Sophos causing High CPU usage and unexpected server restarts

Hey guys,

 

I was experiencing some odd issues with Sophos on our file server since the weekend, on Monday it was reaching high CPU usage for a second then restarting every 30 minutes, this appears to be from a windows "Bugcheck":

 

Error 

Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80145467864, 0xffffd00021ecc980, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090318-16453-01.

After analysing the memory dump it was apparent that Clean.exe was the cause of these issues (Copied out three seperate memory dumps from three seperate reboots, all were from Clean.exe) so I have uninstalled Sophos for the time being and the issues have ceased. I believe the version was 2.0.2.

 

Is there a hotfix for this issue? Is this a bug that's already known? Is there an update that will resolve these resource and bugcheck issues?

 

These issues occured on a Windows Server 2012 R2 VM running off VMware ESXi, 6.5.0, 7967591 

 

Best Regards,

Jason

  • In reply to StephenMcKay:

    I've had a ticket open with Varonis for a few days with an identical issue and just added this post to the ticket. If you get any details on the patch they're referencing or exclusions that need to be added in Sophos please share. We have 3 file servers with Sophos and Varonis in use, but oddly this is only happening on one of them. Lucky for us it's a pretty seldom used file server, so no users have noticed the constant reboots yet, but I'd like to get a fix in place before it starts happening on the other two, because our company fully depends on those being up 24/7.

  • In reply to RyanDonohue:

    This is what another customer with the issue received from Varonis:

    A Blue Screen of Death (BSOD) occurs when the Sophos antivirus is installed with the Varonis Windows Agent.

    Affected versions: 6.2 and 6.3 GA versions
    Platforms: Windows Auditing Agent
    Severity: Critical

    Solution:
    The problem is resolved by installing patch #718214.

    Availability:
    Patch #718214 is available. Contact Varonis Support to obtain the patch.