This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos endpoint sophos network threat protection service high memory usage

Hello Everybody,

I had 2 times this issue with SNTP on Sophos Endpoint Agent

During this, my Notebook won't respond and i have to reboot it to stop this issue. Every program was critically compromised and i had to kill every task to make the notebook able to reboot.

Anyone has a suggestion for this problem???

Thank You so much.

Cristiano

This thread was automatically locked due to age.

Parents

0 Shweta over 3 years ago

Hi Cristiano Ravarelli

Could you check under SNTP.log(%ProgramData%\Sophos\Sophos Network Threat Protection\Logs\) if you find any error or anything unusual?

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Shweta over 3 years ago

Hi Cristiano Ravarelli

Could you check under SNTP.log(%ProgramData%\Sophos\Sophos Network Threat Protection\Logs\) if you find any error or anything unusual?

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Cristiano Ravarelli over 3 years ago in reply to Shweta

Hi Shweta,

i didn't find anything unusual at the time of the issue.

I post it below ...

It was happened between 11.45 and 12.00 today morning.

a 2020-12-21T11:45:04.943Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-12-21T11:52:31.071Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: wpad.asmvigevano.it
a 2020-12-21T11:55:20.901Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: login.live.com:443
a 2020-12-21T11:55:20.906Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: login.live.com:443
a 2020-12-21T11:55:20.990Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: asmvig-proxy01.asmvigevano.it:443
a 2020-12-21T11:55:24.672Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: login.live.com:443
a 2020-12-21T11:55:24.674Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: login.live.com:443
a 2020-12-21T11:55:24.695Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: asmvig-proxy01.asmvigevano.it:443
a 2020-12-21T11:56:49.605Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: wpad.asmvigevano.it
a 2020-12-21T11:56:49.606Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: wpad.asmvigevano.it
a 2020-12-21T11:56:49.607Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: www.msftconnecttest.com
a 2020-12-21T11:56:49.797Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: www.msftconnecttest.com
a 2020-12-21T11:56:50.518Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: tile-service.weather.microsoft.com
a 2020-12-21T12:03:11.370Z [5876:9700] - Process: '\device\harddiskvolume3\program files\fing\resources\extraresources\fingagent.exe' accessed: 172.18.92.35
a 2020-12-21T12:03:11.371Z [5876:9700] - Process: '\device\harddiskvolume3\program files\fing\resources\extraresources\fingagent.exe' accessed: 172.18.92.243
a 2020-12-21T12:03:11.657Z [5876:9700] - Process: '\device\harddiskvolume3\program files\fing\resources\extraresources\fingagent.exe' accessed: 172.18.5.34
a 2020-12-21T12:13:05.412Z [5876:9700] - Process: '\device\harddiskvolume3\windows\system32\svchost.exe' accessed: wpad.asmvigevano.it
Cancel
Vote Up 0 Vote Down

Cancel
0 MEric over 3 years ago in reply to Cristiano Ravarelli

Hi Cristiano,

When I've had high memory usage from Sophos NTP in my environment it was generally caused by our backup software making many connections to the cloud to perform live backups. Every time our backup software made a network connection it would have to be scanned by Sophos NTP and eat up all the memory on the computer. By creating a file/folder exclusion for our backup software we resolved the issue. Support identified the issue by looking in this same log file to see many connections from a specific program.
Cancel
Vote Up 0 Vote Down

Cancel
0 Cristiano Ravarelli over 3 years ago in reply to MEric

I don't backup the notebook.

We work only on fileserver and I have only administrating programs on it
Cancel
Vote Up 0 Vote Down

Cancel