Sophos Home Beta + Windows 10 Fall Update (Insider) + Hyper-V Issue

Hey there, wanted to see if anybody else who was using the Sophos Home Beta + on the Windows Insider track (currently for the Fall Creators Update) had this issue.

I currently have a pair of desktops I use for various things; my main rig I keep with the current release build of Windows 10 (1703, or build 15063) and a second that I keep on the Insider Fast ring so I can test upcoming changes to the OS.  Both systems have Hyper-V enabled as I spin up VMs to test various things from time to time, and both have the Sophos Home Beta.  I do not have any issues with my main rig whatsoever.

However, when I installed the first Insider Fast update for what would become the Fall Creator's update on my secondary rig, I noticed that my VMs refused to start.  I thought it was an OS issue and did everything imaginable (including reverting back to the last official release); the VMs would only start when on the official release (with Sophos Home Beta installed).  I did a lot of troubleshooting--and the moment I removed Sophos Home Beta (on the Insider builds) from the system (and rebooted)--the VMs started as it should.  Re-install Sophos Home Beta, reboot--and bam--they refused to start.  Tried everything I could think of--disabling all the services, adding exceptions--nothing seemed to work (even if I had every part I could turn off via the web console) except an uninstall.

Now before anybody gets all worked up because I'm running beta software--don't you worry--I'm not upset or even really surprised that this is happening.  I just find it interesting and thought I should see if I'm just crazy or if it's happening to others.  I'm not willing to sacrifice my other desktop to test--I gotta have one system that is stable and protected at least!  At the very least, maybe somebody will see this and find a workaround that I've yet been unable to discover.

Every new Insider build and every time I see an update to the Sophos Home Beta I re-install it and try again...and each time so far, failure.

I should also note that it flags the new DNSAPI.DLL in the Insider builds as malware as well, but I think there's a whole other thread about this.

Anyhow, enough rambling, hope this gets resolved before the final release (probably late October/early November if I recall correctly).  Insiders will have the final build probably a few weeks at least before it goes public.

 

  • Could you share the SDU logs for the same to analyze them , You may retrieve the SDU logs and upload onto any shared drive and share the link via private message me along with the Link to this thread as a reference to the issue .

    To fetch the SDU logs kindly follow the KB article. https://sophos.com/kb/33533

  • I also was getting the same results as Josh - Sophos Home Beta + on the Windows Insider track (currently for the Fall Creators Update). After installing Sophos beta software then rebooting my system, Hyper-V will not start any VM's.  I uninstalled Sophos beta rebooted my system and all is as it should be. I can load Hyper-V and start VM's.

     

     

    Work around is to add the following folder exceptions:

    C:\Program Files\Hyper-V\
    C:\Program Files (x86)\Hyper-V\
    C:\ProgramData\Microsoft\Windows\Hyper-V\
    C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Hyper-V\
    C:\Users\Public\Documents\Hyper-V\
    C:\Windows\System32\winevt\
    c:\windows\system32\   -- narrow this down to a list of vm*.dll, and wm*.exe files
    c:\windows\syswow64\ -- narrow this down to a list of vm*.dll, and wm*.exe files

  • Hi,

     

    I just wanted to confirm this is still an issue. I'm on the normal release channel for Windows 10 and after updating to the Fall Creator's update I can no longer start any VMs in Hyper-V.

    As a test I uninstalled Sophos home and I was able to start VMs without issue. I installed Sophos Home Beta again and after the post install scan completed I was still able to start VMs.

    I rebooted the computer and I am no longer able to start VMs.

    I'm running Windows 10 Version 1709 Build 16299.19 and Sophos Home Beta 1.2.6

  • In reply to Adam Babineau-Braye:

    Hi Adam , 

    Apologies for any inconvenience caused, 

    Could you share the SDU logs for the same to analyze them , You may retrieve the SDU logs and upload onto any shared drive and share the link via private message me along with the Link to this thread as a reference to the issue .

    To fetch the SDU logs kindly follow the KB article. https://sophos.com/kb/33533

  • In reply to Aditya Patel:

    Hi Adam, 

    Could you add the file vmcompute.exe in exceptions only and try again . You may remove the remaining files from exceptions.

  • In reply to Aditya Patel:

    We're also seeing this problem here and, adding just vmcompute.exe to the exclusions didn't seem to allow VMs to start up.

     

    The Sophos versions we're at:

    Core Agent: 11.5.9

    Endpoint Advanced: 11.5.9

    Sophos Intercept X: 3.6.9

    Device Encryption: 1.2.11

  • In reply to Aditya Patel:

    I'm curious how such a serious issue has not been addressed yet, considering the date of the initial report. Hyper-V is required for Docker for Windows (among other things) so you can expect lots of developers beating on your door soon.

  • In reply to Adrian Sampaleanu:

    I am now seeing the same issue with Fall Creators Update and Sophos Central.

    Tried adding exceptions and that didn't seem to work for me.

  • In reply to Aditya Patel:

    @Aditya - maybe you could change the title of this post to indicate that it's not just the Home product is at issue here. Also "Fall Update" could be changed to "Fall Creators Update" so that people googling for this problem could more easily find it.

  • I'm experiencing the same issue as well. Since install of 1709 I am unable to run any Hyper-V machines. I've added the exceptions as listed above. 

  • In reply to Kyle Parrish:

    Completely removed Sophos and Hyper-V fired right up.

  • Sophos is being strangely silent on this issue. I suspect it's not a straightforward fix, otherwise this would have already been addressed. An ETA for a fix would be nice, so that people can make contingency plans.

  • In reply to Adrian Sampaleanu:

    Also experiencing this in Windows 10 1709, with Sophos Cloud 11.5.9. Users reporting issues running Docker for Windows containers which uses Hyper-V.

     

  • I have had a ticket open since 11/2 and they only steps take so far are to add exclusions. As we have already discovered this does not work...

  • I am also unable to run Hyper-V VMs since the Windows 10 1709 update.

    When Sophos is loaded I get the following error "failed to start worker process:"

    When Sophos is removed, VMs startup with no troubles.