Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 43 replies
  • Answers 2 answers
  • Subscribers 20 subscribers
  • Views 130497 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues with server protection on file server

GregBeck

Has anyone seen any issues with Sophos Central on file servers? 

We moved from on the on premises version of Sophos to the Sophos Cloud version.  When I updated our main file servers we started running into an issue where a server would stop serving files after a while (a few hours on the most active one/two weeks on another).  When on the desktop of the server everything seems fine. No CPU/memory/disk issue, \\server\share works fine locally.  

Remotely \\server\share just hangs for 30+ seconds until the connection times out.   Nothing seems to get the server running again except rebooting the whole thing.  It will then work fine for a while then break.   I can't find anything the event log or Sophos logging to point me in the direction of what is breaking.  

After I uninstalled Sophos on the busiest server the issue hasn't returned.  

 

Has anyone run into anything similar? 

 

I do have a ticket created with support.  At this point they just want me to test disabling features one by one until I can narrow the problem down.  I am trying to recreate the issue without needing actual users traffic.  I personally suspect the Cryptoguard (Intercept X?) since that is the part that is also causing us grief on the client side.



This thread was automatically locked due to age.
  • 0

    Also having this issue on all of our 2008 R2 file servers.

     

    Issues include:

     

    1. Unable to restart - server hangs at shutting down during weekly reboot schedule - forcing a restart allows server to spin up correctly. An uninstall/reinstall fixes this for me. After uninstall reinstall, I have not seen issue come back.

     

    2. Spiked CPU performance due to failed client update/client stuck on "updating". This one was resolved by booting into safe mode, disabling all Sophos Services, manually disabling Tamper Protection due to the client being stuck in update mode then rebooting and uninstalling/reinstalling. This one reoccurs occasionally on random servers.

     

    We are currently working towards migrating our data to VMs with newer OSs. We don't have an issue with the client functioning on 2012 and above.

     

    Thanks,

    Bryan

  • 0 in reply to Bryan Aydelotte

    We are having problems with Sophos server being installed on Windows Server 2019 file servers. The server will not shut down or reboot. And the file sharing gets blocked after a few minutes of file transfer. Uninstalling the software fixes these problems. The versions we are using are:

    Server Core Agent: 2.2.7

    Server Anti-virus: 10.8.4.227

    Server Intercept X: 2.0.11

    We are uninstalling the software on our servers. In a corporate environment you can't have reliability issues on your file share servers - they need to be rock solid. Hopefully, Sophos will come up with a fix since they have known about these issues since 2018.

  • 0

    Ok Here is my experience with the Server Lock down feature running on Windows Server 2016.

    • File server: Lags, slow logging in, office applications freeze up during peak times.
    • Domain Controller: Netlogon folder becomes slow to access.
    • Citrix Server (SQL Server): Server responsiveness becomes almost unusable.. Tried throwing loads of RAM at it but makes no difference.
    • All Servers: Randomly the start button will completely stop working on the server.
    • All Servers: Sophos Shield vanishes from the task manager bar. (Spoke to Sophos and never found a solution, however sophos is still running apparently). Only way to get it back is to reboot the server and it will then stay for about a day or so and then "gone" again.
    • IIS Server: 32bit IIS applications stop working,  64bit ones are fine.. Probably Access Database Engine.
    • All Servers: Software Protection Service stops working (Windows Activation). Sometimes will start if you keep trying around 4-5 times.
    • Random: Some servers refuse to lock down and get stuck on creating white list forever and sophos updates stop working.

    To fix all of the above:

    Disable Sophos lockdown! 

    Conclusion:

    Great feature, but sadly currently not fit for purpose due to issues above. It's a real shame as I really want this feature because of its security benefits.

    Something Interesting that I noticed:

    When lock down is enabled, It seems that I can rename un-trusted executables to trusted executables to bypass the lockdown policy! 

Unfiltered HTML