Sophos Home Beta + Windows 10 Fall Update (Insider) + Hyper-V Issue

Hey there, wanted to see if anybody else who was using the Sophos Home Beta + on the Windows Insider track (currently for the Fall Creators Update) had this issue.

I currently have a pair of desktops I use for various things; my main rig I keep with the current release build of Windows 10 (1703, or build 15063) and a second that I keep on the Insider Fast ring so I can test upcoming changes to the OS.  Both systems have Hyper-V enabled as I spin up VMs to test various things from time to time, and both have the Sophos Home Beta.  I do not have any issues with my main rig whatsoever.

However, when I installed the first Insider Fast update for what would become the Fall Creator's update on my secondary rig, I noticed that my VMs refused to start.  I thought it was an OS issue and did everything imaginable (including reverting back to the last official release); the VMs would only start when on the official release (with Sophos Home Beta installed).  I did a lot of troubleshooting--and the moment I removed Sophos Home Beta (on the Insider builds) from the system (and rebooted)--the VMs started as it should.  Re-install Sophos Home Beta, reboot--and bam--they refused to start.  Tried everything I could think of--disabling all the services, adding exceptions--nothing seemed to work (even if I had every part I could turn off via the web console) except an uninstall.

Now before anybody gets all worked up because I'm running beta software--don't you worry--I'm not upset or even really surprised that this is happening.  I just find it interesting and thought I should see if I'm just crazy or if it's happening to others.  I'm not willing to sacrifice my other desktop to test--I gotta have one system that is stable and protected at least!  At the very least, maybe somebody will see this and find a workaround that I've yet been unable to discover.

Every new Insider build and every time I see an update to the Sophos Home Beta I re-install it and try again...and each time so far, failure.

I should also note that it flags the new DNSAPI.DLL in the Insider builds as malware as well, but I think there's a whole other thread about this.

Anyhow, enough rambling, hope this gets resolved before the final release (probably late October/early November if I recall correctly).  Insiders will have the final build probably a few weeks at least before it goes public.


  • In reply to Adrian Sampaleanu:

    As per the post above by "Infrastructure Support", I'm assuming  that you're referring to the simple "Endpoint only" installer (without I-X)? I tried this on the 9th, as recorded above, and it works fine.

    As far as calling it a solution, I'm not sure my director will appreciate being told to disable a function within a product that we've paid an additional ~£100k for (on top of the base Endpoint license).

  • In reply to Vini:

    , I'm guessing that's what our guys ended up installing and, in agreement with your view, why I quoted "solution". What a joke.

  • In reply to Vini:

    I'm in the same situation here.  I've had to set up a sub-group that doesn't contain Exploit Prevention, then uninstall that component for Hyper-V users.

    Not ideal!

  • In reply to Bluebird007:

    I'm reluctant to do this, as I just know that we'll never get around to "re-installing" the Intercept-X edition as/when the time comes that real solution is available.


    Bad times.

  • In reply to Vini:

    I've bitten the bullet and had a user reinstall Sophos with Intercept-X, just so I could pull some SDU logs. Apparently the support ticket couldnt be escalated without them.

    Thats an hour my user wont get back, but hey ho. Hopefully the next response is we need more logs, as the user promptly uninstalled Sophos again in order to get working!