[German]On Windows 7 and Windows Server 2008 R2, there are sporadic issues when using Sophos anti-virus solutions. Now one possible cause seems to have been found. Here is some background information on what this is all about.
Windows update and Sophos issues
As early as April 2019, the Patchday (2nd Tuesday of the month) saw significant problems with Windows updates on systems where third-party antivirus products from Avira, Avast, McAffee and Sophos were installed. Microsoft even had to block the distribution of updates to systems on which the affected security solutions were installed. I’ve blogged about that here reference to this in the following articles on this blog, among others:
During the May 2019 patchday, security solutions from Sophos and Mc Afee proved to be causing potential issues. In the blog post Patchday: Updates for Windows 7/8.1/Server (May 14, 2019), I pointed out that Microsoft explicitly mentioned issues with Mc Afee antivirus software for Windows 7 and Windows 8.1 and their server counterparts.
Microsoft has been silent about Sophos in its KB articles so far. But the manufacturer Sophos has published the support article Following the Microsoft Windows 14th May update some machines hang on boot. For some customers, the May 14 security updates on Windows cause an error. After the update installation the systems get stuck when booting with the message “Configuring 30%”. This refers to:
- KB4499164 (Monthly Rollup) for Windows 7/Windows Server 2008 R2
- KB4499175 (Security-only update) for Windows 7/Windows Server 2008 R2
The problem occurs when Sophos has installed the following security solutions for corporate environments.
- Sophos Endpoint Security and Control
- Sophos Central Endpoint Standard/Advanced
According to the support article, Sophos is still investigating the problem with Microsoft. At the moment there is only the blocking of updates and, if already installed, their uninstallation (see also Windows Updates: Issues with McAfee and Sophos AV SW).
Collision with Windows Defender ATP
Now we got more insights into that stuff. Sophos released the following tweet on 26 May 2019:
[Update] May 24 – Microsoft has provided the following information: Customers running Windows Defender ATP on Win 7 or Win Server 2k8 R2 may see sporadic issues installing Windows updates. Microsoft is aware of the issue and is rolling out a fix: https://t.co/ha0eflqjYz ^fs
— Sophos Support (@SophosSupport) 26. Mai 2019
In this support post there is an addendum dated 24 May 2019 from Sophos addressing the tweet above. Microsoft may have found the cause. Customers running Windows Defender ATP on Windows 7 or Windows Server 2008 R2 may experience sporadic issues installing Windows updates. Microsoft is aware of the issues and will introduce a fix for Windows Defender ATP in the next 36 hours. No customer action is required. The fix is applied automatically by the Microsoft Monitoring Agent Service.
Windows Updates: Issues with McAfee and Sophos AV SW
Windows 7: Mc Afee is causing issues with April Updates
Windows patchday issues–one week later (April 17, 2019)
AVAST and Avira confirms April 2019 Update issues