Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 43 replies
  • Answers 5 answers
  • Subscribers 12 subscribers
  • Views 112533 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 10 CD/DVD-ROM issue

jbull

Hello all,

I believe I may have discovered an issue relating to Windows 10 and the Sophos endpoint agent.  I upgraded to Windows 10 yesterday and checked device manager to find that my DVD-RW was not functioning properly.  If I uninstall the device, rescan for hardware changes and let it automatically reinstall, it functions properly again.  Upon rebooting, the DVD-RW stops functioning again until I repeat the aforementioned steps.  I have noticed that after rebooting, a second driver is added for the DVD-RW from Sophos: sdcfilter.sys.  Presumably this is needed for the endpoint agent to perform device control functions such as blocking writable drivers which we do utilize in our environment.  I'm not positive this is causing the issue, but that evidence suggests that.  I am going to report this to Sophos support in hopes that it might be a bug that could be corrected in the upcoming 10.6 release for all those early adopters but I thought I'd post it on the forums as well in case anyone had a similar experience.  I've attached two screenshots to support my post.

J

:58206


This thread was automatically locked due to age.
  • +1

    Hi,

    If you get it back into the working state as you have done previously by essentially removing the sdcfilter (lower filter). Then find the inf file for the sdcfilter driver in the AutoUpdate cache, e.g.:

    C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\ClassFilterDrivers\wnet_amd64\

    right click on the sdcfilter.inf file and choose install. Does the lower filter appear as listed and the device functional?

    I wonder if a fresh install vs an in-place upgrade causes this?

    Regards,
    Jak

  • 0

    I've the same problem on Lenovo L540/T540p notebooks. After installing UTM Endpoint Protection everythink works fine. After some reboots (I can't specify that) the DVD drive is not visible in the windows explorer.

    The device manager shows:

    Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. To fix this problem you should uninstall and then reinstall the hardware device. (Code 19)


    But there are no lower or upper filters in the registry. Is there a solution for that?

    Sophos Endpoint Protection 11.0.8 UTM

    Regards

    Ulrich

  • 0
    I have the same problem on multiple systems.
  • 0
    I've been doing Win10 Beta testing since last spring and I've seen this same error and just felt it was because of beta. I've now update ~40 Dell computers for my company to Win10 1511 and we're all experiencing the same issue. Dell support had me remove upper and lower fitlers in the registry from the cdrom class. They didn't seem to be Sophos related but I noticed this morning that even though I don't have any upper and lower filters I had a 2nd driver on my CDrom device and when I looked closer it was Sophos. I running UTM 220 with end point version 11.08. This latest sdcfilter.sys isn't a signed driver any longer. I wonder if that could be the problem?
  • 0
    Jak,

    Your answer seems to be my fix!

    So far on the computers I've troubleshooted that were upgraded to Win10 and the DVD cdrom keeps disappearing from the File
    Explorer the sdcfilter driver isn't running or in the registry any longer.

    I used MS Sysinternals Autoruns.exe to check if the driver is running or not.

    the sdcfilter.sys is still on the HD and inf file still in the AutoUpdate cache area you mentioned.
    Right clicking on the inf file and installing works great!

    Thanks...
    mikej
  • 0 in reply to MikeJantzer

    For computers where the CD-ROM device isn't functioning, I wonder if the sdcfilter service is not present on the computer but referenced as a lowerfilter on the device which leads to the issue?

    If anyone has this problem, I would be interested to know:

    1. If the computer was an upgrade to Windows 10 or a fresh install?

    2. If an upgrade, was the computer upgraded from Win 7, Win 8, Win 8.1?

    3. If the computer has the service sdcfilter?  
    As a test to see if the service is present, in a command prompt run:

    sc query sdcfilter

    Note: The driver file sdcfilter.sys, should reside under: \windows\system32\drivers\

    If you look in Device Manager at the CDROM device, in the broken state it will have a warning triangle.  Looking at the properties of the CD-ROM and then clicking on the "Driver" tab and clicking the "Driver Details" tab should show at least the path to cdrom.sys and sdcfilter.sys when device control is installed.  If the file is referenced, but the service isn't present this will lead to the issue.  Right clicking on the appropriate .inf file for sdcfilter and choosing install would add the service back so that might explain why the suggested fix works.

    Thanks for the feedback.

    Regards,

    Jak

  • 0 in reply to jak

    Same problem here. Just clean installed latest downloadable Windows 10 Insider Preview build (14373 if I recall correctly) (after which I did have at some point the DVD-drive working without a problem). Installed Endpoint software from Sophos UTM and after that upgraded to latest Windows 10 Insider Preview build (14393). At this point I discovered the DVD-drive missing and with exclamation mark in device manager. I'm not sure if just before this latest upgrade the DVD-drive was present as this was not something I was then looking for.

    Turned out the sdcfilter service was not present. So I installed the sdcfilter.inf from the location mentioned above and restarted. Then my DVD-drive was functional again. So this is a confirmation that I needed to manually (re)install sdcfilter service.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Interesting...  I've been looking through some logs related to the upgrade.  Do you see something similar in the file: \windows\inf\setupapi.upgrade.log:

    It seems that the sdcfilter service was not migrated by Windows.  The same goes for the GearAspiWDM service which I believe belongs to or is part of the iTunes install.

    I don't recall being warned following the upgrade that the "migration" wasn't 100% successful.  That said, given the exit code seems to be 0x00000000, that would suggest success?

    Regards,

    Jak

  • 0

    Some here after Update from 1511 to 1607 today.

    The fix "reinstall sdcfilter" is working for me too.

  • 0 in reply to UThomas

    What a mess, Sophos.

    Same problem after Update Windows 10 Pro from 1607 to 1703 

Unfiltered HTML