1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Sophos update unpleasantness

Discussion in 'Software' started by dales, Oct 2, 2008.

  1. dales

    dales Gigabyte Poster

    1,998
    46
    97
    Hi all,

    Just thought I'd give you all a heads up, since monday when a new update of sophos has been rolled out over the our network we have some users that are reporting that explorer.exe will randomly crash due to DEP kicking in. I'm one of the people affected, I thought it was just me to start with but when users started trickling in calls to me with the same problem it became clear that it was not just me needing to clean up.

    The problem isnt specific to a service pack as I am running xp pro sp 3 most other users are sp1 or sp2 (no auto patch management here) so it purely seems to be a problem with out AV.

    Just to let you know incase any of you are scratching your head, also check out this EE thread which suggests a workaround but I'd rather wait out to find the cure.

    http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23778594.html
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    So that's what the damn thing is! We also use Sophos and have had a few users reporting problems.

    Rep given matey! Saved me going hunting!

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    I was a SOPHOS Partner for many years but gave it up in 2007 due to continued issues like this and the fact they seemed to be going more "Enterprise" in their outlook.

    We switched to ESET with NOD32 and didn't have as many problems with clients.
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Sophos blows - end of.

    Worst Enterprise AV vendor I've ever used.

    McAfee destroys Sophos in effectiveness, ease of management, robustness and reliability. I've always used Trend at a gateway level and McAfee internally - though a lot of people I know use NOD and Kaspersky and swear by them.
     
    Certifications: A few
    WIP: None - f*** 'em
  5. dales

    dales Gigabyte Poster

    1,998
    46
    97
    got an email back from sophos not really a fix but might be of help:

    Hi Dale,

    Part of the recent update included a web content scanner BHO.

    Can you turn off the Web Content Scanner to see if this helps?

    To do this, in IE go to tools-->manage add-ons-->click sophos web content scanner and disable it.

    Let me know if it helps.

    All the best

    Donald Tibbetts


    I've applied it to my machine to see if it helps so i'll let you know how I get on.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  6. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171

    I'll do it also. Will update the thread if I find anything else out.

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  7. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Yup, we ditched a Sophos about 18months ago and have never looked back. We use Panda AV now and it's much much better, but that wouldn't be difficult compared to Sophos.

    It was the enterprise oriented version we were using btw.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    296
    319
    Good time to migrate over to NOD32 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. dales

    dales Gigabyte Poster

    1,998
    46
    97
    To be fair this is the first problem sophos has given us apart from that its just worked. I do remember a couple of jobs ago that sophos used to be quite a regular thing to be called out for mind you!
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  10. GoodApollo

    GoodApollo New Member

    1
    0
    1
    And here is the KB Article that confirms you are correct Dales. Initially, we thought it was a MS update that was causing DEP to crash explorer.exe
     
  11. KK20

    KK20 New Member

    2
    0
    1
    I registered to add my agreement (was googling for DEP and sophos - I had an idea it was sophos)

    We developed DEP explorer problems on our network this week. I run a very tight ship (a school). All users & machines locked down, no auto updates on programs OTHER than sophos. MS updates pushed from our server, software installed by GPO so I knew it wasnt another update or piece of software since sophos was the only piece of software that has updated this week. Users have no rights to install their own software. New devices are banned so USB pens dont work.

    Plus - this weeks sophos update required a restart.

    Do you have a link to the sophos KB article?

    edit: found it http://www.sophos.com/support/knowledgebase/article/46484.html
     
  12. KK20

    KK20 New Member

    2
    0
    1
    from sophos:


    Thought I'd give you an update on this.

    PROBLEM:

    As per:
    Sophos Anti-Virus for Windows 2000+: Data Execution Prevention message displayed when closing Windows Explorer

    WORKAROUNDS:

    As well as the three solutions outlined in this article (1. disable the scanner locally, machine by machine, 2. disable the scanner globally using a domain group-policy, or 3. stop Explorer.exe from loading the Sophos Web Content Scanner),

    - there's now a fourth option, a special 'RC2' build of Sophos Anti-Virus that comes with the web-scanner switched OFF by default. I'd recommend this one over the previous 3. You need to set EMLibrary to download it, as follows:

    1) 'Select parent' in the EMLibrary Console needs to be set to 'es-central-3...' , not es-latest-3.... (choose it from the drop-down 'select parent' menu - your normal credentials should work).

    2) Under the 'select packages' menu, select either :
    (i) 'Windows Endpoint Security and Control 8.0 with SAV 7.6.0 RC2 VDL4.34E' , or
    (ii) 'Sophos Anti-Virus for Windows 7.6.0 RC2 VDL4.34E'

    - the 'RC2' in the name means it's the special build.

    If you unsubscribe from your 'normal' SAV / Endpoint Security package BEFORE subscribing to the RC2 version, then you'll be able to download the RC2 into your usual Central Installation Directory, and your client PCs will update to it automatically.

    Alternatively, specify a different CID, then change the client-PCs' updating policy accordingly.

    Hope this helps.

    Simon B.
    Sophos Technical Support, Abingdon.
    Contact Sophos technical support - Enterprise solutions
     
  13. MLP

    MLP Kilobyte Poster

    305
    19
    42
    Thanks for this! I got this error on a machine just before leaving work today. I was just about to spend my evening searching for a fix, so you've saved my evening. Can play Halo 3 all night instead!

    Rep Given.

    Maria
     
    Certifications: HND Computing
    WIP: 70-680, 70-270, 70-290

Share This Page

Loading...