Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
We have identified an issue in which the latest Windows Update KB4462926 will fail to install as the update attempts to change the security on the Image File Execution registry keys which we have protected using Sophos Endpoint Defense.
The error seen when the update fails is:
Applies to the following Sophos product(s) and version(s)
The machine will fail to install the update and on a subsequent reboot, the machine will begin to boot loop.
Update: 12/10/2018We have just released an update to Sophos Endpoint Defense with a fix for this issue. Sophos Core Agent will update to 2.1.3.
This update will trigger a reboot requirement however the reboot will not be required for the fix to be applied.
If you are using controlled or scheduled updating please ensure you amend this as per the below articles.
This is currently under investigation by Sophos Development
This article will be updated when new information becomes available.
This is currently plaguing our organization. Sophos please fix.
This appears to be affecting a number of our Windows 10 machines also, not just windows 8.1
Currently a workaround is to boot in SafeMode and allow the update to complete then reboot to normal mode
Having an issue on Windows 10 with the October update. No wireless networks are listed when peripheral control is enabled.
In reply to Matthew Young:
Would it be possible to let me know the full version of Windows 10 you are running?
1. Press Windows Key + R2. Type winver3. Report back the version information for e.g. Version 1703 (OS Build 15063.1324)
We have just released an update to Sophos Endpoint Defense with a fix for this issue. Sophos Core Agent will update to 2.1.3.
In reply to WomboCombo:
FWIW looks like this is back -- on a Windows 8.1 VM running the EDR EAP version of Sophos Endpoint / Intercept-X. Is this a known issue? Not sure of the version of Endpoint but it was updated earlier this month, that much I am sure of. Attempting to fix the VM, will report back with specifics.
In reply to BrucekConvergent:
Attached is a screenshot of where it's failing with the latest Windows 8.1 updates (this months)... different spot than the one in October (same thing happened to this VM in October and I repaired it then).
So more info; got into safe mode, update completed. Version info of Sophos Endpoint:
Updates that were installed that hung:
Just updated another VM (demo) with the same Beta Endpoint on it... same crash during reboot.
Crashed in a different spot though (think it had a different stack of updates to install):
Thanks for following up to report your investigation. I'll raise this internally, but would it be possible to create a support case with the same information and PM me with your case ID for tracking.
In reply to FloSupport:
Well I've kind of already fixed the 2 machines that were affected, just giving you guys a heads up.
To update this thread: This issue is scheduled to be fixed in the upcoming v2.2.1 Core Agent version release.
Thanks, glad they found the issue and fixed it!