Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 14 subscribers
  • Views 5923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central - SSPService.exe - hoher RAM Verbrauch

Thomas Gothe

Hallo zusammen,

folgende Grundinformationen:

HP 449G3 238 AiO System
Windows 10 20H2
Intel Core i57500T 2,7GHz
8 GB RAM

Sophos Core Agent 2.20.11
Sophos Endpoint Advanced 10.8.11.4
Sophos Intercept X 2.04.24

Wir haben unsere gesamten Rechner auf Sophos Central umgezogen. Nun haben wir auf einigen Rechnern das Problem, dass dort der SSPService.exe als Dienst massiv CPU Last und auch Arbeitsspeicher verbraucht.

Nach dem Starten des Rechners liegt die CPU Last direkt bei rund 30%, der Speicherverbrauch liegt bei anfänglichen 200MB.
Die CPU Last hält sich während des Betriebes auf rund 30%, der Speicherverbrauch des Dienstes wächst dabei jedoch ins Unermessliche.
RAM-Verbrauch von 4,7GB bis 5,1GB ist auf verschiedenen Rechnern bereits vorgekommen. Dieser hohe RAM-Verbrauch hat leider auch Nebeneffekte, wie z.B. das Programme abstürzen bis dazu dass der gesamte Rechner nicht mehr reagiert.

Auf einem Referenzsystem (gleichen Hardwarespezifikationen) liegt die CPU Last bei 0% und der RAM-Verbrauch bei gerade mal 194MB.

Wir können uns nicht erklären, was die Ursache sein kann.



This thread was automatically locked due to age.
Parents
  • 0

    I would initially update the computer to the EAP, to get the latest software and confirm you have the same issue. 

    Note:You may need to reboot a couple of time to complete the migration and ensure that the Sophos Anti-Virus component has been removed, i.e. there is no SAVService.exe process and the "Sophos Anti-Virus Service" has been removed for example.

    Then as you mention SSPService.exe, I would create a new test Threat Protection policy in Central and link it to this test computer.  In the policy disable the "Detect malicious behavior" option.

    When the client picks up the policy, how does it behave then?

    For CPU usage issues, I would always recommend running from an admin prompt:

    wpr.exe -start GeneralProfile

    leave it for 2 mins, then run:

    wpr.exe -stop C:\gp.etl

    Once this is saved open with Windows Performance Analyzer which you can get from the MS Store.

    Drag the CPU sampled data to the analysis window.  From there you can see the Weight of CPU.  I assume that SSPService.exe is at the top.  If you add the stack column to the right of the process and to the left of the yellow line, you can drill down to see where the CPU usage is coming from.  You won't have symbols for the SSPService of course but if you enable symbols, you can see what Windows APIs are being called which could be insightful.

    You might need to provide this file to Support.

Reply
  • 0

    I would initially update the computer to the EAP, to get the latest software and confirm you have the same issue. 

    Note:You may need to reboot a couple of time to complete the migration and ensure that the Sophos Anti-Virus component has been removed, i.e. there is no SAVService.exe process and the "Sophos Anti-Virus Service" has been removed for example.

    Then as you mention SSPService.exe, I would create a new test Threat Protection policy in Central and link it to this test computer.  In the policy disable the "Detect malicious behavior" option.

    When the client picks up the policy, how does it behave then?

    For CPU usage issues, I would always recommend running from an admin prompt:

    wpr.exe -start GeneralProfile

    leave it for 2 mins, then run:

    wpr.exe -stop C:\gp.etl

    Once this is saved open with Windows Performance Analyzer which you can get from the MS Store.

    Drag the CPU sampled data to the analysis window.  From there you can see the Weight of CPU.  I assume that SSPService.exe is at the top.  If you add the stack column to the right of the process and to the left of the yellow line, you can drill down to see where the CPU usage is coming from.  You won't have symbols for the SSPService of course but if you enable symbols, you can see what Windows APIs are being called which could be insightful.

    You might need to provide this file to Support.

Children
No Data
Unfiltered HTML