Sophos Intercept X Terminal server 2019 best Practices


We have just deployed a new TS2019 for a client of ours. The Sophos install went on no issues. The server is "feeling it" however. We have about 20 users on that server, we have assigned the proper resources as per MS to that many sessions, but the server is slugish. I see that every session spawns a new instance of Sophos, that can't be correct, can it? Are there any switches, configurations specific to terminal servers so Sophos is not running for every session created? As it stands no HOST would be powerful enough to run TS with Sophos depending on how many users you have.

I must be doing something wrong here, right? Even a moderate user load on an RDP farm, say 50-80 users, would require a whole host to run all those sessions with sophos starting a new instance for every user, at that point, well there is no point in any virtualization platform, might as well install windows to the bare metal.

Help! :)

  • You are talking about the Sophos UI.exe process.  This is launched from the Run key to give the user desktop notifications should web pages be blocked, malware detected, etc..  If you don't feel the need for these to be shown to the end users and the saving seems worth while, I guess you could disable the startup item it in Task Manager.  You can equally tun "sophos ui.exe" /exit to close the current process but maybe the run key would be simpler and see how the performance is then.