Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 13 subscribers
  • Views 43774 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos clients win7 no internet this AM feb 5

givemecontrol

hey i have a few workstations today that spontaneously around 930am - 10am lost their ability to connect to the network. i also notice that the sophos endpoint icon has changed today from what it was last week. The affected terminals all seem to be win7 but i cant find any other similarities.

 

is this a known issue?

 

last update posted to the machine was 10.8.1 VE3.71.0 Update Successful



This thread was automatically locked due to age.
  • 0

    seems to me the quickest workaround as i now have 20+ workstations affected is to run around with a usb stick, boot into safe mode and disable all the sophos services on affected machines. here is the script i just wrote to do that. once the services are disabled, the machine comes up fine. and they will stay disabled for now. god damnit sophos... Do you really need 15 services??

     

    sc config "Sophos clean service" start= disabled
    sc config "savservice" start= disabled

    sc config "SAVAdminService" start= disabled
    sc config "Sophos AutoUpdate Service" start= disabled

    sc config "Sophos Clean Service" start= disabled

    sc config "Sophos Device Control Service" start= disabled

    sc config "Sophos File Scanner Service" start= disabled

    sc config "Sophos Health Service" start= disabled

    sc config "Sophos MCS Agent" start= disabled

    sc config "Sophos MCS Client" start= disabled

    sc config "Sophos Safestore Service" start= disabled

    sc config "Sophos System Protection Service" start= disabled

    sc config "Sophos Web Control Service" start= disabled

    sc config "swi_service" start= disabled
    sc config "swi_update_64" start= disabled

    sc config "SntpService" start= disabled

  • 0

    Not a fix but a current workaround we have found is to log in as a local admin user without network and disable all runtime protection services on the local machine and reboot. While making sure the server policy has been changed to also disable these settings.

  • 0 in reply to Shamus Ford

    I'm seeing similar behaviour on Windows 7 machines, Windows 10 machines fine.

    This is across 2 separate networks, both are running off SBS2011.

    Same with them updating to the latest version of Sophos with the new icon.

    Even logging on as a local user I haven't been able to access the network/internet until removing the PC from the domain.

    Once removed from the domain network/internet access is restored and works fine.

     

    Taking the machines off the domain and re-joining has resolved this for me.

    I'm hoping this doesn't occur on the main network though.

  • 0

    Hi givemecontrol,

    Can you open a support case with our support to investigate it further? If you already have a case open, please do PM the details so that I can have it checked.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • +1

    Hi givemecontrol & everyone,

    Please follow the below mentioned KBA for more details as it would be updated periodically on the reported issue.

    Malicious Traffic Detection causing network issues on Windows 7 machines

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Thank you for this temporary solution.

     

    Was on the phone for 2 hours with Sophos support, I asked multiple times if this was a known issue since we had this problem on 8 windows 7 clients, it did not affect the windows 10 clients.

    But the guy at support kept saying that this is not a known issue, I find it absurd that I have to find out myself that this is indeed a known issue. Of all things you expect the people at support to be aware of this.

     

    Some info: We also have problems with clients connected to SBS 2011, so maybe this is related, haven't heard my other customers with 2012 R2 or higher with this issue.

  • 0 in reply to Gowtham Mani

    I have been corresponding with sophos on a case # 7900486 since the 5th. We do have an XG firewall. I will try and update the ticket with the info in that KB.

     

    oh and that work around did not work. i disabled all runtime protection settings but either they are not making it to the client or the workaround did not work. the only thing that worked for me was disabling the services. that allows people to get back to work.

  • 0 in reply to givemecontrol

    Are you sure you selected save in the topr right corner after disabling the option in the sophos cloud?

    Also make sure that all Sophos services are back enabled in save mode, then reboot. For us this worked, we also have a Sophos XG firewall.

  • 0 in reply to TonV

    meh ive got a million other things to do. i will wait for a proper fix. one work around is the same as the other imho

  • 0 in reply to Gowtham Mani

    To recover machines that are already affected you will need to disconnect the network from them, log in as either a local user or into safe boot. Open Sophos UI and enter the Tamper protection Pin and turn off the Malicious Traffic Detection under Runtime Protection and reboot. Then login as normal and turn network back on. (making sure KB 131685 workaround is already done)

Unfiltered HTML