Hello Sophos Community,
I manage the Sophos Endpoint Antivirus Solution + Sophos Centrale. We are currently using the Sophos File Scanner Version 184.108.40.206. The CPU Usage spikes drastically to 40% in a ten minunte interval. Do you know any tricks to reduce the needed ressource for live file scanning? Everyone of us got Surfaces with a powerful CPU (Intel(R) Core(TM) i7-1065G7 CPU @ Base 1.30 GHz).
SFS must be scanning something. You can enable SFS debug logging via ESH:
C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log
The details in this post regarding the log might help:After installing Sophos, the Tasy Java Management System is slow - Discussions - Sophos Endpoint - Sophos Community
It's hard to tell from the Task Manager screenshot but is "Sophos Endpoint Defense Software" the process SEDService.exe or SSPService.exe? The Details view is better I find.
Also do you have a SophosScanCoordinator.exe process running to indicate a scheduled/on-demand scan is running. Could it be that it is performing a scan with archive scanning? That typically generates a lot of work for SophosFileScanner.exe and then SSPService.exe to process the results.
I've enabled the SFS logging on a few clients and told my colleagues to write down the time when the problem occurs. I am going to wait a couple of days and will analyze the logs after. I've checked the scheduled scan config on my endpoints. We full scan the devices every wednesday on 09:00 AM, every device got about 300GB internal disk capacity to scan. I don't think the scheduled scans are the problem, because I can't imagine scanning round about 300 GB would take more than one day. I'll keep you updated. Thanks for your help!