This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 10.0.4 + Big Sur - 300%+ CPU usage by com.sophos.endpoint.scanextension during Xcode builds

I've tried opening a support case and sent a follow up reply, and support has ignored me for over a week now, so I'm posting here in hopes that someone has some insight.

We have multiple developers reporting their Xcode build times are up to 10x longer since upgrading to Big Sur, and all of them are seeing 300%+ CPU usage from the com.sophos.endpoint.scanextension process while builds are running. This just started happening with Big Sur + Sophos 10.0.4. We already had exclusions in place related to Xcode, and recently I've added multiple other exclusions for build directories, Xcode, etc and nothing has any effect on this behavior.

I've even disabled tamper protection and toggled everything off, and there is STILL no change in behavior, the scanextension process uses 300% CPU even when everything is disabled. How is it possible that we still see this behavior with real time scanning, runtime protection, and user controls all disabled? It seems like a bug to me. Any insight or advice would be much appreciated.



This thread was automatically locked due to age.
Parents Reply
  • I have to say I agree, unfortunately. Big Sur ended support of kernel extensions and now allows system extensions only. This is good for security, but it really seems like Sophos is struggling to figure out how to adapt.

    We ended up replacing Sophos for all of our engineering staff that was experiencing these major issues with Sophos. We deployed Jamf Protect in its place, and kept our more high risk users on Sophos. The problems we were experiencing were mainly with software build/compile times being 10x+ longer with Sophos than without. Jamf Protect basically has a negligible impact on performance since it utilizes only native macOS frameworks. It does lack some of the controls that Sophos has, like DLP, web filtering, and programmatic ransomware protection. Ultimately though, if our developers can't work none of that matters.

Children
No Data