freeze/thaw VSS failures when Sophos AV is utilized

Unitrends has an article (5520, https://support.unitrends.com/UnitrendsBackup/s/article/ka040000000PmjMAAS/000005520?_ga=2.69789140.576488646.1505169382-1745831295.1501935182) on getting freeze/thaw VSS failures on devices running Sophos A/V when doing backups. 

I've got one server experiencing this with Unitrends. I've got another server with Windows Server Backups that keep failing , but I haven't tried uninstalling Sophos on the 2nd one yet to verify that this this the same issue.

 

is there any official word from Sophos on this? Has anyone else experienced this? 

 

  • We're having a similar issue with Unitrends backup at our remote site. The Unitrends backups fail intermittently for our servers and there is no apparent rhyme or reason. Running the command vssadmin list writers form an elevated command prompt always shows several of the vss writers in a failed state, including the System Writer.

    Sophos answer is to add the following exception to the servers' policy:

    \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*\ or GLOBALROOT\Device\HarddiskVolumeShadowCopy*\

    Note: per Sophos support, it does not work if you add it to the global exceptions

    http://sophos.com/kb/126726

    Unfortunately, this solution has not worked for us and the problem appears to be getting worse with backups failing more frequently.

  • I've opened a case with Sophos last month. Apparently its been escalated to development, but so far no fixes that I've heard of. the workaround that works for me now, and as per Sophos Support is:

     

    • 1. Disable Tamper Protection on the affected servers
    • 2. Open Services.msc on each server
    • 3. Stop and Disable the Sophos Health service
    • 4. Reboot server and test backups
  • In reply to JamesGolden:

    Thanks James. I am trying that today. I will post how it goes tomorrow after the backup finishes.

  • In reply to DavidCraige:

    before a backup is about to begin, it might be worth running:

    vsstrace.exe -l 255 –o C:\trace.txt

    as detailed here:

    https://blogs.technet.microsoft.com/askcore/2012/04/29/how-to-vss-tracing/

    If you have a log of that when it works and fails, it might give more insight.  I assume you get an Application event log entry from VSS when it fails to correlate times.

    Regards,

    Jak

  • In reply to JamesGolden:

    This solution worked for me. The backups have been successful ever since I applied. Thanks again!