This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

High CPU Usage on Windows Server while Windows Update installing

Hello Sophos Community,

my name is David Lorenz and I am a it service provider with many customers. Our customers use Windows Server 2016 and 2019 as a virtual VMware machine.

They use Intercept X Advanced with XDR for Server or Intercept X Essentials.

Montly we install Windows Updates on our customers servers. The problem is that the installation need so much time because of running sophos services with extrem high cpu usage while Windows Update installation process.

Thats the policy configuration:

Do you have a idea what we can do for our customers? Many thanks in advance.

PS. i have already researched on the internet



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi David,

    Please open this link:

    support.sophos.com/.../KB-000033519

    -> check the "Windows Server Update Services (WSUS)" part of the KB, have you tried the recommended exclusions already?

    Regards,

    Fernan Tutor

    If this post solves your question, please use the "Verify Answer" button.

  • Hi Fernan,

    thank you for your help. I dont understand what i have to do with the Wsusscn2.cab? How i have to add this exclusion?

    I hope you can help me with that. The microsoft article is not exactly helpful :) ...

    Thanks in advance.

  • FormerMember
    0 FormerMember in reply to David Lorenz

    Hi David,

    I just ended my shift and currently don't have access on a windows 2016 server. Here's my first suggestion/example:

    Exclude Wsusscan.cab and Wsusscn2.cab via file exclusion:

    -> it means sophos won't scan any files named Wsusscan.cab and Wsusscn2.cab anymore. You can do this in your sophos central>global settings>global exclusion OR by going in server protection>policies>threat protection policy.

    The other thing I highly recommend is search where those 2 files are located then put scanning exclusion on their location.

    Example: if the files are inside C:\test folder

    Then do exclusion like this in files and folder exclusion: C:\test\

    Regards,

    Fernan Tutor

Reply
  • FormerMember
    0 FormerMember in reply to David Lorenz

    Hi David,

    I just ended my shift and currently don't have access on a windows 2016 server. Here's my first suggestion/example:

    Exclude Wsusscan.cab and Wsusscn2.cab via file exclusion:

    -> it means sophos won't scan any files named Wsusscan.cab and Wsusscn2.cab anymore. You can do this in your sophos central>global settings>global exclusion OR by going in server protection>policies>threat protection policy.

    The other thing I highly recommend is search where those 2 files are located then put scanning exclusion on their location.

    Example: if the files are inside C:\test folder

    Then do exclusion like this in files and folder exclusion: C:\test\

    Regards,

    Fernan Tutor

Children