RE: Sophos intercept X advanced

Hi Abhimanyu,

"Recently, we deployed Sophos Intercept X Advanced for one of our customers. Now, they are facing system slowdowns. Could you please help me resolve this issue?



Added Tags
[edited by: GlennSen at 8:46 AM (GMT -7) on 6 Aug 2024]
Parents Reply Children
  • Did you manage to obtain a CSV of what is being scanned having enabled "Debug" level for "Scan Summaries" for the process: SophosFileScanner.exe, under the logging section in Endpoint Self Help (ESH)?

    You could equally enable the CSV creation by running the following commands as ESH essentially just sets and unsets reg values, e.g.:

    New-ItemProperty -Path "HKLM:\SOFTWARE\Sophos\Logging\SFS\Scan Summaries" -Name "LogLevel" -Value 0 -Force

    Disable it after a few minutes during the issue with:

    Remove-ItemProperty -Path "HKLM:\SOFTWARE\Sophos\Logging\SFS\Scan Summaries" -Name "LogLevel" -Force

    You can then consider the newly created CSV files under: C:\ProgramData\Sophos\Sophos File Scanner\Logs\

  • Hi Team,

    When real-time scanning is disabled in Sophos Intercept X Advanced, it will automatically re-enable after 4 hours?

  • If the policy defined in Central is enabled, the user locally overrides the policy (should require tamper protection password to do so) and disables a feature such as real-time scanning, this will revert back to on in 4 hours. The user would have to keep overriding locally.

    Also, when overridden, changes the policies in Central do not take effect.