Exclusion for SophosFileScanner in Windows start-up phase

Hello all,

is there a way to tell the SophosFileScanner not to slow down the windows startup process this much ?

Regarding Microsoft Intune reporting this service is slowing down the startup process by 14 Seconds~.

Can we maybe set and exclusion we didnt set yet ? I know that Sophos needs to scan things during startup but 14 seconds is huge. Even if we can split it to 7 seconds it would be an improvement.

Thank you very much Slight smile

Parents
  • I would suggest, stop the "Sophos File Scanner Service" service.

    Enable "Scan Summaries" logging for SophosFileScanner.exe.  You can do this in Endpoint Self Help (ESH), or just create the DWORD LogLevel to 0 under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Logging\SFS\Scan Summaries

    Reboot.

    Next time the computer starts, SophosFileScanner.exe (worker) will start, and due to the additional logging, log to a CSV under:
    \Programdata\Sophos\Sophos File Scanner\

    Once you are happy you have captured the startup and login. 
    Delete the LogLevel  DWORD to stop the additional logging to the CSV. I would do this as quickly as possible once the user has logged on and the desktop is usable.

    You can then look at the CSV in Excel, to identify:
    Scan times for files, e.g. sort by highest to lowest. Anything specific taking a long time?
    Create a Pivot table grouping by path, to see if one or more files are repeatedly scanned.

    This data should provide what you need from a scanning perspective and might give you some exclusions to try.
    HTH

Reply
  • I would suggest, stop the "Sophos File Scanner Service" service.

    Enable "Scan Summaries" logging for SophosFileScanner.exe.  You can do this in Endpoint Self Help (ESH), or just create the DWORD LogLevel to 0 under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Logging\SFS\Scan Summaries

    Reboot.

    Next time the computer starts, SophosFileScanner.exe (worker) will start, and due to the additional logging, log to a CSV under:
    \Programdata\Sophos\Sophos File Scanner\

    Once you are happy you have captured the startup and login. 
    Delete the LogLevel  DWORD to stop the additional logging to the CSV. I would do this as quickly as possible once the user has logged on and the desktop is usable.

    You can then look at the CSV in Excel, to identify:
    Scan times for files, e.g. sort by highest to lowest. Anything specific taking a long time?
    Create a Pivot table grouping by path, to see if one or more files are repeatedly scanned.

    This data should provide what you need from a scanning perspective and might give you some exclusions to try.
    HTH

Children
No Data