Issues with Sophos Version 1.7.134 update and server losing network connection

Question

HI, We recently had a 2008r2 server lose the network connection, a quick restart brought everything back up. (This is was a production line server so we did not investigate the nic, just restarted to get workers going again.) I do know it was not hardware due to this being a VM and multiple VM's were running on the ESXi and had no issue. After reviewing the event viewer at the same time that this happened Sophos had finished installing the latest updates, I have checked all the event viewer logs for the same time and there is nothing else so I am thinking something with this update or install caused the issue. Just wanted to see if anyone else has seen this or had similar issues. I have pasted the event logs below. Log Name: Application Source: HitmanPro.Alert Date: 5/8/2019 12:36:12 PM Event ID: 101 Task Category: Broker Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: The hmpalertsvc broker service was successfully stopped. Event Xml: 101 4 2 0x80000000000000 609142 Application adfs01.dfllc.local hmpalertsvc Log Name: Application Source: VMTools Date: 5/8/2019 12:36:12 PM Event ID: 108 Task Category: None Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: The service was stopped. Event Xml: 108 4 0 0x80000000000000 609141 Application adfs01.dfllc.local Log Name: Application Source: VMUpgradeHelper Date: 5/8/2019 12:36:12 PM Event ID: 272 Task Category: None Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: Saved network configuration. Event Xml: 272 4 0 0x80000000000000 609140 Application adfs01.dfllc.local Log Name: Application Source: VMUpgradeHelper Date: 5/8/2019 12:36:12 PM Event ID: 280 Task Category: None Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: Saving network configuration for adapter with MAC address 00:0C:29:5B:A4:87. Event Xml: 280 4 0 0x80000000000000 609139 Application adfs01.dfllc.local 00:0C:29:5B:A4:87 Log Name: Application Source: VMUpgradeHelper Date: 5/8/2019 12:36:12 PM Event ID: 260 Task Category: None Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: Saving network configuration. Event Xml: 260 4 0 0x80000000000000 609138 Application adfs01.dfllc.local Log Name: Application Source: Desktop Window Manager Date: 5/8/2019 12:36:10 PM Event ID: 9009 Task Category: None Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: The Desktop Window Manager has exited with code (0x40010004) Event Xml: 9009 4 0 0x80000000000000 609137 Application adfs01.dfllc.local 0x40010004 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:09:06 PM Event ID: 1042 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Ending a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sau\Sophos AutoUpdate.msi. Client Process Id: 10624. Event Xml: 1042 4 0 0x80000000000000 609136 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sau\Sophos AutoUpdate.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:09:06 PM Event ID: 1035 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer reconfigured the product. Product Name: Sophos AutoUpdate XG. Product Version: 6.0.457.0. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 0. Event Xml: 1035 4 0 0x80000000000000 609135 Application adfs01.dfllc.local Sophos AutoUpdate XG 6.0.457.0 1033 0 Sophos Limited (NULL) 7B37324531333646372D333735312D343232452D414337412D3142324534363339313930397D3030303039613864633233343765653038653731623865353062376434613139383731343030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:09:06 PM Event ID: 11728 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Product: Sophos AutoUpdate XG -- Configuration completed successfully. Event Xml: 11728 4 0 0x80000000000000 609134 Application adfs01.dfllc.local Product: Sophos AutoUpdate XG -- Configuration completed successfully. (NULL) (NULL) (NULL) (NULL) (NULL) 7B37324531333646372D333735312D343232452D414337412D3142324534363339313930397D Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:08:26 PM Event ID: 1040 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Beginning a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sau\Sophos AutoUpdate.msi. Client Process Id: 10624. Event Xml: 1040 4 0 0x80000000000000 609133 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sau\Sophos AutoUpdate.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:08:26 PM Event ID: 1033 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer installed the product. Product Name: Sophos AutoUpdate XG. Product Version: 6.0.457.0. Product Language: 1033. Manufacturer: Sophos Limited. Installation success or error status: 0. Event Xml: 1033 4 0 0x80000000000000 609132 Application adfs01.dfllc.local Sophos AutoUpdate XG 6.0.457.0 1033 0 Sophos Limited (NULL) 7B37324531333646372D333735312D343232452D414337412D3142324534363339313930397D3030303039613864633233343765653038653731623865353062376434613139383731343030303030393034 Log Name: Application Source: HitmanPro.Alert Date: 5/8/2019 12:08:19 PM Event ID: 213 Task Category: Installer Level: Information Keywords: Classic User: N/A Computer: adfs01.dfllc.local Description: An update was succesfully downloaded and is pending to be installed at next reboot. New version 3.7.12.466. Event Xml: 213 4 1 0x80000000000000 609131 Application adfs01.dfllc.local 3.7.12.466 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:08:16 PM Event ID: 1042 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Ending a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded tp64\Sophos Network Threat Protection.msi. Client Process Id: 10624. Event Xml: 1042 4 0 0x80000000000000 609130 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded tp64\Sophos Network Threat Protection.