3CX DLL-Sideloading attack: What you need to know
Hello,
recently we are experiencing heavy performance issues for users with Endpoint installed. It seems that sophos filescanner.exe is taking a lot of resources on the machine making working on it almost impossible. opening Outlook or Teams takes ages and selecting different mails or chats also takes minutes (with regular freezes in between).
i did some testing and it seems as soon as i disable the "real-time scanning - local files and network shares" the computer lives up again.
the laptops are modern i5 cpu's with 16GB of ram so it should not be an issue.
of course i do not want to disable this feature since it is important, but with the performance issues right now it is not worth it. is there any fix for this?
Note: all laptops are connected to OneDrive and an external file share which is mounted, could that be an issue?
Kind regards,
Thank you for reaching us,Aside from those applications that you're currently running in which you observed the performance issue, was there scanning happening in the background or was there a file transfer going on? Is this being observed at a certain time of the day, or is it happening all day long?
Hello Glenn,
thanks for your reply. It seems that some scanning was occuring in the background with regular CPU spikes as shown in the image below. no big file transfers were ongoing although the machines are connected to SharePoint and OneDrive so regurarly syncs with them.
Regarding the moment, it happens randomly. today it happened at 12:30 PM, yesterday at 16:00. but not always everyday. it seems the issue is also sometimes worse then other times.
Have you tried adding scanning exclusion for your SharePoint path and Onedrive? For Sharepoint, you may follow recommended exclusion shared by Microsoft
When it's happening, can you see the process SophosScanCoordinator.exe running?
Otherwise, you might find this post of use:
After installing Sophos, the Tasy Java Management System is slow - Discussions - Sophos Endpoint - Sophos Community
You can use it to find what is being scanned.