Windows 10 CD/DVD-ROM issue

Hello all,

I believe I may have discovered an issue relating to Windows 10 and the Sophos endpoint agent.  I upgraded to Windows 10 yesterday and checked device manager to find that my DVD-RW was not functioning properly.  If I uninstall the device, rescan for hardware changes and let it automatically reinstall, it functions properly again.  Upon rebooting, the DVD-RW stops functioning again until I repeat the aforementioned steps.  I have noticed that after rebooting, a second driver is added for the DVD-RW from Sophos: sdcfilter.sys.  Presumably this is needed for the endpoint agent to perform device control functions such as blocking writable drivers which we do utilize in our environment.  I'm not positive this is causing the issue, but that evidence suggests that.  I am going to report this to Sophos support in hopes that it might be a bug that could be corrected in the upcoming 10.6 release for all those early adopters but I thought I'd post it on the forums as well in case anyone had a similar experience.  I've attached two screenshots to support my post.

J

:58206
  • Hello All, my first post in the forum

    just came here finding with google the problem explained by jbull, i have exactly the same problem happened two times so far, upgrading from 1607 to 1703 and again from 1703 to 1709, i thinked it was a windows related problem but the solution posted here to install manually sdcfilter.inf worked also for my notebook HP 250 G5

    weird thing was it solved itself while using 1703, now it can be explained that a sophos update caused a new installation of it and so it made the dvd back working again as someone noticed

    i hope it will be fixed with next releases but now we have a workaround for every major windows update

  • In reply to Simone Pecchenino:

    It should now get re-instated on the first update of Sophos (data, or product) following the upgrade of the OS where it is not migrated.

    This probably explains how it was fixed "while using 1703".

    https://community.sophos.com/kb/en-us/125470

    has been updated with a note I see.

  • In reply to Gordon McLellan1:

    Hi Sophos,

    I'll leave this message here, but will also forward it to my Sophos partner since I doubt anyone from corporate actually reads these forums.

    I have removed Sophos AV from all of my Windows 10 computers. More Windows 10 computers are coming next month. They will not be receiving the Sophps product. 

    I will not be renewing my 100+ license subscription this summer and going with a solution that doesn't constantly prevent my users from getting work done. My DVD drives work just fine without the Sophos product installed, so I don't understand how you can blame Microsoft.

    Kind Regards,

    Gordon McLellan

    Network Administrator, County of Manistee

  • In reply to Gordon McLellan1:

    I get it!  This took WAY too long for Sophos to fix.  Ridiculous.

     

    Here is what Sophos told me a few days ago, but I do not have any machines that need a build upgrade so I can't test it

     

    Hi Sean,



    My Global escalations team has gotten back to me and we released version 10.7.6 for the anti-virus component which has the fix for the dvd drive issue.



    Just wondering if you are still seeing this issue and if you are we would need a new set of logs.



    To confirm what version you are running you could open Sophos on the endpoint, click on "about" in the bottom right hand corner, click on "Run diagnostic tool", then click on "installed components" and you should see for the anti-virus as 10.7.6.117

  • In reply to Sean Sauve:

    Hi Sean,

    I just had my last Windows 10 machine have it's DVD drive disabled by Sophos ... under Central I see this:

    Agent Update Status10.7.6 VE3.70.2 Update Successful

    I hope you have better luck fighting this issue, I've given up.

    Regards,

    Gordon

  • In reply to Simone Pecchenino:

    happened AGAIN migrating from 1709 to 1803

  • In reply to Gordon McLellan1:

    Hi Gordon McLellan1 & others,

    I am really sorry to hear that you had this issue with our product. The reported issue was fixed in the following releases:

    • Sophos Endpoint Security and Control 10.7.6
    • Sophos Central Endpoint Standard/Advanced 10.8.1
    • UTM Managed Endpoint 11.0.12

    Please confirm if you still facing the issue even after the update. To Confirm if the update is rolled to the client, please check the Major install log (Sophos Anti-Virus Major Install Log_<datetime>) for the link <Datetime>info:SetupPlugin: updateProps.m_MajorUpdate = 1 . If the Value is 0 the update didn't run. 

  • In reply to Gowtham Mani:

    This issue has not been fixed, and is easy to recreate. I'm not sure why Sophos is having such a hard time recreating it internally. Using the latest endpoint client as of May 25, the optical is still rendered useless by Sophos after a Windows update.

     

    Steps to reproduce:

    Install Windows 10 Enterprise build 1703 in a virtual machine.

    Install Sophos Endpoint using the latest installer downloaded from Sophos Central.

    Let the Endpoint update itself, reboot a few times to confirm.

    Go into Windows Update and install the April feature update (Build 1803), reboot

    Boom, the optical drive is now non-functional.

     

    I have repeated this on three different virtual machines, and a physical laptop.

     

    Ticket is open with Global Escalations #8067291 

     

    At this point resolution is purely an academic exercise for me, I'm curious to see the result. I have moved my enterprise to another endpoint solution, Sophos dropped the ball on this one a long time ago.

  • In reply to Gowtham Mani:

    Gowtham Mani

    Hi Gordon McLellan1 & others,

    I am really sorry to hear that you had this issue with our product. The reported issue was fixed in the following releases:

    • Sophos Endpoint Security and Control 10.7.6
    • Sophos Central Endpoint Standard/Advanced 10.8.1
    • UTM Managed Endpoint 11.0.12

    Core agent 2.0.3

    Endpoint Standard 10.8.1.2

    no interceptx no encryption

    Fortunately we have the sdcfilter.inf workaround to use after any Windows major update

  • In reply to Gordon McLellan1:

    So my ticket got kicked back to the helpdesk, Global Escalations still claims the resolution for this issue is to manually reinstall scdfilter on every workstation after every Windows feature update. It is clear Sophos is not interested in resolving the issue properly.

  • In reply to Gordon McLellan1:

    The problems as been 'fixed' for me, in a way.  The CDROM breaks when my computers upgrade to 1803, but a reboot fixes it (until the next feature update, I assume).

  • In reply to Sean Sauve:

    On the next ide update (or any update requiring an actual update not just a check) post OS upgrade the SAV installer will recognise it is not a complete install and switch to a major install which will add the sdcfilter service back.  Microsoft does not migrate the driver as it's not PnP but it should be re-instated in a couple of hours depending on when the next ide update is released.

     

  • In reply to Gordon McLellan1:

    Gordon

    So my ticket got kicked back to the helpdesk, Global Escalations still claims the resolution for this issue is to manually reinstall scdfilter on every workstation after every Windows feature update. It is clear Sophos is not interested in resolving the issue properly.

    Can you DM me the reference case number so that I can have it checked with the team? If our users are still facing the issue post the fix, we would like to investigate it further to have it addressed.