This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos endpoint sophos network threat protection service high memory usage

Hello Everybody,

I had 2 times this issue with SNTP on Sophos Endpoint Agent

During this, my Notebook won't respond and i have to reboot it to stop this issue. Every program was critically compromised and i had to kill every task to make the notebook able to reboot.

Anyone has a suggestion for this problem???

Thank You so much.

Cristiano



This thread was automatically locked due to age.
Parents Reply
  • How about this in a rather unscientific approach but could yield results without symbols.

    When you have the issue, say 500MB.  With Tamper disabled on the computer, create a full memory dump of the SophosNTPService process.  I would suggest the easiest approach is to use Process Explorer and choose "Create Full Dump" from the right click option.  With a dump file e.g dump.dmp, I would then download strings64.exe from Sysinternals - Strings - Windows Sysinternals | Microsoft Docs , then you can run:

    strings64.exe -n 7 dump.dmp > ntpstrings.txt

    As the contents of the memory will be data, this might point you to certain connections/addresses/IPs you can understand what the data is.

    Hopefully you can then open the resultant file in ntpstrings.txt and it is helpful to understand the connections/IP, etc.. If the file is too big maybe increase the string length to say 10.

Children
No Data