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:08:16 PM Event ID: 1035 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer reconfigured the product. Product Name: Sophos Network Threat Protection. Product Version: 1.8.1555.0. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 0. Event Xml: 1035 4 0 0x80000000000000 609129 Application adfs01.dfllc.local Sophos Network Threat Protection 1.8.1555.0 1033 0 Sophos Limited (NULL) 7B36303433353042462D424539412D344637392D423045422D4231433232443838394532447D3030303033616531343862636262303831323134663362616537333938663831326133333030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:08:16 PM Event ID: 11728 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Product: Sophos Network Threat Protection -- Configuration completed successfully. Event Xml: 11728 4 0 0x80000000000000 609128 Application adfs01.dfllc.local Product: Sophos Network Threat Protection -- Configuration completed successfully. (NULL) (NULL) (NULL) (NULL) (NULL) 7B36303433353042462D424539412D344637392D423045422D4231433232443838394532447D Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:07:53 PM Event ID: 1040 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Beginning a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded tp64\Sophos Network Threat Protection.msi. Client Process Id: 10624. Event Xml: 1040 4 0 0x80000000000000 609127 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded tp64\Sophos Network Threat Protection.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:07:53 PM Event ID: 1035 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer reconfigured the product. Product Name: Sophos Network Threat Protection. Product Version: 1.8.59.0. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 0. Event Xml: 1035 4 0 0x80000000000000 609126 Application adfs01.dfllc.local Sophos Network Threat Protection 1.8.59.0 1033 0 Sophos Limited (NULL) 7B36303433353042462D424539412D344637392D423045422D4231433232443838394532447D3030303062336165666531306336303862643036333731313236366638396536383933613030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:07:52 PM Event ID: 1033 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer installed the product. Product Name: Sophos Network Threat Protection. Product Version: 1.8.1555.0. Product Language: 1033. Manufacturer: Sophos Limited. Installation success or error status: 0. Event Xml: 1033 4 0 0x80000000000000 609125 Application adfs01.dfllc.local Sophos Network Threat Protection 1.8.1555.0 1033 0 Sophos Limited (NULL) 7B36303433353042462D424539412D344637392D423045422D4231433232443838394532447D3030303033616531343862636262303831323134663362616537333938663831326133333030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:07:49 PM Event ID: 1042 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Ending a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\Sophos Anti-Virus.msi. Client Process Id: 10624. Event Xml: 1042 4 0 0x80000000000000 609124 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\Sophos Anti-Virus.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:07:48 PM Event ID: 1033 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer installed the product. Product Name: Sophos Anti-Virus. Product Version: 10.8.4.227. Product Language: 1033. Manufacturer: Sophos Limited. Installation success or error status: 0. Event Xml: 1033 4 0 0x80000000000000 609123 Application adfs01.dfllc.local Sophos Anti-Virus 10.8.4.227 1033 0 Sophos Limited (NULL) 7B30313432333836352D353531422D344335392D423434412D4343363034424332314146337D3030303065646632383565336665643762616235303331376131626535343936313431633030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:07:48 PM Event ID: 11707 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Product: Sophos Anti-Virus -- Installation operation completed successfully. Event Xml: 11707 4 0 0x80000000000000 609122 Application adfs01.dfllc.local Product: Sophos Anti-Virus -- Installation operation completed successfully. (NULL) (NULL) (NULL) (NULL) (NULL) 7B30313432333836352D353531422D344335392D423434412D4343363034424332314146337D Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:06:17 PM Event ID: 1040 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Beginning a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\Sophos Anti-Virus.msi. Client Process Id: 10624. Event Xml: 1040 4 0 0x80000000000000 609121 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\Sophos Anti-Virus.