Initial Steps:
The given Powershell script will run from Live Response as well as from powershell prompt.
There's no obligation to have elevated privilege to run this script.
After opening command prompt enter "powershell"
Copy paste the complete code into same cmd window.
Wait for the instructions to be executed.
function showcpuandrunningprocesses
{
Write-Host " "
$GP= Get-Process *sophos*, *SEDS* , *SSPS*, *MCSA*, *MCSC* | Select-Object Name,Id,CPU,Path | Sort-Object CPU -Descending | ft Name,Id,@{L='CPU';E={($_.CPU/1000000).toString('P')}},ID,Path
Write-Host "-------------------------"
Write-host "Showing Running Processes"
Write-Host "-------------------------"
$GP
Write-Host "-------------------------"
Write-Host " "
$GC1=Get-Counter -Counter "\Processor(_Total)\% Processor Time" | Select-Object -ExpandProperty CounterSamples
#ft @{L='Total CPU Utilization'; E={$(($gc.CookedValue/100).ToString("P"))}}
Write-Host "----------------------"
Write-Host "Total CPU Utilization:"
write-Host "----------------------"
Write-host "$(($GC1.CookedValue/100).ToString("P"))"
write-Host "----------------------"
Write-Host " "
}
showcpuandrunningprocesses
Once script is run, we will observe following output, which is helpful in identifying if Sophos Services are responsible for stressing CPU, and if current CPU utilization is high.
