This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Now receiving horrible issues with Endpoint

Windows 8.1 64-bit client, UTM 9.305-4, uninstalled, deleted the ProgramData\Sophos folder after rebooting, and reinstalled the SAV client. The errors in this client log is hard locking my system for about 5 minutes about every hour. This just started yesterday, before that, I have never had this issue.

After a clean uninstall and reinstalling from a new client downloaded from the UTM, this has returned shortly after the fresh SAV install. I am also seeing these show up with Event IDs in Windows logs.

This is not part of a domain, only a home setup.

****************** Sophos Anti-Virus Log - 1/14/2015 4:38:31 AM **************

20150114 021813	Using detection data version 5.09 (detection engine 3.55.0). This version can detect 8264516 items.
20150114 021813	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
20150114 042344	User (NT AUTHORITY\SYSTEM) has stopped on-access scanning for this machine.
20150114 042345	Using detection data version 5.09 (detection engine 3.55.0). This version can detect 8264534 items.
20150114 042345	User (NT AUTHORITY\SYSTEM) has started on-access scanning for this machine.
20150114 043346	
	"Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point.
20150114 043346	
	File [...es (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb245711d03]).
20150114 043346	
	File [...Amodin\Pictures\Wallpapers\wp_20100730_Hope01_1920x1080.jpg]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb2c29d6223]).
20150114 043346	
	File [...os\Management Communications System\Endpoint\Persist\Adapters]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb1f0db50b2]).
20150114 043346	
	File [...\Local\SWTOR\swtor\settings\he1084_Aleenia_PlayerGUIState.ini]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb1eb10fd4b]).
20150114 043346	
	File [...2\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb1e45ce2a1]).
20150114 043346	
	File [...\Device\HarddiskVolume2\WINDOWS\system32\LogonUI.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb2e7ca6414]).
20150114 043346	
	File [...ram Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb1e457644c]).
20150114 043346	
	File [...Notifications\6e1d7a0c998511e3be66985eace482cb\AA88m45[2].jpg]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb25c9bf140]).
20150114 043346	
	File [...\Device\HarddiskVolume2\Windows\System32\bitsprx2.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb25c9bf140]).
20150114 043346	
	File [...evice\HarddiskVolume2\WINDOWS\system32\SearchProtocolHost.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ?, (start check timestamp [ 1d02fb25ab576ae]).
      (27 items)

This thread was automatically locked due to age.

0 Amodin over 10 years ago

Update: So I noticed that there are a few entries here for my mapped network drives, so I added those drives as exclusions on the local computer. So far, I have not seen any delays.

Update 2: So much for that idea, locked up again. I am seeing a lot of different forum posts about people with this same problem with the Sophos Endpoint Protection client installed, but nothing other than "Remove it and get something better".
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Please have your reseller open a ticket with Sophos - they need to turn up the heat under the folks assigned to make this work with Windows8.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 10 years ago

Hey Bob, thanks for replying.

This is a home install, so no reseller. Otherwise, I would be all over them and hence my posting here.

In order to get it to stop I created a second computer group in UTM with On-access scanning disabled and moved my computer into that group. Not the best scenario I know, but this computer is really a gaming rig and anything I go online for outside of that is few and far between.

It stopped the locking it seems, so the On-access scanning, for whatever reason, decided to just start giving me a hard time with absolutely no changes or updates that took place around the time it started.
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 10 years ago

So an update to this. I created a second Group (wisely named 'WTF') and moved my single computer into that group on the UTM with On-Access scanning disabled in the group policy. I left it like that for a day, then returned the computer back to the default group.

I haven't had this issue pop back up since moving it back.

You got me on this one....
Cancel
Vote Up 0 Vote Down

Cancel