we love Sophos as a product but we are terribly struggling with the performance!
We have 7 RDS Servers running Windows server 2019 and a Microsoft rds Broker.
We also Use FsLogix for office365 and Profile Management.
he server are pretty performant when running Windows Defender only. after installing Intercept X Advanced for Server with XDR and the performance dropped significantly.
We already set all the recommended exclusions but it doesn't seem to help a bit.
The Problem is that, even if the CPU is not showing high usage, the severs are really slow in every Action.. Opening every Application takes a long time and it often crashes.
Is there something we should disable in the Policy to make it run faster or some settings we can use for Terminal servers specifically?
yes, Defender is disabled via GPOs
first question would be if you double checked, Defender is no longer running. Because it will not disable itself when you install another Antivirus like Intercept-X
This needs to be done manually or via GPO.
If still not solved, then maybe you find out more with perfmon looking for latency for processes and file access.
If you just quickly exclude C: as a real-time file/folder exclusion in a new threat protection policy and link it to a test server do you see the problem?
This would be a quick way to prove, that there isn't some fundamental problem and that the issue is just with scanning. With this information it would suggest an exclusion or two could help.
If it does help, maybe try less broad exclusions, e.g. justC:\windows\
Always add the trailing slash to mean all files and folder under the directory.