Using Live Response to investigate Sophos Services & their CPU utilization

Initial Steps:

The given Powershell script will run from Live Response as well as from powershell prompt.

There's no obligation to have elevated privilege to run this script.

After opening command prompt enter "powershell"

Copy paste the complete code into same cmd window.

Wait for the instructions to be executed.

function showcpuandrunningprocesses
Write-Host " "
$GP= Get-Process *sophos*, *SEDS* , *SSPS*, *MCSA*, *MCSC* | Select-Object Name,Id,CPU,Path | Sort-Object CPU -Descending | ft Name,Id,@{L='CPU';E={($_.CPU/1000000).toString('P')}},ID,Path 
Write-Host "-------------------------"
Write-host "Showing Running Processes"
Write-Host "-------------------------"
Write-Host "-------------------------"
Write-Host " "
$GC1=Get-Counter -Counter "\Processor(_Total)\% Processor Time" | Select-Object -ExpandProperty CounterSamples
#ft @{L='Total CPU Utilization'; E={$(($gc.CookedValue/100).ToString("P"))}}
Write-Host "----------------------"
Write-Host "Total CPU Utilization:"
write-Host "----------------------"
Write-host "$(($GC1.CookedValue/100).ToString("P"))"
write-Host "----------------------"
Write-Host " "

Once script is run, we will observe following output, which is helpful in identifying if Sophos Services are responsible for stressing CPU, and if current CPU utilization is high.