We'd love to hear about it! Click here to go to the product suggestion community
We are testing Windows 10 V1903.
When we logoff from the Windows 10 Desktop it goes to a Black screen and the computer is unresponsive, can't even ping the desktop. A hard reboot is necessary to get back in. At first I thought it was video card related but same thing happened on 4 different machines. When we uninstall the Sophos Endpoint, windows acts as it should and logging off is possible.
I have seen the memory issues with regards to V1903 but not this. Has this been reported and is it an issues with anyone else?
I have created a ticket.
I've not seen or heard of this issue. Do you see the issue if you turn off realtime scanning for example?Which components do you have installed? SAV and IntercepX?Typically with these issues the approach is either elimination of components/through policy changes or stopping/unloading services/drivers. This can narrow it down to perhaps offer a workaround/acceptable exclusion, etc..OrSetup the computer to create a full mem dump on keyboard combination as per:https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard
From the dump it is then possible to analyze what the Sophos components are doing and if they are the cause of the hang. It's easier for Support/Dev with symbols but it's possible to get a rough idea which components/files/processes are involved.
We also have this issue. Testing a new image - windows 10 1903
As soon as Sophos is installed we get black screen at sign out. Hard boot is the only way out.
However, it also looks like it happens when Citrix VDA is installed on the same machine.
Are you using Citrix also? Just curious.
In reply to scrivies scrivies:
We are also having this issue with logging off/switching user with Sophos and Windows 10 1903.
We're not using Citrix though.
As soon as we remove Sophos you can log off without any problems.
Anyone heard anymore about it?
In reply to jak:
experiencing exact similar issues. will raise ticket with Sophos
In reply to prakash racharla:
I'm sure they will want a complete or probably better (to reduce file size) an Active memory dump initiated with the keyboard during the hang as per my previous comment.
Has anyone tried the following:Global exclusions:https://cloud.sophos.com/manage/config/settings/scanning-exclusions
Add Exclusion of type "Exploit Mitigation (Windows)"Click "Application not listed?"Add in $system32\fontdrvhost.exe
and choose to not protect this application as per below:
Does this help?It would be worth checking that the version of HMPA installed has a build number (last 4 figures) is 1045 or later for this to work. This can be seen in Sophos Endpoint Self Help and in Central under the "Installed component versions" expandable link per device.Regards,Jak
Just got it fix via support.
Add "Exploit Mitigation" c:\windows\system32\fontdrvhost.exe exception
install hotfix Current Hotfix Version: 22.214.171.1247 https://community.sophos.com/kb/en-us/133140
the issue is fixed with these 2 steps. Support said they are working to fix it so no exclusion is needed.