This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RE: Sophos intercept X advanced

Hi Abhimanyu,

"Recently, we deployed Sophos Intercept X Advanced for one of our customers. Now, they are facing system slowdowns. Could you please help me resolve this issue?



This thread was automatically locked due to age.
Parents Reply Children
  • Did you manage to obtain a CSV of what is being scanned having enabled "Debug" level for "Scan Summaries" for the process: SophosFileScanner.exe, under the logging section in Endpoint Self Help (ESH)?

    You could equally enable the CSV creation by running the following commands as ESH essentially just sets and unsets reg values, e.g.:

    New-ItemProperty -Path "HKLM:\SOFTWARE\Sophos\Logging\SFS\Scan Summaries" -Name "LogLevel" -Value 0 -Force

    Disable it after a few minutes during the issue with:

    Remove-ItemProperty -Path "HKLM:\SOFTWARE\Sophos\Logging\SFS\Scan Summaries" -Name "LogLevel" -Force

    You can then consider the newly created CSV files under: C:\ProgramData\Sophos\Sophos File Scanner\Logs\

  • Hi Team,

    When real-time scanning is disabled in Sophos Intercept X Advanced, it will automatically re-enable after 4 hours?

  • If the policy defined in Central is enabled, the user locally overrides the policy (should require tamper protection password to do so) and disables a feature such as real-time scanning, this will revert back to on in 4 hours. The user would have to keep overriding locally.

    Also, when overridden, changes the policies in Central do not take effect.