This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint slow down internet speed

Hello,

We got a dedicated optical fiber 1gb Down/up .

With the endpoint installed, the speed download seems to be block around around 150 to 300 mb/s. Upload is correct.

IF i uninstall it, then the speed go back to normal with around 900 mb/s. Tests are made through NPERF. 

I tried a to play with settings on sophos central but none of them seems to make it work normally.

Does someone experiencing this issue or does know how to fix it ?


Note: Please see the following Blog Post for the latest update regarding this issue



This thread was automatically locked due to age.
Parents
  • I work for an MSP and Sophos Endpoint continues to be a massive headache for us with this type of nonsense. Over 2000 endpoints.  We just onboarded a new client and they immediately felt something was off after fully deploying Sophos Endpoint Intercept X Advanced.  A client with a 1GB internet connection.  These pictures speak for themselves and we even did this with a direct connection to the ISP cable modem, bypassing all internal hardware equipment.  Client is on latest version 2022.4.0.4.

    Something needs to be done about this and I don't want to hear BS about browsers or command line testing.  I cannot contact a client and tell them, well look, it checks out fine via some command line test.  There is a problem with this feature of the product and fully disabling multiple features, including Network Threat Protection cannot be an option.  Fix this before we end up in a discussion about leaving Sophos for good.






  • What is modernweb.offloading.enabled set to under:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\EndpointFlags

    Thanks.

  • NTP is the component. Web protection and control are features of it.

    The problem here is just browser traffic which, when either web protection or web control is enabled, traffic is inspected by SophosNetFilter.exe.

    If you turn off the feature NTP this will stop SophosNetFilter.exe from running.

    If you leave NTP running and turn of web control and the 2 web protection features that will also stop SophosNetFilter.exe.

    You don’t need to disable all of NTP to restore performance to the browser so C2 detection for non browser processes still runs, heatbeat, IPS if enabled, Connection tracking can all remain running features of NTP. The key thing here is SophosNetFilter.exe.

    No reboot required. Tbh I think restating the MCS services could revert the registry change. Should be picked up but ensuring NTP and web protection features are running is the thing to check. 

    hope it helps. 

  • Ahh I missed you last post. If that setting helps you contact support and ask them to enable the flag for your account. They should just need the tenant id you can find on the support page of Sophos Central where you enable support access. It’s a GUID.

  • Rebooting does revert the registry.  At this point I just need to circle back with our team and see how they want to proceed.  Thank you again for your help.

  • No problem, glad it could be fixed.

    Once the flag is set, MCSClient.exe, polls for flag updates based on this setting:

    I Config: setting 'flagsPollingInterval' set to 14400.

    14400s = 4hrs

    So it should be pretty quick to fix once set.

  • Confused now....explain what that polling setting does in simpler terms.  Will it prevent that registry from reverting to 0? 

  • It's just to highlight that even when Support request the change for the flag to be set on your Central account, the clients will not pick up the change straight away.  The flags are different to regular policy. 

    Feature flags are only polled for every 4 hours by MCS client where as a policy change you make should happen within a minute.  I thought I'd mention it so you know how long you might be waiting.

    Flags are the way Sophos rolls out features slowly even if the software is updated.

  • Just curious  if you managed to get the flag set on the account, check it was sent down and it helped on the computers? Thanks.

  • We did open an official support ticket and Sophos tech replied saying the change was going to be made to our client portal for everyone (reg change) and that it would take 1-2 business days to take effect.  So far 24 hours later, no change yet to our clients.   I'll give it until tomorrow evening I suppose.

  • Hello All,

    Regarding the said issue on this thread, our Internal team has confirmed that this issue has been solved with the latest release of Core Agent 2020.4

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Our endpoints are on 2022.4.0.4 and we are still experiencing this issue - and have been now for months.

Reply Children