we love Sophos as a product but we are terribly struggling with the performance!
We have 7 RDS Servers running Windows server 2019 and a Microsoft rds Broker.
We also Use FsLogix for office365 and Profile Management.
he server are pretty performant when running Windows Defender only. after installing Intercept X Advanced for Server with XDR and the performance dropped significantly.
We already set all the recommended exclusions but it doesn't seem to help a bit.
The Problem is that, even if the CPU is not showing high usage, the severs are really slow in every Action.. Opening every Application takes a long time and it often crashes.
Is there something we should disable in the Policy to make it run faster or some settings we can use for Terminal servers specifically?
yes, Defender is disabled via GPOs
If you just quickly exclude C: as a real-time file/folder exclusion in a new threat protection policy and link it to a test server do you see the problem?
This would be a quick way to prove, that there isn't some fundamental problem and that the issue is just with scanning. With this information it would suggest an exclusion or two could help.
If it does help, maybe try less broad exclusions, e.g. justC:\windows\
Always add the trailing slash to mean all files and folder under the directory.