Thread Info
  • State Suggested Answer
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 18565 views
  • Users 0 members are here
Options
Suggested

Sophos Network Extension Memory Leak using 32GB of RAM on 11.2.1

Adisor19
  • Feature: Using the mac.
  • Severity: CRITICAL
  • Summary: Computer becoms slow to the point where it is no longer usable. Even the trackpad starts getting delayed.
  • Observed behavior: See attached screenshot
  • Reproduce it: Happens after a while but I can't reproduce it on demand.
  • Frequency: Happened yesterday. I'll see if it happens again.
  • Desired behavior: No memory leak is desired.
  • Environment: MacBook Pro 15" Mid 2015. I'm also using Cloudflare WARP 1.3.113 which routes DNS traffic through it as DOH.
  • Other: Nothing more
  • Supporting logs, tool output etc: Tell me what you need and I will add it.
Parents
  • 0

    We have identified the issue with the high CPU usage for the Sophos Network Extension process and will be included in our GA release.

    We would like to confirm that the issue you're seeing is the same issue. Could you please provide an SDU and we can take a look. You can upload this as follows:

    • Go into Central, find the device, and click on the generate SDU button
    • Once the sdu is uploaded, post the file name here so we can extract it and take a look

    In the meantime, we can offer a workaround to disable the network extension. In Central amend, or create new, policies to disable:

    • Threat Protection

        • Real-time Scanning - Internet

          • Scan downloads in progress
          • Block access to malicious websites
        • Remediation
          • Enable threat case creation
        • Runtime Protection
          • Protect network traffic
    • Web Control
      • Disable Web Control 

    Once the features are disabled rebooting the machine will ensure the network extension is not loaded.

    Thank you for all the feedback, it really is appreciated, and we apologize for the inconvenience

  • 0 in reply to David Lancaster

    Hi David,

    I was unable to find the "Generate SDU button" as per your instructions. However, I was able to find the "More Actions" and then the "Diagnose" button which I presset and it then told me it triggered the SDU generation. But that's it. Not file was given to me to upload.

    Can you confirm if this correct ?

  • 0 in reply to Adisor19

    Apologies, that's the right button. The file is automatically sent to us so all we need now is the filename which should be shown on the device page.

  • 0 in reply to David Lancaster

    OK yeah i can see it running. The file name is 74f5b9ca-58a3-b43f-9ad1-bbe726b671c0_2021-02-18-18-50-17.zip

    Thank you,

    Adrian

  • 0 in reply to Adisor19

    Hi Adrian,

    Thanks for the SDU, we were able to confirm the the issue you're encountering is indeed the same issue and is fixed in the upcoming 10.0.4 release.

    Unfortunately there won't be an update to the EAP before GA which begins rollout next week at which point both EAP and GA lines will update together. If you can provide us with your company name and updating credentials we can move you into the first rollout group, expected to release on Tue 23rd.

    You can find the updating credentials as follows:

    Open the endpoint UI>About>Run Diagnostic Tool>Update>Update Credentials

Reply
  • 0 in reply to Adisor19

    Hi Adrian,

    Thanks for the SDU, we were able to confirm the the issue you're encountering is indeed the same issue and is fixed in the upcoming 10.0.4 release.

    Unfortunately there won't be an update to the EAP before GA which begins rollout next week at which point both EAP and GA lines will update together. If you can provide us with your company name and updating credentials we can move you into the first rollout group, expected to release on Tue 23rd.

    You can find the updating credentials as follows:

    Open the endpoint UI>About>Run Diagnostic Tool>Update>Update Credentials

Children
No Data
Unfiltered HTML