This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos pulling 532MB of memory to run?

Hi there, 

I am trialling Sophos on our small office network (10 PCs). As our machines are quite old and slow, an important requirement for me is performance. This morning I logged onto my machine and noticed absolutely everything was really sluggish. I opened up task manager and found that Sophos was pulling 532MB of memory! I thought, oh, it might just be scanning. So I opened Sophos itself to check, nope nothing told me it was scanning.

I phoned Sophos support. I spoke to a young lady who first diligently took about 10 minutes in trying to get the correct spelling of my email address and company name. After what seemed to be an eternity she answered with "anything up to 1000MB is normal, so 500MB is normal. There's no problem." But my Sophos isn't scanning anything, "its normal" she said.

Is this true? It's normal for Sophos to hang around idly and suck up 500MB of memory?... is that really normal? I really hope its not otherwise Sophos is not at all for me. If it is not normal, can anyone explain by look at task manager what was consuming my resources?



This thread was automatically locked due to age.
  • Hello Michelle,

    the 300MB for the AV seems moderately high but all in all it seems normal indeed. Looking at the screenshot - Chrome consumes roughly 15% less, so ...

    To explain: A scanner intercepts files access (or the more newfangled stuff monitors events or hooks calls) and it should make its decision as quickly as possible. Last thing you want is that it does additional I/O to read its virus definitions and frees the memory after use only to go through the same sequence microseconds later. Thus a IMO reasonable amount of memory is used to ensure "desirable overall performance".

    Naturally quite old machines don't go too well together with "state-of-the-art" software, whether fancy applications or basic services. You wouldn't get below 350-300MB if you do away with the newer components - and this would be like your local police being able to deal with petty crooks but stranded when it comes to cybercrimes due to lack of appropriate equipment,

    What are the specs of these machines and how old is old, which OS? I'm using Windows 7 on an almost 7 years old i7, admittedly (inexpensively) upgraded to 8GB with a 500GB SSD, and don't have to woory about performance.


  • Hi Christian, Thanks for taking the time write such a detailed reply in an easy to understand format. I checked my PC, I only see Sophos using 45MB... definitely not 532MB. Mostly I see the below memory usage.

  • Hi Michelle,

    I would say it is expected for Sophos Endpoint Protection to hover around 300-400MB of memory usage.  In your screenshot it looks like it is missing the Sophos Anti-virus process which uses the most memory out of them all.  You might see this as "Performs virus scanning and disinfection functions"

  • Hello Michelle,

    as SJaramillo says, the AV component (SAVService.exe) is not there for whatever reason.
    SAVService.exe uses a more or less constant amount (around 300MB) of memory that is only minimally dependent on what it's doing - if for example you disable On-Access (Real-Time) scanning it essentially "does nothing" but detection data are nevertheless kept in memory thus usage doesn't change.


  • Thank you both for your replies. Yes, I see it's around 400-500MB now when I group the missing service. My PC's were fine for what they had to do working on 4Gb RAM and a "normal" harddrive. No longer. Now with Sophos InterceptX Advanced installed, I'm going to upgrade to 8Gb and an SSD like @QC recommends (thanks Christiaan).

  • My system also pulling 614mb.  This is Sophos Intercept X Advanced. 

    The most heavy services is

    SavService - 290.3

    SSPService - 117

    SophosFileScanner - 110

    HitmanPro.Alert (AKA Intercept X) - 15.85

    It's incredible how heavy this product is.  

    I may just remove the Advanced part that adds Endpoint Protection and use only Intercept X.  

  • Hi Angel,  I like the sound of your idea.

    Can you (or anyone) please explain what you will loose when you switch off “Endpoint Protection”? And in comparison, what does “Intercept X” do?  

    Also, please can you explain to me how you will go about switching Endpoint Protection off?

  • You would need to uninstall product completely. Reboot,  then install only Intercept X.  

    Choose which Endpoint Protection components you'd like to download option for install package.

    This installs only the Intercept X with Deep learning.  

    You will not have Anti-Malware File Scanning.  The signature based Antivirus engine.  

    Think also these items will not be available.

    Data Loss Prevention
    Web Security
    Peripheral Control
    Application Control

    To me the Intercept X only with Deep Learning is sufficient.  

  • Thanks Angel, that’s a big step forward in my understanding. Can anyone verify this for certain please:-

    ANGEL65 said:
     This installs only the Intercept X with Deep learning.  You will not have Anti-Malware File Scanning.  The signature based Antivirus engine.  Think also these items will not be available.

    Data Loss Prevention
    Web Security
    Peripheral Control
    Application Control

    And with InterceptX only then, I take it then I can’t scan my c:\ (for example) for viruses?  

  • You can still scan with Intercept X.  I believe it's using cloud scanner with Deep Learning.

    Here is difference without Advanced Installed on two of my systems. Notice on Advanced Sophos Antivirus uses 291mb + Web Control/Intelligence running.

    Sophos Intercept X feels nice and light when running.  

    Sophos Intercept X

    HitmanPro Alert 1.9mb
    HitmanPro Alert 13mb
    Sophos Clean 2.3mb
    Sophos EDR 1.8
    Sophos Endpoint Defense 67.9
    Sophos Endpoint Defense 6.0
    Sophos Interface 4.3
    Sophos File Scanner 2.8
    Sophos File Scanner 114
    Sophos File Scanner Service 1.9
    Sophos Health Service 2.0
    Sophos MCS Agent 4.6
    Sophos MCS Agent 3.6
    Sophos Network Threat Protection 8.2
    Sophos Safestore 2.5
    Sophos Update 0.9
    Total - 237.7

    Sophos Intercept X Advanced

    HitmanPro Alert 14.6mb
    Sophos Anti Virus 291.5
    Sophos Admin Service 2.0
    Sophos Clean 2.3mb
    Sophos Device Control 1.3
    Sophos EDR 2.7
    Sophos Endpoint Defense 141.1
    Sophos Endpoint Defense 7.1
    Sophos Interface 3.9
    Sophos File Scanner 3.4
    Sophos File Scanner 131
    Sophos File Scanner Service 2.6
    Sophos Health Service 2.4
    Sophos MCS Agent 7.8
    Sophos MCS Agent 4.8
    Sophos Network Threat Protection 10.6
    Sophos Safestore 2.5
    Sophos Update 1
    Sophos Web Control 2.1
    Sophos Web Intelligence 6.6
    Sophos Web Intelligence 12.9
    Sophos Web Intelligence 1.7
    Total 655.9

    Here is link to Specs -

    I think Intercept X is what Sophos wants product to be in the future,  Advanced is including the old Endpoint Protection "adding the bloat". If you want full coverage,  keep advanced.  If your like me and hardly get malware and want light solution,  Intercept X is the way to go.