CPU Load very high when doing medium to high bandwidth downloads

It appears your servers and endpoints are running different versions. Possibly not totally unexpected as the new architecture version is still being rolled out to customers but I would have thought if these computers are managed by the same Sophos Central account then if your account is set to get the new, both servers and clients would have it.

That being said, Early Access Program clients would have the new architecture. Did the computer with SophosNetFilter.exe belong to the EAP? Maybe if you've enabled controlled updates on servers they are yet to get it?

In any case, the Sophos Web Intelligence components are part of the SAV component which is removed as part of the new architecture.   Sophos Intercept X for Windows: Product architecture changes. So any problems with Sophos Web Intelligence will be gone soon.

If web protection or control is enabled, with the new architecture you will have a SophosNetFilter.exe process, the old SAV component had swi_fc.exe performing endpoint web filtering, so you can use this as one method to determine if the new or old web protection/control is in use.

• New (SophosNetFilter.exe)
• Old (swi_fc.exe)

The new version has HTTPS inspection, the old didn't, is that on in policy, that might explain it?

You can check at the "client" in the registry:

On:

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\[revision]\web_protection
https_decrypt_enabled = 1 

Off:

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\[revision]\web_protection
https_decrypt_enabled = 0

Where the revision value, is referenced from the latest value under HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection

Have the same problem.

Three customers with new Agent (2.20.13) and the CPU Load exploded.
All are using either terminal servers or virtual desktops.

opened a support call, waiting for ideas