sophos endpoint sophos network threat protection service high memory usage

Hello Everybody,

I had 2 times this issue with SNTP on Sophos Endpoint Agent

During this, my Notebook won't respond and i have to reboot it to stop this issue. Every program was critically compromised and i had to kill every task to make the notebook able to reboot.

Anyone has a suggestion for this problem???

Thank You so much.

Cristiano

Parents Reply Children
  • Hi ... the issue continues to make victims... in this weeks 3 other pc are suffering the same problem.

    Every PC has different configuration and seems that isn't a correspondence between they.

    so I don't understand what is the problem... I've uninstalled Fing but none has changed.

    Anyone has that problem????

  • How about this in a rather unscientific approach but could yield results without symbols.

    When you have the issue, say 500MB.  With Tamper disabled on the computer, create a full memory dump of the SophosNTPService process.  I would suggest the easiest approach is to use Process Explorer and choose "Create Full Dump" from the right click option.  With a dump file e.g dump.dmp, I would then download strings64.exe from Sysinternals - Strings - Windows Sysinternals | Microsoft Docs , then you can run:

    strings64.exe -n 7 dump.dmp > ntpstrings.txt

    As the contents of the memory will be data, this might point you to certain connections/addresses/IPs you can understand what the data is.

    Hopefully you can then open the resultant file in ntpstrings.txt and it is helpful to understand the connections/IP, etc.. If the file is too big maybe increase the string length to say 10.

  • Same problem here (sporadic)!

    First Level Support plays the: "please send more logs" game. No solution to be seen. PCs with more than 8GB Ram and SSD can recover, but other with 4GB+HDD die in swapping virtual Ram.