We notice that Sophos Lockdown is making the Windows GUI terribly slow when it is installed on a Server (Windows Server 2016, 2019).
The Servers are vmware VM.
As example:
searching in the start menu takes 30 seconds until a minute until you see a result
starting powershell is taking 60 seconds or more
When powershell is open it takes 60 seconds or longer until you can enter the first command
The first command is executed after an other one or two minutes.
After some minutes "working" or waiting on the GUI performance improves for already open processes. But loading new programs processes on the GUI are loading with the same slowliness as described.
While all this is happening, CPU and RAM are more or less idle.
If you do the same things the other day, it is the same again.
If we unlock the server the performance is back normal immediately, even when you use the VM again the next day. When you lockdown again, the problems are back.
This has been monitored for at least a year now. Due to this extreme slowliness we only use SLD on servers that need very little administrative work. The admins would not accept such crappy behaviour.
I'm not aware of anly Lockdown tuning - how can we make the servers usable when it is installed?
Hello LHerzog,Thank you for reaching community forum. With regards to this query, may we know what the role of this server is? Based on the documentation for SLD, not all server is suitable to use SLD.
It's a DNS server. We notice this regardles of the use case.
our experience: Lockdown enabled = GUI usability poor
GlennSen so is there any useful answer from Sophos about that feature and performance?
The idea behind Lockdown Feature is great, in real world that feature is not working well or not working at all.