go through the vizard and choose to monitor, both sis.sys and savonnaccess.sys. You can use the default options.

    I would also setup the computer to create a full memory dump. Do this you may need to tweak the size of the page file so it's at least equal to the total memory. A dump file created with driver verifier should produce better results as you capture the culprit rather than sometimes the victim.

    I would suggest for this Support will want ideally a full memory dump uploaded to their FTP server. If this is too difficult to obtain maybe a kernel dump might be sufficient, failing which a mini dump.

    Regards,
    Jak
Reply
  • 0
    Hi,

    If you are using Sophos Cloud to manage the server installs, policy permits process exclusions. If you are using on-premise, then at the current time, process exclusions are made in the registry - community.sophos.com/.../4011. I would first suggest ensuring the process is excluded as per best practice. If there is still a problem I would probably run driver verifier (Start->Run, type: verifier) go through the vizard and choose to monitor, both sis.sys and savonnaccess.sys. You can use the default options.

    I would also setup the computer to create a full memory dump. Do this you may need to tweak the size of the page file so it's at least equal to the total memory. A dump file created with driver verifier should produce better results as you capture the culprit rather than sometimes the victim.

    I would suggest for this Support will want ideally a full memory dump uploaded to their FTP server. If this is too difficult to obtain maybe a kernel dump might be sufficient, failing which a mini dump.

    Regards,
    Jak
Children
No Data
Unfiltered HTML