This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos Notification] Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update

Hi Everyone,

After installing the following Microsoft Windows updates Sophos has received reports of computers failing to boot:

The issue is currently being investigated. For more updates and workaround, please follow the below KBA.

Following the Microsoft Windows 09th April update computers fail/hang on boot



This thread was automatically locked due to age.
Parents
  • Hi Everyone,

    We appreciate your patience. Our team has been working non-stop to resolve the issue and we can now say confidently that we have identified the permanent fix and testing is underway. We plan to start automatically rolling out the fix to customers very soon, and if there are any cases where the update has to be manually applied, we will contact those customers directly.

    The KBA will be updated as soon as possible once we have more information on the ETA and the Fix.

    UPDATE: Sophos + Microsoft Windows April 9 update

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • I've just had it confirmed, by Sophos support (under case no: 8794284) that the automated update for the SEC AV/HIPS policies, referenced in the Sophos KB article 133945, isn't actually working for anybody, even the support team's own SEC. So, we currently have three, conflicting states from Sophos: 
    1. SEC is being "automagically" updated and everything is cool. 
    2. We need to run PET /remediate to try and force the policy update, but then some policies aren't being updated, "where the GUID in the CorrelationID column is NOT enclosed in curly brackets {}." 
    Admittedly this one is from one of your forum moderators, @QC. 
    3. The automatic update isn't working and Sophos don't yet know why and haven't actually updated the KB article, to reflect that this isn't working.

    Can you please get someone to clarify what is going on?

    Cheers,

    David.

  • Hi @deejinoz,

    I can confirm that the automatic exclusions are working (I just confirmed it on my lab environment) and I could also see that the endpoints receiving the updates. However, let me check with the case that you mentioned and see what could be causing the issue in your scenario.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Hi Gowtham,

    I escalated the support case two days ago, to level two and have heard absolutely nothing since. So, I just called to chase them up and have been told I'll be called back in an hour.

    My experience of Sophos's CMS and support processes is a very long way away from what should be expected from a global security company.

    Regards,

    David.

Reply
  • Hi Gowtham,

    I escalated the support case two days ago, to level two and have heard absolutely nothing since. So, I just called to chase them up and have been told I'll be called back in an hour.

    My experience of Sophos's CMS and support processes is a very long way away from what should be expected from a global security company.

    Regards,

    David.

Children
  • Hi David, 

    I am trying to reach the assigned engineer for your case for further updates. Please allow us some time to get back to you with an update. 

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • I have also been trying to get a response from them, since last Friday. My emails are have all been ignored, completely. So, I have called them today only to be told that, yesterday, they were told that the only way to get the exclusions into SEC is to run PET with /remediate. Your KB article mentions nothing about this. In fact it clearly states that this is an automatic process. No mention of having to run PET at all.

    Quite frankly, I am wholly unimpressed with both your support services as well as the way in which Sophos have handled this whole situation.

    It is highly noticeable, in the Spiceworks articles regarding this bug, that Avast! appear to have been not only quicker to respond but have had a more speedy resolution.

    I am still waiting to hear back from the level two support engineering duty manager...

    Regards,

    David.

  • I can confirm that yesterday's 1809 build update... 17763.439 doesn't change the outcome. Still locks at windows login screen after update restart. (granted its not a windows issue, they just closed a kernel loophole)

     

    Re-imaged my test machine, named it, domained it, made sure sophos was latest one available to our enterprise... 10.8.3.322 (10.8.3.441 will not drop to us yet, no clue why this is taking so long) then installed 17763.439 from downloaded .msu file. Restarted, grabbed sophos SDU log files, restarted again. Locked at windows login screen.

     

    Can't access safe mode without keyboard/mouse control as we are domained here at work.

  • 10.8.3.441 sophos installed on freshly imaged test machine, restarted, manually installed 17763.475 windows 10 update. restarted. locked at windows login screen

     

    This isn't funny anymore sophos.