Windows Start Menu Locked Up, unable to restart machine.

Have a situation where installing SOPHOS causes the Start Menu of Windows 10 1709 to stop working, also seems to stop all "User Experience" things, such as Settings Page etc. When you try to restart, you get the error:

task host is stopping background tasks windows 10 Device install reboot required

You have to hard kill it to reboot/shutdown the machine. 

This is a fresh installation of USB
Installed Acrobat Reader, Media Player classic, Irfran View, GreenShot, Chrome and Java.

Used the new Deployment from SOPHOS MSP Admin Console and the "Download Complete Windows Installer"

Used the following command to install:
SophosSetup.exe --customertoken="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" --mgmtserver="dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com" --products="antivirus;intercept" --quiet

I seem to be able to "jostle" the start menu by right clicking on the start button.  

At this stage, I am unable to install SOPHOS AV

  • Hi All,

    I installed Windows 1703 and replicated all previous steps I took with 1709.  

    It installed fine, and after the reboot no issues. 

    The issue has something to do with 1709.

  • In reply to Burt Mascareigne:

    That's not a legit answer.

  • In reply to Daniel Ahrari:

    Hi,

     

    Thanks for replying.  As this has sometime to do with the SOPHOS' internal mechanics and Windows, it is beyond me to fix it. I am unsure why SOPHOS have not fixed it yet, but I can not provide any other answer than to re-install. 

     

    I am sorry for the inconvenience.

  • In reply to Burt Mascareigne:

    If anyone gets this please respond. We are getting this on every new Dell machine we deploy. We do a fresh install of Windows 10 Pro, Install all updates and then Sophos.

    With nothing else on the machine it becomes unusable. Right now we have no answer and have tried everything we can think of to test and fix.

    If you have other software such as Malwarebytes active protection it can cause simliar behavior but this is happening on vanilla workstations out of the box with nothing installed.

    Just opening task manager 100% the CPU and takes up to a minute to release and open.

  • In reply to DBASQL:

    Hi We are also experiencing this issue. In addition to the start button we noticed edge and settings do not function either. The problem seems to be worse if doing a reboot of windows 10. We have tried rebuilding windows 10 3 times and on a new disk but still it fails.

    We have noticed  this problem on 3 systems we know of and assume more users are affected. We will log a case as this issue needs resolving urgently.

    Kevin

  • In reply to kevin clarke1:

    Hi

    My laptop, which was working fine now no longer works. I had to uninstall SOPHOS, reboot and then it worked.

    I've also just had a client who has SOPHOS Home who is unable to use their machine now.

    I think it is Hitman Pro

  • In reply to Burt Mascareigne:

    Yep same here, removing Sophos and it all works fine. I can understand the difficulty of this issue as it seems to have only occurred since windows released 1709, but nonetheless Intercept X etc is expensive and currently we have unprotected systems with others potentially with the same issue. I thought as long as we always shutdown and avoid restarts it would be a workaround,but it seems this does not always work. The only other workaround we have is to create a second windows profile and log off and into the second profile and back again, this seems to work, but not something we can ask users to do. Kevin
  • In reply to kevin clarke1:

    Can you explain please?

    Are you saying for at least some time if you shut the machine down and do a cold start instead of rebooting it did not happen? Is that what you mean?

    The profile thing is just strange I will try that on my lab machine now.

  • In reply to kevin clarke1:

    Interesting, I was unaware of the profile part.

    So, if you leave SOPHOS AV installed, but remove InterceptX, are you getting resolution?

    What use to work was, install 1706 or some earlier version, and then update to 1709 (or the latest) and everything will be fine, however, this does not appear to be the case.

    Lodging a ticket with SOPHOS is going to take a while, but maybe I have to.

    I am unsure about this Shut Down / Restart thing, this is new, did you find these action affected this bug?

  • In reply to Burt Mascareigne:

    FYI we have a partner ticket open with escalation and I will post the details here for sure.

     

    Wait how long has this been a known issue? I thought we found a bug not something that has been known for a long time. That is very concerning.

    In our test lab (about 20 machines) every IX the machine is basically toast. With that said I did a new Dell yesterday with only EPA and it did not blow the machine up but it ran poorly. For example it took about 45 seconds to open task manager. We ad no choice but to deploy it without protection other than Windows Defender because of time constraints.

  • In reply to Burt Mascareigne:

    Apologies I did not explain this too well. I have one user where if we shutdown and start it up each day, it generally works ok, but will fail if a restart is done for whatever reason. We suspect other uses are doing this. Another system seems to fail more consistently whether starting up or a doing a reboot. We spent a lot of time rebuilding systems trying to isolate the issue and found adding a second windows user profile helped a little instead of shutting down and rebooting each time trying to get it to work. So log out of one profile and into the second one and back again and this seems... to work, well as a poor workaround I know. Kevin
  • In reply to DBASQL:

    I ran into this mid october.  I downloaded the latest ISO from MS under SPLA and used that install. I fully deployed the machine, and installed SOPHOS, great. I then was about to ship to client when I forgot to install some custom app they use.  When I went to install it, Start Button wasn't working.  I spent a good 4-5 hours working on the assumption that Windows was faulty. (I couldn't understand how a fresh install could go so wrong).  In this time, I reinstalled the machine following the exact steps, same issue. So I knew it wasn't a bad install etc.

    After giving up, I Re-Installed again and noticed that it only happened when SOPHOS was installed and rebooted.

    I then downloaded the prior version of Windows, installed SOPHOS and no issue.  I then updated to 1709 and it was stable and fine.

    My laptop, which I had to remove SOPHOS from was installed over a year ago, so the version of Windows 10 has no issues with SOPHOS, but just 2 days ago, I had the exact issue, start button dead unless I spam right click to make it come to life a bit, Windows Apps gone, everything running in slow motion.

    I am now DEEPLY concern I am going to be getting support calls about this, and i have no recourse but to remove SOPHOS. EMBARRESSING!!!!!!!!!!!!!

  • In reply to Burt Mascareigne:

    Yes we are in the same boat. We are new partners and luckily have only deployed about 8 sites. Still enough to be bad although right now the only thing saving us is this users mostly have not been forced to update to the latest Windows OS. With that said we have already been absolutely roasted by the companies having the issue. Several folks were down all day before we could figure out what was going on. All happening on new machines but was it caused by removal of old product (Intune) etc.

     

    We then started deploying on fully updated machines in the lab and that did not go well.

     

    Oddly I can confirm that I just took a machine that was totally whacked, logged in as administrator (had not been used at all), shut down, cold boot, logged in as whacked user and it seems fine now. WTH

    I can say that some of the machines we had issues with did not show the problems right away so it remains to be seen if this holds up.

    If this was reported that long ago and not looked in to deeply I am a bit shocked.

  • In reply to Burt Mascareigne:

    I totally agree, like you and others we cannot leave systems unprotected. We are a new Sophos customer only since November. I stuck my neck out to get Sophos and now we have this. I will be talking, to my supplier tomorrow as well logging a case and escalate it as I guess this is the only way to get priority for a resolution.
  • In reply to DBASQL:

    I've logged an urgent case here in the UK, I've been doing various tests for the support here. The L2 support seem to be aware or have heard of this issue. Does anyone know if this issue has already been escalated  and if so any numbers so we can attach? My support case is: #7862295

    Regards

    Kevin