Windows Start Menu Locked Up, unable to restart machine.

Have a situation where installing SOPHOS causes the Start Menu of Windows 10 1709 to stop working, also seems to stop all "User Experience" things, such as Settings Page etc. When you try to restart, you get the error:

task host is stopping background tasks windows 10 Device install reboot required

You have to hard kill it to reboot/shutdown the machine. 

This is a fresh installation of USB
Installed Acrobat Reader, Media Player classic, Irfran View, GreenShot, Chrome and Java.

Used the new Deployment from SOPHOS MSP Admin Console and the "Download Complete Windows Installer"

Used the following command to install:
SophosSetup.exe --customertoken="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" --mgmtserver="dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com" --products="antivirus;intercept" --quiet

I seem to be able to "jostle" the start menu by right clicking on the start button.  

At this stage, I am unable to install SOPHOS AV

  • In reply to JordanM:

    Hi JordanM and All,

    I did some more testing today here are my findings:

    1. On two test systems I removed the  windows password same as Jordan, the "sign-in info"  switch was disabled, windows defender all enabled I did 12 reboot tests on both systems 0 failures
    2. This time I enabled the "sign-in info" switch, No login Password, windows Defender enabled and did 12 reboot tests and 0 failures on both test systems.
    3. I then added a login password on both systems, I also enabled the "sign-in info" switch. windows Defender enabled and both systems failed, one failed 3 out of 6, the other 4 out 6 reboot failures.
    4. Last test, I disabled the "sign-in info" switch, still with a login password,  windows Defender enabled and both systems were successful with 8 out 8 reboot and no failures.

    It seems to me each of us are experiencing different results of what works and what does not. Removing the Windows password does have an effect regardless of the "sign-in info" switch setting. I can't explain why disabling the "sign-in info" switch works for me... I have now tested this on 6 different failing systems and it solves the problem for me on all of them. Burt has found disabling Windows Defender works for him on his systems. The only other explanation is we are looking at two separate issues? In my case when the problem shows. Start, Edge and settings do not work and the overall system performance is noticeably slower. After I have clicked on Edge and then right click start to either reboot or shutdown, edge seems to start in a fashion although not responsive which can be said for other applications which are slow to start.

    I can only suggest for those who have not logged a case to Sophos then it is in your best interest to do so as I think the more cases they see adds weight to the problem. I still have my case open ( #7862295) and it is escalated. If I see the issue re-occurring when I have the "sign-in info" switch disabled, I'll for sure be in contact with them, but right now they have given me a solution which seems to work for me.

    Regards
    Kevin

  • In reply to kevin clarke1:

    Hi All,

    One other point I forgot to mention was prior to Sophos communication about disabling "sign-in info" switch, they had me run with only Endpoint Advanced and not with Intercept X installed as well. This did work without any problems.

    Kevin

  • In reply to kevin clarke1:

    On my same problem computer, I installed Norton Internet Security and didn't see the issue happen yesterday.  Today, I rebooted it a few times and was able to trigger the same issue.  Now it's making me wonder if it relates to security vendors that utilize exploit protection, or if it is in fact unrelated to security software altogether. 

    In my scenario today, the Windows sign-in option was enabled and I was using a login account with a password.

    Logging out of the computer and logging back in restores functionality (no need for reboot).

    I'll try disabling that Windows sign in option again and will continue using a login password and see if it reduces my symptoms.

  • In reply to kevin clarke1:

    I have the same Problem...

    My case #7887075

    Hope to hear something from Sophos

  • In reply to Martin Frey:

    Hi Martin and All,

    Just to let you know Sophos got back to me and as far as they are concerned this is now a known issue, that is the "Use my sign-in info..." switch and there development team are working on this with MS. They did not make me aware of any other issues causing this problem. Clearly this solution is not working for many in this forum so I guess lets see what they have to say about this.

    Regards
    kevin

  • In reply to kevin clarke1:

    We were able to confirm on two machines...

     

    Install Windows, update to latest, use username with password, disable sign in option, install IX and it seems to work. With that said we may not have an exact control environment because we noticed on the download this is a different version of IX.

     

    We can also confirm even with the new version the updating of Visual Studio was a shot in the dark, it did not work.

     

    Still have not heard anything back on our ticket and its been well over a month.

  • In reply to DBASQL:

    I also have the Start Menu locked up issue.  It is on Windows 1703 and 1709 computers.  I started with a fresh 1703 version and went through the following on clients domain.

     

  • In reply to Gregg Michalski:

    You have to open the Windows Defender Security Center

    and disable Virus & threat protection.

  • In reply to Martin Frey:

    Martin,

    Disable everything before installing Sophos?  I tried the reg change to disable Windows Defender Security Center and looked to have worked.  I have WDSC enabled again and see Virus & threat protection, SmartScreen and Exploit Protection.

    Do you know if these have to be disabled before installing or can you turn them off after Sophos is installed?

     

    Thank you.

  • In reply to Gregg Michalski:

    First disable WDSC and then Install Sophos. Thats it

  • In reply to Martin Frey:

    Thanks.  I have many computers to fix.

  • Thank you for contacting Sophos Technical Support. Please see below summary of our investigation:
    On a test Remote session we have replicated the issue and verified that by uninstalling interceptX and rebooting the endpoint issue was resolved. This verifies that its related to the known issue in the article below provided to you previously:
                "https://community.sophos.com/kb/en-us/124988#Windows 10 RS3 - Start UI fails to run during first login session"
    As per article:

    This issue occurs on computers not joined to a domain. Investigation has shown to be a possible Microsoft issue. A reboot may resolve the issue. The following two options will also prevent the issue from occurring:

    • Locally, under User Accounts logon settings, by disabling the setting Use my sign-in info to automatically finish setting up my device after an update or restart.

    The setting for  'Use my sign-in info to automatically finish setting up my device after an update or restart' was still turned ON on the endpoint in question. The workaround is to turn it off.

    This is a known issue and is being investigated by our Dev team and Microsoft. Any further details will be updated in the known issues article.