Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 6194 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Event ID 592

E R

Hello,

I have been receiving the following error in the System Event Log quite a few times in my environment just for 2 servers. Every time it happens the system gets frozen, it doesn't do anything, doesn't response to Keyboard or Mouse. This has started fairly recently (like couple of days)

 

Log Name:      System
Source:        SAVOnAccess
Date:          8/23/2017 12:43:29 PM
Event ID:      592
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      WINSERVER2012R2
Description:
Communication error between on-access driver and service for a cross-process thread creation event.


Any inputs are very much appreciated.

 EDIT

The reason why I am sure Sophos AV is a culprit is, when I stop all the Sophos AV services, server works just fine.

Cheers,

- ER



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    If the computer has totally locked up, the best thing you can do is to configure the computer to create a full memory dump.

    Configure the computer such that you can crash it with the keyboard as per:

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard

    Next time it is hung, ideally within a minute of the hang, although I suspect you don't see it happen so whenever you realize the problem is fine.  You can use the keyboard to initiate a full dump.  If you can zip up \windows\Memory.dmp, Sophos Development would then be able to analyze the dump and be able to confirm why it has hung and if/why Sophos is contributing to it.

    Based on the message though, in the meantime, I might be tempted to disable HIPS behaviour detection for a couple of days to see if that helps. That would be useful information also.

    Regards,

    Jak

Reply
  • 0

    Hi,

    If the computer has totally locked up, the best thing you can do is to configure the computer to create a full memory dump.

    Configure the computer such that you can crash it with the keyboard as per:

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard

    Next time it is hung, ideally within a minute of the hang, although I suspect you don't see it happen so whenever you realize the problem is fine.  You can use the keyboard to initiate a full dump.  If you can zip up \windows\Memory.dmp, Sophos Development would then be able to analyze the dump and be able to confirm why it has hung and if/why Sophos is contributing to it.

    Based on the message though, in the meantime, I might be tempted to disable HIPS behaviour detection for a couple of days to see if that helps. That would be useful information also.

    Regards,

    Jak

Children
Unfiltered HTML