Degraded performance with mounted disk images

Hi,

Thanks for reporting this. 

For the investigation, please provide the following:

• Go into Central, find the device, and click on the generate SDU button
• Once the sdu is uploaded, post the file name here so we can extract it and take a look
• Have you done any alterations to your policy?
  • if yes, has anything changed the symptoms?
  • Or have you just tested removing the product?
• Are you mounting the dmg through terminal?
  • if yes, can you post the exact command you are using to mount it please
• Have you allowed all the permissions for the product and rebooted the machine?

I have to expand the case above: This issue affects everything with high disk I/O.

Newest case in point was a Gatekeeper (XprotectService) check on a very huge program (Xcode).

The previous case was verifying disk images.

However these issue does not arise every time. I have yet to pinpoint the cause of it.

Playing with policies did not affect the issue. Processes that show very high activity are SophosScanD and scanextension (CryptoGuard to some degree)

I am aware that on access scanning is a thing but it literally freezes the system. The tasks at hand also take more than 10-100x longer (not exaggerating here) 

Rebooting seems to fix the problem until it shows again.

I did an SDU upload while the problem showed itself. File is 87b7a70e-f62c-9405-6ba2-bb8e1998f735_2020-12-21-12-49-00.zip

All permissions have been preapproved via configuration profiles, device has been restarted multiple times.

I have to expand the case above: This issue affects everything with high disk I/O.

Newest case in point was a Gatekeeper (XprotectService) check on a very huge program (Xcode).

The previous case was verifying disk images.

However these issue does not arise every time. I have yet to pinpoint the cause of it.

Playing with policies did not affect the issue. Processes that show very high activity are SophosScanD and scanextension (CryptoGuard to some degree)

I am aware that on access scanning is a thing but it literally freezes the system. The tasks at hand also take more than 10-100x longer (not exaggerating here) 

Rebooting seems to fix the problem until it shows again.

I did an SDU upload while the problem showed itself. File is 87b7a70e-f62c-9405-6ba2-bb8e1998f735_2020-12-21-12-49-00.zip

All permissions have been preapproved via configuration profiles, device has been restarted multiple times.

is this on every machine in your environment or only specific ones? Could there be hardware faults in those machines?

What are the physical specs of these machines?

This affects devices in our environment as well. 

Checked on Macadmins Slack. Some reported similar issues.

Device is a mid 2018" MacBook Pro i7 (8th Gen?), 16GB Rams, 500Gb SSD

Other finding I have to report:

It seems to resolve around SophosScanD.

With and w/o the error I always receive the following warning from trustd:

Entitlement com.apple.security.application-groups=(

    "2H5GFH3774.com.sophos.endpoint.scan"

) is ignored because of invalid application signature or incorrect provisioning profile

When the problem arises SophosScanD also reports:

MacOS error: -67065

- and -

MacOS error: -67034

I will have the development team look at this when they are back in the new year. Thank you for reporting it.

Thanks for the feedback and apologies for the trouble but would you be able to reproduce the issue and upload another SDU?

The archive system has a short window of availability and unfortunately the original archive been deleted.

We have an engineer keen to dig into this and your SDU would prove invaluable.

What can you tell us about the DMGs that are causing the issue, are they custom or available for download? We could attempt to reproduce if we can get access to the problematic image.

I am currently having issues reproducing it. I'll come back to this once I have something.