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:06:17 PM Event ID: 1042 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Ending a Windows Installer transaction: {095BB5FF-C89D-449B-9D6D-3B9CCB3BEFD8}. Client Process Id: 6020. Event Xml: 1042 4 0 0x80000000000000 609120 Application adfs01.dfllc.local {095BB5FF-C89D-449B-9D6D-3B9CCB3BEFD8} 6020 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:06:17 PM Event ID: 1034 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer removed the product. Product Name: Sophos Anti-Virus. Product Version: 10.8.3.322. Product Language: 1033. Manufacturer: Sophos Limited. Removal success or error status: 0. Event Xml: 1034 4 0 0x80000000000000 609119 Application adfs01.dfllc.local Sophos Anti-Virus 10.8.3.322 1033 0 Sophos Limited (NULL) 7B30393542423546462D433839442D343439422D394436442D3342394343423342454644387D3030303036636638373936613938663739303839386433373164323436383462633934653030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:06:17 PM Event ID: 11724 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Product: Sophos Anti-Virus -- Removal completed successfully. Event Xml: 11724 4 0 0x80000000000000 609118 Application adfs01.dfllc.local Product: Sophos Anti-Virus -- Removal completed successfully. (NULL) (NULL) (NULL) (NULL) (NULL) 7B30393542423546462D433839442D343439422D394436442D3342394343423342454644387D Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:05:27 PM Event ID: 1040 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Beginning a Windows Installer transaction: {095BB5FF-C89D-449B-9D6D-3B9CCB3BEFD8}. Client Process Id: 6020. Event Xml: 1040 4 0 0x80000000000000 609117 Application adfs01.dfllc.local {095BB5FF-C89D-449B-9D6D-3B9CCB3BEFD8} 6020 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:04:59 PM Event ID: 1042 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Ending a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ui64\Sophos UI.msi. Client Process Id: 10624. Event Xml: 1042 4 0 0x80000000000000 609116 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ui64\Sophos UI.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:04:59 PM Event ID: 1035 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer reconfigured the product. Product Name: Sophos Endpoint. Product Version: 1.7.134. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 0. Event Xml: 1035 4 0 0x80000000000000 609115 Application adfs01.dfllc.local Sophos Endpoint 1.7.134 1033 0 Sophos Limited (NULL) 7B44323935343241452D323837432D343245342D414232382D3338353845313343314133457D3030303061376637346233323839313264313438333935383035653831616466326366393030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:04:59 PM Event ID: 11728 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Product: Sophos Endpoint -- Configuration completed successfully. Event Xml: 11728 4 0 0x80000000000000 609114 Application adfs01.dfllc.local Product: Sophos Endpoint -- Configuration completed successfully. (NULL) (NULL) (NULL) (NULL) (NULL) 7B44323935343241452D323837432D343245342D414232382D3338353845313343314133457D Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:04:40 PM Event ID: 1040 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Beginning a Windows Installer transaction: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ui64\Sophos UI.msi. Client Process Id: 10624. Event Xml: 1040 4 0 0x80000000000000 609113 Application adfs01.dfllc.local C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ui64\Sophos UI.msi 10624 (NULL) (NULL) (NULL) (NULL) Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:04:40 PM Event ID: 1035 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer reconfigured the product. Product Name: Sophos Endpoint. Product Version: 1.7.24. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 0. Event Xml: 1035 4 0 0x80000000000000 609112 Application adfs01.dfllc.local Sophos Endpoint 1.7.24 1033 0 Sophos Limited (NULL) 7B44323935343241452D323837432D343245342D414232382D3338353845313343314133457D3030303062396462353866313261646665653266623561393531646634303330663632333030303030393034 Log Name: Application Source: MsiInstaller Date: 5/8/2019 12:04:40 PM Event ID: 1033 Task Category: None Level: Information Keywords: Classic User: SYSTEM Computer: adfs01.dfllc.local Description: Windows Installer installed the product. Product Name: Sophos Endpoint. Product Version: 1.7.134. Product Language: 1033. Manufacturer: Sophos Limited. Installation success or error status: 0. Event Xml: 1033 4 0 0x80000000000000 609111 Application adfs01.dfllc.local Sophos Endpoint 1.7.134 1033 0 Sophos Limited (NULL) 7B44323935343241452D323837432D343245342D414232382D3338353845313343314133457D3030303061376637346233323839313264313438333935383035653831616466326366393030303030393034 Log Name: Application Source: Microsoft-Windows-LoadPerf Date: 5/8/2019 12:04:34 PM Event ID: 1000 Task Category: None Level: Information Keywords: User: SYSTEM Computer: adfs01.dfllc.local Description: Performance counters for the {42ee8dc0-98ba-4455-a673-79bf514ff632} (Sophos Endpoint Defense) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. Event Xml: 1000 0 4 0 0 0x8000000000000000 609110 Application adfs01.dfllc.local {42ee8dc0-98ba-4455-a673-79bf514ff632} Sophos Endpoint Defense 0 Log Name: Application Source: Microsoft-Windows-LoadPerf Date: 5/8/2019 12:04:33 PM Event ID: 1001 Task Category: None Level: Information Keywords: User: SYSTEM Computer: adfs01.dfllc.local Description: Performance counters for the {42ee8dc0-98ba-4455-a673-79bf514ff632} (Sophos Endpoint Defense) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. Event Xml: 1001 0 4 0 0 0x8000000000000000 609109 Application adfs01.dfllc.local {42ee8dc0-98ba-4455-a673-79bf514ff632} Sophos Endpoint Defense 0

Issues with Sophos Version 1.7.134 update and server losing network connection

Submitted a Tech Support Case lately from the Support Portal?