Long Arrow Right External Link angle-right Search Times Spinner angle-left

Working Around the Sophos BSoD

A recent update in Sophos has created an issue where downstream filter drivers can cause Sophos to crash with a BSOD (Blue Screen of Death). 

Sophos have confirmed this issue and have provided us with a workaround from their Sophos Central portal (See "The Sophos Solution" listed at the bottom)

The ThreatLocker Solution:

ThreatLocker has developed a fix for the Sophos issue in Agent Version 6.2 -- by changing the position of the ThreatLocker filter driver to load before the Sophos filter driver.

Please update your computers to ThreatLocker Version 6.2 to address this issue.

Note: Please see the important note about restart services after updating versions.

Updating ThreatLocker Versions:

In order to upgrade ThreatLocker for all devices within a group, please visit this article.

Alternatively, you can upgrade single devices from the "Computers" page:

  • Manage the organization the endpoint is located in
  • Navigate to the "Computers" page
  • Search for the endpoint
  • Change the dropdown for "Client Version" as shown below

Important: You MUST restart the service twice from the portal after updating. The driver change does not inherit the change upon restarting the device -- this can be accomplished from the "Computers" page. You can select as many devices as you need before restarting.

The Sophos Solution:


If you log in to Sophos Central and navigate to Endpoint Protection > Policies > Threat Protection:

  • Disable the 'Enable Threat case Creation'
  • Disable 'Allow computers to send data on suspicious files, network events, and admin tool activity to Sophos Central" policies in the screenshot above. 

This should stop the BSOD.