sophos hitman pro alert und borland delphi debugging extrem lamngsam

Moin,

Seit ca.14 tagen haben wir massive Performance Probleme beim Debuggen unserer Anwendungen mit Borland Delphi.
Jeder einzelne code Schritt dauert bis zu 2min. Variiert sehr stark.

Im Hintergrund scannt hmpalert.exe die kompilierte exe (ca 130MB gross) bis zu 8 mal pro debug Schritt. das hält natürlich auf.

Installiert ist die aktuelle Version von Intercept X.

Version von Hitman alert ist die : 3.9.3.775

was ich bereits versucht habe.

  • ausschließen global und/oder Policy 
    • borland delphi exe
    • kompilierte exe
    • Pfad zur kompilierten exe
  • alles in der Threat Protection Policy deaktiviert
  • Sophos Richtlinie lokal alles deaktiviert

das einzige was hilft, deaktivieren des Dienstes hitman alert, aber dann geht der heartbeat nicht mehr.

Deinstallieren Sophos intercept x. Aber auch dann kein heartbeat mehr und somit kein netzwerkzugriff mehr bei uns.

kann mir vielleicht jemand helfen. wäre echt super, denn mir steigen die Entwickler langsam aufs Dach.

Falls noch infos fehlen, reiche ich die gerne nach.

mfg

Michael



Edit tags
[edited by: GlennSen at 1:48 AM (GMT -7) on 26 Mar 2024]
Parents
  • Hi mwe_tt

    Thanks for reaching out to the Sophos Community Forum.

    May I ask what kind of exclusions you've created in the policy?

    To prevent HitrmanPro from scanning apps on the device, you will need an exclusion of the type "Ransomware Protection". It's possible to create both process and folder exclusions. This type of exclusion can only be added from the Global Exclusions page. 

    A mini-filter driver is loaded into running processes, allowing HMPA to perform scanning. By adding this type of exclusion, this mini-filter is not longer loaded into the specified process. Specifying folder will prevent file and folder operations from being scanned. For developer apps, adding exclusions for the folders where necessary files reside should also help. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Kushal,

    i will try in englisch.

    many thanks for your quick reply.

    i only made exceptions for files and folder windows.

    Now i testet with

    • Ransomeware: Full Path of the file.
    • Ransomeware: Full Path only 
    • Ransomeware: exe of the Delphi IDE
    • all together

    but with no luck.

    in the logfile sophoshmpaservice.log is no more entry of the file, but the prozess monitor shows that hmpalert.exe scan the file anyway.

    The funny thing is that he really only scans this one file and C:\Windows\System32\svchost.exe

    I allready try to except C:\Windows\System32\svchost.exe but with no luck. this file cannot be exclude i think


    Scanning the file svchost.exe  takes milliseconds, but the executable that needs to be debugged takes a long time and is scanned more often.

    maybe you have an idea

    br

    michael

Reply
  • Hi Kushal,

    i will try in englisch.

    many thanks for your quick reply.

    i only made exceptions for files and folder windows.

    Now i testet with

    • Ransomeware: Full Path of the file.
    • Ransomeware: Full Path only 
    • Ransomeware: exe of the Delphi IDE
    • all together

    but with no luck.

    in the logfile sophoshmpaservice.log is no more entry of the file, but the prozess monitor shows that hmpalert.exe scan the file anyway.

    The funny thing is that he really only scans this one file and C:\Windows\System32\svchost.exe

    I allready try to except C:\Windows\System32\svchost.exe but with no luck. this file cannot be exclude i think


    Scanning the file svchost.exe  takes milliseconds, but the executable that needs to be debugged takes a long time and is scanned more often.

    maybe you have an idea

    br

    michael

Children