Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 43 replies
  • Answers 2 answers
  • Subscribers 24 subscribers
  • Views 131985 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues with server protection on file server

GregBeck

Has anyone seen any issues with Sophos Central on file servers? 

We moved from on the on premises version of Sophos to the Sophos Cloud version.  When I updated our main file servers we started running into an issue where a server would stop serving files after a while (a few hours on the most active one/two weeks on another).  When on the desktop of the server everything seems fine. No CPU/memory/disk issue, \\server\share works fine locally.  

Remotely \\server\share just hangs for 30+ seconds until the connection times out.   Nothing seems to get the server running again except rebooting the whole thing.  It will then work fine for a while then break.   I can't find anything the event log or Sophos logging to point me in the direction of what is breaking.  

After I uninstalled Sophos on the busiest server the issue hasn't returned.  

 

Has anyone run into anything similar? 

 

I do have a ticket created with support.  At this point they just want me to test disabling features one by one until I can narrow the problem down.  I am trying to recreate the issue without needing actual users traffic.  I personally suspect the Cryptoguard (Intercept X?) since that is the part that is also causing us grief on the client side.



This thread was automatically locked due to age.
Parents
  • 0

    We are using Sophos Central and just purchased and pushed Server Advanced to all of our servers thinking the Cryptoguard feature will be awesome to protect against ransomware. Well to our surprise it has done nothing but bring both of our file servers to their knees every 2 to 5 hours. The issue happening is exactly as described in this thread. Our users and paperless management system make hundreds of changes throughout the day and this seems to be causing Sophos to bring the shares down. Sophos does not report any alerts during this time and only a reboot will fix it, Removed Sophos and the issue is gone. Any news on a fix for this issue??

    Sophos support really needs an overhaul. If your going to have a product like this put a team together that can support it. I've had several issues with Sophos and I've had to solve all of them on my own. Sucks as the product as alot of potential.

  • 0 in reply to Wade Kappenman

    Wade,

    Out of curiosity what OS are the servers you are having problems with running?  In our environment it is our 2008R2 servers.   When testing I could recreate the problem on 2008R2 but not when I tried 2012R2. 

     

     

  • 0 in reply to GregBeck

    Hi Greg,

    Yes, I do have an update for you. Progress is being made and the testing of this fix (and several other fixes) is now complete and a build is underway. Following our standard rollout process, this will be released to Sophos internal servers first, prior to being rolled out to customer product lines. Unfortunately I don't have firm dates yet, but I anticipate Sophos Enterprise Console managed servers receiving the fix within the next few weeks, with Sophos Central managed servers receiving the fix thereafter.

    We are due to release a Sophos Central Early Access Program (EAP) containing new features for Windows Servers next week. The current plan is to include the fix for this issue in a planned EAP “refresh” release next month, and then to the generally available product in the July timeframe. So while the timeline for the fix is not immediate, there is light at the end of the tunnel. I appreciate that you have been waiting for this fix for some time now.

    Regards

    Stephen

  • 0 in reply to StephenMcKay

    I see there is a new update for servers out on Sophos Central.   Is this the update that contains our fix?  

     

    Version 1.5.6 Update
    HitManPro.Alert (CryptoGuard) has been updated to address a customer issue.

  • 0 in reply to GregBeck

    Hi GregBeck,

    I am following up with the appropriate groups in order to confirm if that's the fix you need.  

    I will update this post as soon as I get the info. 

    Thank you very much for your patience, 

     

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to GregBeck
    Hi GregBeck,
     
    Here's the latest information regarding this fix: 
     
    Unfortunately, The Central Server v1.5.6 release - "HitManPro.Alert (CryptoGuard) has been updated to address a customer issue." - did not include the fix for this specific issue you are referring to.
     
    The development of the solution for the issue you are experiencing is almost complete, but it has not yet been released as it requires additional testing.
     
    The current plan is to include this fix via the Early Access Program, but we do not have the exact dates as to when will that EAP version become available right now (the desired time frame is the next couple of weeks, but this can change).  
    The expected official release for the fix is on-plan for mid July (subject to change based on further testing) .
     
    Please let me know if you have any additional questions. 
     
    We greatly appreciate your patience and understanding.  

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to GregBeck

    Hi all,

    Today we have started to release the latest build that includes a fix for this issue to the EAP. The rollout will continue until Tuesday, this is only an Early Access Program (EAP) and so shouldn't be used for production servers. 

    Assuming a successful release to the EAP I am expecting to roll it our to all customers in the next few weeks.

    Regards,

    Stephen 

  • 0 in reply to StephenMcKay

    It sounds like the version with the fix has been released.   Can someone confirm what version(s) the fix is in?

  • 0 in reply to GregBeck

    Hi Greg,

    The fix is in the 2.0.1 release of Sophos Server Protection

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    StephenMcKay said:

    The fix is in the 2.0.1 release of Sophos Server Protection

     

    Thank you

  • 0 in reply to GregBeck

    Hi there - I updated the Server Protection last Weekend and today the same Problem: inaccessible file Shares, slow logon/logoff times.

    Had to disable the HitmanPro Service and reboot the Server.

    This is what my console gives me, the core is 2.11, the intercept-x  2.03 (any above 2.01 should include the fix?)

     

     

  • 0 in reply to Rouven Schuerken

    Hi Rouven, have you logged a support case. We will need to investigate this as the original issue reported in this thread was replicated, resolved and confirmed as fixed in a prior Central Server release. 

    Please send me your support case number so that I can escalate the ticket.

    Regards,

    Stephen

Reply
  • 0 in reply to Rouven Schuerken

    Hi Rouven, have you logged a support case. We will need to investigate this as the original issue reported in this thread was replicated, resolved and confirmed as fixed in a prior Central Server release. 

    Please send me your support case number so that I can escalate the ticket.

    Regards,

    Stephen

Children
No Data
Unfiltered HTML