I, like many other it seems, have been having problems with our Intercept X and MacOS Big Sur.
While version 10.0.4 seems to be a bit better than previous releases, we are seeing extremely high CPU usage for com.sophos.endpoint.scanextension on Big Sur when the users are opening large files or compiling code. So much so that users are reporting a notable degradation of performance to the point we have to turn off a lot of Threat Protection features. This has undermined Sophos within the user base so now every problem is getting blamed on host protection!
I know there are lots of posts around this topic with either scanextension or networkextension and I know Big Sur changed how kernel extensions work etc etc, but I wanted to know if Sophos have acknowledged that this issue will be fixed in future releases and when we can expect a version that plays nicely with Big Sur?
Hi Glen, while I appreciate you getting back to me, I could do with a little bit more detail or even a rough road map to go back to my colleagues with. I've effectively crippled certain teams workflows…
Thank you for reaching us. This has been acknowledge by our development team and is currently working with this to solve the issues being faced on Big Sur OS.
We will keep you posted for the updates.
Hi Glen, while I appreciate you getting back to me, I could do with a little bit more detail or even a rough road map to go back to my colleagues with. I've effectively crippled certain teams workflows by insisting on host protection on all devices. With a rough timeline I think it will be more palatable.
Also, any ideas when the next EAP will be available?
Also 10.1.2 brings no solution...
What version is this/will this be?
I believe the release version is 10.1.3 but the EAP version is 10.1.2. We're waiting for the roll out because we've bought through an MSP we can't get bumped up the list.
10.1.2 fixes some of the issues but it's still not perfect. Although one odd thing we have found is a semi-known issue with Macbook Pros where by if you have the charger and a monitor plugged into the left side TB ports, the fan goes nuts and a kernel service starts using a lot of CPU, that in turn causes Sophos to get upset too.
In 10.1.2 the Sophos processes still seem to use a lot of resource when idling, but seem a bit better at backing off when something else wants to use the CPU.
We can't get Google Drive [File Stream] to work if sophos scanner is present and uninstalling intercept x doesn't remove this process...but Google Drive works just fine if Sophos never gets installed. I feel that 8 months is plenty of time to get a product to support a new OS version -at this rate, the next update will launch before Sophos gets this all working properly so, given we're 60+% Mac, I think it might be time to not renew and move on to a product that actually supports our environment.
We switched all of our engineering/developers to Jamf Protect because of the issues with Sophos and have had zero complaints so far, it's been about 2 months. If you already use Jamf to manage your Macs it's extremely easy to deploy. It does lack some of the features that Sophos has like programmatic ransomware protection and DLP controls, but as far as I'm concerned, if Sophos isn't usable then that's irrelevant. Protect leverages the native macOS Endpoint Security Framework that was introduced with Catalina, it's not running a proprietary agent like most antivirus solutions. It's worth checking out if you're looking at alternatives.
That is a path I am exploring but I also am conflicted on the idea of continuing to give $$ to a company that offers such mediocre support for paying customers. I get the commenters who say "maybe don't update as soon as it comes out..." but realistically, we're closer to the next release [of MacOS] than the current version's release and the current isn't working.
The release of the new version of the Mac Endpoint would be complete in the first week of August.
Yashraj Singha | Team Lead, Global Community SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
We waited to update until Sophos "supported" Big Sur, and that did not end well for us.
Annoyingly we don't use Jamf for Mac management but I've heard Bitdefender works quite well so might look at running a POC with that if we're not 100% with the next Sophos release.
Absolutely going to block the next MacOS release and watch these forums like a hawk
On the topic of Big Sur updates, we have found 11.5 update seems to also improve performance a little.
I hope that will improve the performance, because our Big Sur users are complaining randomly about very slow systems and freezes with Sophos Endpoint, which makes it very hard to analyze and replicate. From my experience the high load is caused by the extensions. Disabling some functions is not a good option, because that´s what we are paying for. On the other hand I have not found any documentation which configuration in Sophos Central is linked to which service on the client. If the problems persist or we have to wait again many months until support for a new OS, I will be forced to look for another software to protect our clients.
We started to promote Big Sur update 2 weeks ago but had to withdraw it because of performance issues with Sophos. Users are complaining that everything is slow since they upgraded to BS. Our teams are mainly developers, and they say that their build time increased dramatically. Even on my own machine (on which I use only web browsers) I experienced com.sophos.endpoint.networkextension running at 100% CPU with fans spinning fast. It was even cutting my internet connection. We use Sophos Central with Sophos Endpoint 10.1.4.