This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos hitman pro alert und borland delphi debugging extrem lamngsam

Moin,

Seit ca.14 tagen haben wir massive Performance Probleme beim Debuggen unserer Anwendungen mit Borland Delphi.
Jeder einzelne code Schritt dauert bis zu 2min. Variiert sehr stark.

Im Hintergrund scannt hmpalert.exe die kompilierte exe (ca 130MB gross) bis zu 8 mal pro debug Schritt. das hält natürlich auf.

Installiert ist die aktuelle Version von Intercept X.

Version von Hitman alert ist die : 3.9.3.775

was ich bereits versucht habe.

  • ausschließen global und/oder Policy 
    • borland delphi exe
    • kompilierte exe
    • Pfad zur kompilierten exe
  • alles in der Threat Protection Policy deaktiviert
  • Sophos Richtlinie lokal alles deaktiviert

das einzige was hilft, deaktivieren des Dienstes hitman alert, aber dann geht der heartbeat nicht mehr.

Deinstallieren Sophos intercept x. Aber auch dann kein heartbeat mehr und somit kein netzwerkzugriff mehr bei uns.

kann mir vielleicht jemand helfen. wäre echt super, denn mir steigen die Entwickler langsam aufs Dach.

Falls noch infos fehlen, reiche ich die gerne nach.

mfg

Michael



This thread was automatically locked due to age.
  • Hi mwe_tt

    Thanks for reaching out to the Sophos Community Forum.

    May I ask what kind of exclusions you've created in the policy?

    To prevent HitrmanPro from scanning apps on the device, you will need an exclusion of the type "Ransomware Protection". It's possible to create both process and folder exclusions. This type of exclusion can only be added from the Global Exclusions page. 

    A mini-filter driver is loaded into running processes, allowing HMPA to perform scanning. By adding this type of exclusion, this mini-filter is not longer loaded into the specified process. Specifying folder will prevent file and folder operations from being scanned. For developer apps, adding exclusions for the folders where necessary files reside should also help. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Kushal,

    i will try in englisch.

    many thanks for your quick reply.

    i only made exceptions for files and folder windows.

    Now i testet with

    • Ransomeware: Full Path of the file.
    • Ransomeware: Full Path only 
    • Ransomeware: exe of the Delphi IDE
    • all together

    but with no luck.

    in the logfile sophoshmpaservice.log is no more entry of the file, but the prozess monitor shows that hmpalert.exe scan the file anyway.

    The funny thing is that he really only scans this one file and C:\Windows\System32\svchost.exe

    I allready try to except C:\Windows\System32\svchost.exe but with no luck. this file cannot be exclude i think


    Scanning the file svchost.exe  takes milliseconds, but the executable that needs to be debugged takes a long time and is scanned more often.

    maybe you have an idea

    br

    michael

  • Hi  ,

    Can you please try to install the 'hotfix' on one of the affected devices and see if there's any developments?

    Kindly refer to the following article for the steps and for more information about the software package:

    Sophos Central Intercept X Maintenance Release

    Let us know how it goes.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • hi Gladys 

    yes. this solved my problem.

    thank you very much.

    br

    michael

  • Hello,

    we are having the same problem, but we can't find the 'hotfix' in the available Software Packages on our Sophos Console. 

    Do you know why?

  • Hi andrea

    you have to

    Adding the Maintenance Release to the list of available software packages 

    1. Logon to Sophos Central and go to 'Global Setting' > 'Administration' > 'Software Packages'
    2. Select the 'Windows computer' or 'Windows Server' tab and click 'Add software'
    3. Enter the platform software token to add the Maintenance Release (MR) package to the list of available releases
    4. Platform Software Token: 3bbd3f02-3059-5c24-8fc9-1ec502028d04

    Deploying the software package using an Update Management policy

    1. Go to 'Endpoint Protection' or 'Server Protection'
    2. Select Policies
    3. Select the 'Update Management' policy that applies to the devices you want to protect with the package. Click the policy to edit it.
    4. Go to the Settings tab.
    5. In 'Scheduled Updates', select the Maintenance Release (MR) package in the Windows drop-down menu.
    6. Click 'Save'
  • That worked, thank you so much!