I, like many other it seems, have been having problems with our Intercept X and MacOS Big Sur.
While version 10.0.4 seems to be a bit better than previous releases, we are seeing extremely high CPU usage for com.sophos.endpoint.scanextension on Big Sur when the users are opening large files or compiling code. So much so that users are reporting a notable degradation of performance to the point we have to turn off a lot of Threat Protection features. This has undermined Sophos within the user base so now every problem is getting blamed on host protection!
I know there are lots of posts around this topic with either scanextension or networkextension and I know Big Sur changed how kernel extensions work etc etc, but I wanted to know if Sophos have acknowledged that this issue will be fixed in future releases and when we can expect a version that plays nicely with Big Sur?
Hi Glen, while I appreciate you getting back to me, I could do with a little bit more detail or even a rough road map to go back to my colleagues with. I've effectively crippled certain teams workflows…
Thank you for reaching us. This has been acknowledge by our development team and is currently working with this to solve the issues being faced on Big Sur OS.
We will keep you posted for the updates.
Hi Glen, while I appreciate you getting back to me, I could do with a little bit more detail or even a rough road map to go back to my colleagues with. I've effectively crippled certain teams workflows by insisting on host protection on all devices. With a rough timeline I think it will be more palatable.
Also, any ideas when the next EAP will be available?
Yashraj can you please clarify how we would go about claiming back some or all of the license cost from Sophos for our Mac installations as the software is not fit for purpose. I don't really want to go to the hassle of uninstalling it but seeing as you've crippled our development and creative teams to the point we have had to disable everything, it seems pretty pointless to keep paying for it.
There is still the outstanding question of how we can get more clarity on release schedules and road maps and what messaging I can take back to my senior management who are now thinking this whole security thing is more hassle than its worth. I think you or GlennSen need to escalate this point internally until we can get an answer.
I'm sure mickl089 and Jeff Haussler and Naomi Buckwalter and Ryan Dombrowski would all want an answer too. These are just recent examples, I've not even gone back through the older threads on this topic.
I sincerely apologize for the inconvenience and can understand how it affects productivity in your organization. I recently reached out to our internal team to see if we have any upcoming releases for Mac, and I've got an update today. A newer version of the Mac Endpoint is going to be released in July. I'd request you to wait as that version is being readied for release as we speak. Your patience and cooperation are deeply appreciated.
Community Team Lead, Support & Services| Sophos Technical Support Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
I'm just posting this for others to see, but if the July release that was mentioned is for 10.1.0, we've already tried that Early Access Program and it made zero difference for the people experiencing issues in our environment. So if you're an IT admin reading this thread, I would not necessarily bet on it solving your problems. We've already abandoned Sophos for an alternative product but I just wanted to share my experience.
Hi Jeff, thanks for sharing your experience, I'm trying to stay optimistic about this upcoming release but if it doesn't fix it/arrive on time I think I am going to have to pull the rip cord and go out to market for a different solution.
Hi Jeff Haussler,
Really sorry that you're still facing issues. Could you please PM me your support ticket number(s)? I'd like to take a look.
This will be a staged rollout so if you want to get hold of the newer version first, please PM me the email address associated with your Sophos Central account and license, and I can request to add you in the initial group release.
Also 10.1.2 brings no solution...
What version is this/will this be?
I believe the release version is 10.1.3 but the EAP version is 10.1.2. We're waiting for the roll out because we've bought through an MSP we can't get bumped up the list.
10.1.2 fixes some of the issues but it's still not perfect. Although one odd thing we have found is a semi-known issue with Macbook Pros where by if you have the charger and a monitor plugged into the left side TB ports, the fan goes nuts and a kernel service starts using a lot of CPU, that in turn causes Sophos to get upset too.
In 10.1.2 the Sophos processes still seem to use a lot of resource when idling, but seem a bit better at backing off when something else wants to use the CPU.
We can't get Google Drive [File Stream] to work if sophos scanner is present and uninstalling intercept x doesn't remove this process...but Google Drive works just fine if Sophos never gets installed. I feel that 8 months is plenty of time to get a product to support a new OS version -at this rate, the next update will launch before Sophos gets this all working properly so, given we're 60+% Mac, I think it might be time to not renew and move on to a product that actually supports our environment.
We switched all of our engineering/developers to Jamf Protect because of the issues with Sophos and have had zero complaints so far, it's been about 2 months. If you already use Jamf to manage your Macs it's extremely easy to deploy. It does lack some of the features that Sophos has like programmatic ransomware protection and DLP controls, but as far as I'm concerned, if Sophos isn't usable then that's irrelevant. Protect leverages the native macOS Endpoint Security Framework that was introduced with Catalina, it's not running a proprietary agent like most antivirus solutions. It's worth checking out if you're looking at alternatives.
That is a path I am exploring but I also am conflicted on the idea of continuing to give $$ to a company that offers such mediocre support for paying customers. I get the commenters who say "maybe don't update as soon as it comes out..." but realistically, we're closer to the next release [of MacOS] than the current version's release and the current isn't working.
We waited to update until Sophos "supported" Big Sur, and that did not end well for us.
Annoyingly we don't use Jamf for Mac management but I've heard Bitdefender works quite well so might look at running a POC with that if we're not 100% with the next Sophos release.
Absolutely going to block the next MacOS release and watch these forums like a hawk
On the topic of Big Sur updates, we have found 11.5 update seems to also improve performance a little.