Endpoint performance recommendations?

Hi,

we are a new partner coming from an ESET ecosystem, looking to replace it with Sophos for our customers, since we are using XGS and it makes sense to integrate Endpoint as well.

While testing Intercept X in our environment first, my developers are not happy.

Even start of MS SQL SSMS, Visual Studio 2022 and older VS is very slow with all endpoint services active.

Performance is OK when realtime scan and deep learning is disabled (talking about twice the time of load with Sophos)

So my question is, what can I do with this?

I would imagine that running app gets some hash or in first scan and then it is not impacted that much during further scans (at least ESET had it like this and performance was OK).

And yes, I can just exclude SSMS and VS from the scans, but where is the security in that...

Thank You for all suggestions etc.



Edit tags
[edited by: GlennSen at 7:35 AM (GMT -8) on 4 Nov 2024]
Parents
  • Thank you for reaching out to the community forum.

    By default, an automatic exclusion is added for SQL to avoid, which is a recommended exclusion to make SQL work smoothly; you can check this documentation for Automatic Exclusion of third-party products. You can try adding this one and observe the behavior of the device when running SQL.

    For Visual Studio, since it's used for developer use, We're expecting that it would be busy and we're accessing multiple files so an Exclusion by excluding them on On-demand scanning and choosing scheduled scan. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Glenn,

    thank You for quick response.

    To clarify MS SQL SSMS does not equal MS SQL Server instance.

    But thank You for the recommendations.

    Just to be sure - is process exclusion effective for all used files?
    Since file exclusion list would take me ages to define and that is not how I imagine modern security product to work, while I appreciate the thoroughness of scans.

    David

Reply
  • Hello Glenn,

    thank You for quick response.

    To clarify MS SQL SSMS does not equal MS SQL Server instance.

    But thank You for the recommendations.

    Just to be sure - is process exclusion effective for all used files?
    Since file exclusion list would take me ages to define and that is not how I imagine modern security product to work, while I appreciate the thoroughness of scans.

    David

Children