Sophos EndPoint Protection - Bug
Wednesday, January 4, 2017 at 11:41AM
David Walsh

I've used Sophos EndPoint Protection for several of my customers. It's detection capabilities are terrific and it's been a great antivirus for them. However, I've recently found a little bug in it.

After installing Sophos EP it can disable your DVD drive(s) with this error appearing in the device manager: "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. To fix this problem you should uninstall and then reinstall the hardware device. (Code 19)". A short term fix is to uninstall the drive, then do a "Scan for hardware changes". The drive will work again... until you restart the computer.

The most common other solution I've found is removing the uppperfilters and/or lowerfilters for the DVD drive's registery key (which also doesn't help in this case).

The solution to fix the Sophos problem is this:

  1. Uninstall the DVD drive in the device manager.
  2. Scan for hardware changes (the drive should be redetected and will work again).
  3. Browse to: C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\
  4. Search for the file sdcfilter.inf (you'll find it in a subfolder somewhere, possibly multiple copies of the same file).
  5. Right click on the file and choose Install.
  6. Restart the computer.
  7. The drive will still work.

I found this solution at community.sophos.com (see references for the link). The post appears to be closed to comments so I figured it should be duplicated here. I spent hours trying to fix this problem on two new Windows 10 Pro computers and I hope I save someone else a little time.

As of today I still sell Sophos EndPoint Protection and Sophos UTM, SG, and XG products.

Article originally appeared on One Great Tech - When IT Has to Work! (http://www.onegreattech.com/).
See website for complete article licensing information.