Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Last night one of my Windows 2008R2 servers hung after installing Microsoft patch KB4493472. After initial examination I discovered that SAV service was logging lots of error messages in event log. Event IDs : 7022 (service hang), 80, 81, 83, 85, 82, 566, 608, 592.
The server became unresponsive, no rdp, no file share access, Ctrl Alt Delete not working.
I rebooted the server in to safe mode and disabled the Sophos services. After this, I was able to reboot normally. Then I uninstalled Sophos, rebooted and tried to install again but this time the installation didn't complete and the server hang again. I rebooted again in safe mode, disabled services, rebooted and uninstalled sophos again. After checking the Windows logs I realised that the server had installed update KB4493472 last night. I uninstalled the patch, rebooted and installed sophos again. This time there was no problem.
Currently we are trying to unauthorise KB4493472 on our update system.
Is there any known issues with KB4493472 on Windows Server 2008R2?
We have the same problem from last night !!!!!!!!!!!!!!
Same here for Windows Server 2012 R2 with KB4493446.
Same here with multiple clients - removing the update in safe mode and restarting solves the issue.
Same problem here with Windows 7 clients
Created a support ticket for this #8764515.Please everybody upvote this!
In reply to BastianMencke:
Also logged case reference 8764615 for this
We have the same issue here
Same here. We have the troubles with W7.Unfortantly we have no WSUS :(
Only a GPO whitch is installing the Update directly form the internet.
Got a ticket reply with a knowledge base article.
KB4493451 is reported to be causing the same issue on Windows Server 2012.
In reply to sanktis:
Funny Story i have now one W7 with the kb and the AV installed after a looooong boot time the pc is now up.
10 hours long maybe?
After installing this update, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.
In reply to Ozgur Erbay:
Install time was around 12:15 PM so 3.5h ago.
The reported issue is currently being investigated.
If you have not yet performed the update we recommend not doing so. If you have performed the update but not yet rebooted we recommend removing the update prior to rebooting.
If you have performed the update and have rebooted, triggering the issue:
Please follow the below KBA for more updates and workaround.
Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update