This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local Cache Corruption causes shutdown after login

We are having a major problem wit the deployment of DX and DP on workstations. After installing both products and receiving the polcies and keys from the server the computer becomes a paper weight by shutting itself off immediately after login because the LocalCache becomes corrupted. We have to boot into safe mode and change the GINA string in the registry back to msgina.dll and then boot into normal mode and completely unistall all applications. Needless to say, because of this little glitch we have not been able to deploy this past our test environment.. I have opened a ticket with support, but they have not been able to figure it out yet. I have a feeling it may have something to do with our AV (we run McAfree Enterprise 8.5.0i) and we have exempted all the places Sophos has advised. I thought I had it resolved at one point last week because I was able to reboot a system about 10 times without any problems. Then wehn I came in on Monday and powered it up it shut itself down after login.

Are there any other users out there that have had similar problems that may be able to shed some light on the issue???

This thread was automatically locked due to age.

0 Daniel over 14 years ago

Hi RMDS,
to me the issue seems to be very specific with regards to your environment. Based on your description it seems as if this might be an unique problem with regards to the software environment in place.
Personally I'd suggest to update the local support with a maximum of information so that the issue can be sorted out as quickly as possible.
Regards
Dan
:341
Cancel
Vote Up 0 Vote Down

Cancel
0 HowardL over 14 years ago

Hello, I hope you dont mind but I wondered if this was resolved? I have a user who has had the exact issue and I cannot determine what caused it.
Thank you
:845
Cancel
Vote Up 0 Vote Down

Cancel
0 RMDS over 14 years ago

Not resolved yet. Still working with support. This has been escalated and re-escalated. They think that it is related to our AntiVirus, so I'd be very interested to know what AV you are using. We have McAfee Enterprise 8.7. We have also opened a support ticket with them.
:1040
Cancel
Vote Up 0 Vote Down

Cancel
0 timw over 13 years ago

Bump! i've had a couple of machines do this, did you ever get a solution?
:10257
Cancel
Vote Up 0 Vote Down

Cancel
0 Miami over 11 years ago

No solution, so I write my experience with restart errors.
Our problem was Novell Netware client, even if system has fallen down because of ESET AV ( as this was written in BSOD ). In our case has helped update of Netware client (reinstallation didnt helped). But maybe real problem was in gina.dll , because Netware client replaces this with his own dll.
If you havent done it before, you should try to disable automatic restart in windows, so you can see which software causes this error. Then find some connection between this software (maybe gina.dll - if its reinstalled with sophos) and new installed dx and dp.
:25361
Cancel
Vote Up 0 Vote Down

Cancel
0 RL over 11 years ago

Hi,

We were experiencing SGN cache corruption for over a year, and were going back and forth with SGN support with debugs, but the issue never got resolved. - We just had very annoyed users!

As advised by Sophos support, it was quote; "something to do with our environment". If I had a British pound for every time I heard that from Sophos I'd be a very rich man by now! ;)

Then in May this year Sophos End-Point solution 10.0.4 update was released. This was marketed by Sophos as having various "enhancements" to the Windows driver and Sophos Web Protection and Live Protection Functionality (LSP).

These "enhancements" (don't we love marketing departments) were actually bug fixes, which Sophos tech like to call "defects".

In particular one of these defects was: #DEF76953 "Endpoint shutdown after "blocked file transfer"".

Upon finding out this information I contacted Sophos technical support and asked them to see if this "defect" was related to a case I had open for a very long time (11 months to be precise). After a bit of back and forth it was confirmed that it was.

So, I waited for the new update to End-Point...

Sure enough when we updated to End-Point 10.0.4 our SGN cache corruptions disappeared overnight.

Another thing to highlight here is that of EVERY instance of an SGN corruption we have experienced was due to end-point. And no; we have had more than one ;)

Now, in no way whatsoever am I saying that any Sophos products are the cause of your problems, but I am saying that they should not be overlooked.

Happy hunting.

John

P.S. Now if only someone from Sophos could tell me the truth as to why they don’’’’t list their defects in a secure online customer KEDB like other vendors do. – (We all know it’’’’s really because Marketing see it as bad press), but don’’’’t you think it’’’’s worse to keep you customers in the dark for over a year, and then silently release a fix.

I realise that some of the defects may list potential vulnerabilities, and I understand why you chose not to publish those.

:25679
Cancel
Vote Up 0 Vote Down

Cancel