This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos will cause performance issue (slow response) on Windows Server 2019

Hello,

 

I have the following scenario:

- I have created a new virtual machine, which has Windows Server 2019 installed and has NO Sophos yet, all works fine and the server's performance is normal (CPU usage is between 15% and 25% most of the time and e.g. IE opens within 1 to 2 seconds)

- I installed Sophos (10.8.4.227 EV 3.74.1) on the server, and the server started to experience a performance issue and slow response with high CPU (between 80% and 100%) when I only run simple applications (e.g. when I open IE or Explorer, it takes up to 5 or 6 seconds to open the window, and the CPU is bouncing at 100% for few seconds and still hight until I do nothing on the server for few seconds)

- As I mentioned above, If the server is idle for a few seconds, the CPU will drop down to around 20%, but once I open IE again it will jump up to around 100% and IE takes a long time to open.

- If I then uninstall Sophos, the problem will still present, even all Sophos components are removed (not sure if there is something still running in the background or if the impact of Sophos on another component in Windows is still affected)

 - Also, I have noticed that the "Sophos System Protection" is not being installed, not sure if this is related to Windows Server 2019, or to Sophos version 10.8.4.227, or is it intended by Sophos to have this component included in another one !!

Does anyone have the same issue with Sophos and Windows Server 2019? are there any recommendations? or should I wait for a new release of Sophos?

The same Sophos policies and configs are applied on Windows Server 2016 servers, and they have no performance issues at all !!

 

Our Sophos is managed by SEC 5.5.0

 

Please let me know if you need more information.



This thread was automatically locked due to age.
Parents
  • Hello Jameel,

    easy part first - Sophos System Protection has been removed with 10.8.4.3.

    all Sophos components are removed
    and rebooted afterwards? I'm not aware that there could be leftovers. Can you identify the process or processes consuming the CPU?

    Christian

  • Hello Christian,

     

    Thanks for being always there for help.

     

    Yes, I rebooted the server many times after removing Sophos.

    Actually, it is not easy to limit the processes which consuming the CPU, but here are some which I could notice after monitoring the Task Manager:

    - System Interrupt

    - Internet Explorer (or Windows Explorer) itself when I open it until it is opened (which might be normal)

    - Services and Controller app

    - Windows host process (Rundll32)

    - Service Host: Local System (including 18 items)

    - Task Manager itself (which might be normal)

     

    To be honest, all the above-mentioned processes might be normal to have slightly high CPU consuming, but this performance issue occurred only after I installed Sophos the first time, so when the server was newly created and had no Sophos before, there was no performance issue at all !!

    Best regards,

    Jameel

Reply
  • Hello Christian,

     

    Thanks for being always there for help.

     

    Yes, I rebooted the server many times after removing Sophos.

    Actually, it is not easy to limit the processes which consuming the CPU, but here are some which I could notice after monitoring the Task Manager:

    - System Interrupt

    - Internet Explorer (or Windows Explorer) itself when I open it until it is opened (which might be normal)

    - Services and Controller app

    - Windows host process (Rundll32)

    - Service Host: Local System (including 18 items)

    - Task Manager itself (which might be normal)

     

    To be honest, all the above-mentioned processes might be normal to have slightly high CPU consuming, but this performance issue occurred only after I installed Sophos the first time, so when the server was newly created and had no Sophos before, there was no performance issue at all !!

    Best regards,

    Jameel

Children