This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos endpoint sophos network threat protection service high memory usage

Hello Everybody,

I had 2 times this issue with SNTP on Sophos Endpoint Agent

During this, my Notebook won't respond and i have to reboot it to stop this issue. Every program was critically compromised and i had to kill every task to make the notebook able to reboot.

Anyone has a suggestion for this problem???

Thank You so much.

Cristiano

This thread was automatically locked due to age.

Parents

0 Sophos User930 over 3 years ago

Is the problem just on this one computer or others? Do they all have Fing desktop installed?
Cancel
Vote Up 0 Vote Down

Cancel
0 Cristiano Ravarelli over 3 years ago in reply to Sophos User930

Hi.

Fing was installed months ago. The issue is nearly....

Yesterday my colleague has the same issue... in a light mode compared to mine, but he has to stop work for 5 minutes.

I've just tried yesterda to remove Fing. I wait this days to watch the results.

Thank you
Cancel
Vote Up 0 Vote Down

Cancel
0 Shweta over 3 years ago in reply to Cristiano Ravarelli

Hi Cristiano Ravarelli

Just wanted to follow up on this thread if you are still seeing this issue?

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Cristiano Ravarelli over 3 years ago in reply to Shweta

Hi ... the issue continues to make victims... in this weeks 3 other pc are suffering the same problem.

Every PC has different configuration and seems that isn't a correspondence between they.

so I don't understand what is the problem... I've uninstalled Fing but none has changed.

Anyone has that problem????
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User930 over 3 years ago in reply to Cristiano Ravarelli

How about this in a rather unscientific approach but could yield results without symbols.

When you have the issue, say 500MB. With Tamper disabled on the computer, create a full memory dump of the SophosNTPService process. I would suggest the easiest approach is to use Process Explorer and choose "Create Full Dump" from the right click option. With a dump file e.g dump.dmp, I would then download strings64.exe from Sysinternals - Strings - Windows Sysinternals | Microsoft Docs , then you can run:

strings64.exe -n 7 dump.dmp > ntpstrings.txt

As the contents of the memory will be data, this might point you to certain connections/addresses/IPs you can understand what the data is.

Hopefully you can then open the resultant file in ntpstrings.txt and it is helpful to understand the connections/IP, etc.. If the file is too big maybe increase the string length to say 10.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Sophos User930 over 3 years ago in reply to Cristiano Ravarelli

How about this in a rather unscientific approach but could yield results without symbols.

When you have the issue, say 500MB. With Tamper disabled on the computer, create a full memory dump of the SophosNTPService process. I would suggest the easiest approach is to use Process Explorer and choose "Create Full Dump" from the right click option. With a dump file e.g dump.dmp, I would then download strings64.exe from Sysinternals - Strings - Windows Sysinternals | Microsoft Docs , then you can run:

strings64.exe -n 7 dump.dmp > ntpstrings.txt

As the contents of the memory will be data, this might point you to certain connections/addresses/IPs you can understand what the data is.

Hopefully you can then open the resultant file in ntpstrings.txt and it is helpful to understand the connections/IP, etc.. If the file is too big maybe increase the string length to say 10.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data