I, like many other it seems, have been having problems with our Intercept X and MacOS Big Sur.
While version 10.0.4 seems to be a bit better than previous releases, we are seeing extremely high CPU usage for com.sophos.endpoint.scanextension on Big Sur when the users are opening large files or compiling code. So much so that users are reporting a notable degradation of performance to the point we have to turn off a lot of Threat Protection features. This has undermined Sophos within the user base so now every problem is getting blamed on host protection!
I know there are lots of posts around this topic with either scanextension or networkextension and I know Big Sur changed how kernel extensions work etc etc, but I wanted to know if Sophos have acknowledged that this issue will be fixed in future releases and when we can expect a version that plays nicely with Big Sur?
Hi Glen, while I appreciate you getting back to me, I could do with a little bit more detail or even a rough road map to go back to my colleagues with. I've effectively crippled certain teams workflows…
Thank you for reaching us. This has been acknowledge by our development team and is currently working with this to solve the issues being faced on Big Sur OS.
We will keep you posted for the updates.
Hi Glen, while I appreciate you getting back to me, I could do with a little bit more detail or even a rough road map to go back to my colleagues with. I've effectively crippled certain teams workflows by insisting on host protection on all devices. With a rough timeline I think it will be more palatable.
Also, any ideas when the next EAP will be available?
Unfortunately, we don’t have an ETA at the moment. Have you isolated the component causing this issue? If not, then this article could come in handy - https://support.sophos.com/support/s/article/KB-000036572?language=en_US.
Community Team Lead, Support & Services| Sophos Technical Support Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Again, thanks for replying but that is not super useful as I am not going to remote onto some ones machine during the work day and start randomly flipping switches to see what works and what doesn't. I can only control the AV deployments via Sophos Central. In the central policy every option is turned off, this seems to fix the problem.
I have never known a development team to not have a roadmap of some sort so I find it hard to believe this isn't discussed internally with timelines. There are threads on this forum going back months with similar issues and the response is always a generic holding statement, I think a little transparency would go a long way.
How do we go about claiming back the licensing cost for our Mac deployments as we now have software that does not provide any protection and slows our productivity down, and we have to pay for the privilege!
I'm also starting to find it shameful that Sophos gives us the impression that the users themselves know more about the engine than the developers themselves. There are countless threads talking about the same problems, but there doesn't seem to be a reasonable solution, let alone a software patch.
The thing that erks me is that someone inside Sophos must either be responsible for fixing this or not. It's the lack of information and the feeling of being strung along.
If there genuinely is no set plan to fix the issue we're going to have to look at another vendor as I can't keep fobbing off my userbase like Sophos fobs off its customers!
As a Mac admin, I'm also soon at a loss to explain why Sophos is being so careless here. Therefore, I will also consider other security solutions, apparently the same track is driven at Monterey as under Big Sur. Wait until the OS is released and then the end customer can play beta tester.
We delayed our Big Sur upgrade for ages waiting for Sophos compatibility and then I foolishly announced that we could go ahead with the update because Sophos say they support it. Boy do I look like an idiot now!
The same situation here, also an idiot now :-)
Yashraj can you please clarify how we would go about claiming back some or all of the license cost from Sophos for our Mac installations as the software is not fit for purpose. I don't really want to go to the hassle of uninstalling it but seeing as you've crippled our development and creative teams to the point we have had to disable everything, it seems pretty pointless to keep paying for it.
There is still the outstanding question of how we can get more clarity on release schedules and road maps and what messaging I can take back to my senior management who are now thinking this whole security thing is more hassle than its worth. I think you or GlennSen need to escalate this point internally until we can get an answer.
I'm sure mickl089 and Jeff Haussler and Naomi Buckwalter and Ryan Dombrowski would all want an answer too. These are just recent examples, I've not even gone back through the older threads on this topic.