Hello, My engineering team uses Sophos Home on our workstations. We have discovered reproducible bad behavior in Sophos Home when on-access scanning is enabled. syscalls that open files from the harddrive's filesystem are considerably slowed down when Sophos on-access scanning is enabled The slow down only occurs when MacOS does not have the files cached. Executing "purge" will ensure it hits the slow path The slow down is ~5x in these cases For us this means that app startup time is slow because reading the couple-dozen megabytes of source from disk takes much longer than it should Furthermore, adding our source folder to the Sophos "exclusions" directory list does not seem to change behavior Thanks, Gideon

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bad disk access behavior when on-access scanning is enabled

Hello,

My engineering team uses Sophos Home on our workstations. We have discovered reproducible bad behavior in Sophos Home when on-access scanning is enabled.

syscalls that open files from the harddrive's filesystem are considerably slowed down when Sophos on-access scanning is enabled
The slow down only occurs when MacOS does not have the files cached. Executing "purge" will ensure it hits the slow path
The slow down is ~5x in these cases
For us this means that app startup time is slow because reading the couple-dozen megabytes of source from disk takes much longer than it should
Furthermore, adding our source folder to the Sophos "exclusions" directory list does not seem to change behavior

Thanks,

Gideon

This thread was automatically locked due to age.

Parents

0 Bohdan.S over 7 years ago

I would suggest the business edition if its for business, as it gives you much more control.

On-access does slow down access slightly, We have the full SMC so not sure if these options are in the home edition, but we set

Scan only executabe and other vulnerable files to ON
Set exclusions for file extensions, in our case for any 'data' file we know does not need to be scanned, like Autocad and Photoshop files.

and they seem to help.

We also do not run on-access on our file servers, and instead run a full scheduled scan daily.

Regards,
Bohdan
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Bohdan.S over 7 years ago

I would suggest the business edition if its for business, as it gives you much more control.

On-access does slow down access slightly, We have the full SMC so not sure if these options are in the home edition, but we set

Scan only executabe and other vulnerable files to ON
Set exclusions for file extensions, in our case for any 'data' file we know does not need to be scanned, like Autocad and Photoshop files.

and they seem to help.

We also do not run on-access on our file servers, and instead run a full scheduled scan daily.

Regards,
Bohdan
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data