We are in the process of rolling out Central Intercept X Advanced with XDR and MTR. Developers have complained that Sophos makes their Windows machines sluggish. Same behaviour does not exist or is not as bad on Mac machines. We have been able to reduce this problem to a test that demonstrates the issue.
System is i7-7700HQ 2.8 GHz, 16 GB RAM (memory usage doesn't exceed 50%).
Executing (from cmd window) a .bat file that does "start chrome -new-window file:///C:/users/patrickkobly/chromestart.bat" 20 times. Timing measured on a stopwatch from hitting enter to the last window rendering the file. Observing Task Manager, we see "Sophos Endpoint Defense Software" peak around 30% CPU. Sophos File Scanner is present but doesn't seem to be spiking.
- With recommended policy settings: above test takes 10-12 sec
- With all switches off in a custom Endpoint Protection Policy, test takes about 6 sec
- With all switches on except for Real time file scanning turned on, test takes about 6 sec
- With recommended policy settings + a Windows process exception for chrome.exe, test takes about 6 sec
Tried to turn off tamper prevention and set Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos File Scanner\Application\LogLevel to 4 and restart Sophos File Scanner sevice. No differences noted in the Sophos File Scanner logs (looking to identify a tighter group of file exceptions to apply than just a blanket process exception for Chrome).
At a loss atm as to how to continue to troubleshoot this and return performance to acceptable.
This thread was automatically locked due to age.