I have the following scenario:
- I have created a new virtual machine, which has Windows Server 2019 installed and has NO Sophos yet, all works fine and the server's performance is normal (CPU usage is between 15% and 25% most of the time and e.g. IE opens within 1 to 2 seconds)
- I installed Sophos (10.8.4.227 EV 3.74.1) on the server, and the server started to experience a performance issue and slow response with high CPU (between 80% and 100%) when I only run simple applications (e.g. when I open IE or Explorer, it takes up to 5 or 6 seconds to open the window, and the CPU is bouncing at 100% for few seconds and still hight until I do nothing on the server for few seconds)
- As I mentioned above, If the server is idle for a few seconds, the CPU will drop down to around 20%, but once I open IE again it will jump up to around 100% and IE takes a long time to open.
- If I then uninstall Sophos, the problem will still present, even all Sophos components are removed (not sure if there is something still running in the background or if the impact of Sophos on another component in Windows is still affected)
- Also, I have noticed that the "Sophos System Protection" is not being installed, not sure if this is related to Windows Server 2019, or to Sophos version 10.8.4.227, or is it intended by Sophos to have this component included in another one !!
Does anyone have the same issue with Sophos and Windows Server 2019? are there any recommendations? or should I wait for a new release of Sophos?
The same Sophos policies and configs are applied on Windows Server 2016 servers, and they have no performance issues at all !!
Our Sophos is managed by SEC 5.5.0
Please let me know if you need more information.
easy part first - Sophos System Protection has been removed with 10.8.4.3.
all Sophos components are removedand rebooted afterwards? I'm not aware that there could be leftovers. Can you identify the process or processes consuming the CPU?
Thanks for being always there for help.
Yes, I rebooted the server many times after removing Sophos.
Actually, it is not easy to limit the processes which consuming the CPU, but here are some which I could notice after monitoring the Task Manager:
- System Interrupt
- Internet Explorer (or Windows Explorer) itself when I open it until it is opened (which might be normal)
- Services and Controller app
- Windows host process (Rundll32)
- Service Host: Local System (including 18 items)
- Task Manager itself (which might be normal)
To be honest, all the above-mentioned processes might be normal to have slightly high CPU consuming, but this performance issue occurred only after I installed Sophos the first time, so when the server was newly created and had no Sophos before, there was no performance issue at all !!
I will do, thank you anyway for your help.
You can also try to create the batch file for uninstall using the article https://community.sophos.com/kb/en-us/122126
The article is only for Sophos Central Endpoint and Central Server, I have a Sophos Endpoint Protection which is managed by SEC.
for example, I cannot find the command uninstallcli.exe (even though I can uninstall from Control Panel/Programs and Features), but I am not sure if I can go further with this article !!
you're right, doesn't really fit. RMS is missing and the product codes might or might not be "complete".
I am not sure if I can go further with this articleYou've missed the following line under What to do:• To gather the uninstall strings, run the appropriate commands that can be found in the KBA 109668 (my note: AKA Sophos Endpoint Security and Control: How to uninstall using a command line or batch file)
I gathered the uninstall strings after I uninstalled Sophos and the result was: End of search: 0 match(es) found.
which means - as you mentioned in one reply already - that there are no leftovers from Sophos after it is been uninstalled.
Can you please share the exact version of Windows 2019. Is that standard/Datacenter/core?
It is Windows Server 2019 Standard version 1809 OS build 17763.805
Sophos system protection component still failing to install after the uninstall and reinstall?
As Christian earlier mentioned, Sophos System Protection has been removed since the version 10.8.4.3
I am installing Sophos version 10.8.4.4 (10.8.4.227 VE 3.77.1)
Thank you, To analyze performance issues, we have to conduct a remote session with technical support. I would suggest opening anew case for this with Sophos Technical support.
You can create a case using the link here.
thank you, I already opened a case yesterday, but no answer or reply so far !!