This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Performs virus scanning and disinfection functions in Task Manager at 200+ MB

Hi all,

I was wondering why Sophos is using up so much of my memory, always running the "Performs virus scanning and disinfection functions" at 200+ MB. I looked at some existing threads and disabled on-access scanning, but it had no effect. I have version 10.6.3.537 and running on Windows 10.

 

Not sure if this will help, but these are the components - Thanks for the help!

-[ Components]

AppFeedManager.dll

10.6.3.500

, size 422736 bytes

ApplicationManagement.dll

10.6.3.500

, size 521904 bytes

AuthorisedLists.dll

10.6.3.500

, size 208728 bytes

BackgroundScanning.dll

10.6.3.500

, size 95944 bytes

BHOManagement.dll

10.6.3.500

, size 389424 bytes

bpaif.dll

1.2.1.3

, size 221960 bytes

Categories.dll

10.6.2.603

, size 21056 bytes

ComponentManager.dll

10.6.3.500

, size 148888 bytes

Configuration.dll

10.6.3.500

, size 534888 bytes

DesktopMessaging.dll

10.6.3.500

, size 632008 bytes

DetectionFeedback.dll

10.6.3.500

, size 802408 bytes

DriveProcessor.dll

10.6.3.500

, size 208160 bytes

EEConsumer.dll

10.6.3.500

, size 155152 bytes

FilterProcessors.dll

10.6.3.500

, size 361928 bytes

FSDecomposer.dll

10.6.3.500

, size 135912 bytes

ICAdapter.dll

10.6.3.500

, size 287120 bytes

ICManagement.dll

10.6.3.537

, size 807584 bytes

ICProcessors.dll

10.6.3.500

, size 357264 bytes

Instrumentation.dll

10.6.3.500

, size 46584 bytes

LegacyConsumers.dll

10.6.3.500

, size 134944 bytes

Localisation.dll

10.6.3.500

, size 175936 bytes

Logging.dll

10.6.3.500

, size 739104 bytes

OSDP.dll

1.44.1.2243

, size 238768 bytes

Persistance.dll

10.6.3.500

, size 137448 bytes

rkdisk.dll

1.5.30.0

, size 111400 bytes

SavAdapter.dll

10.6.3.500

, size 1573888 bytes

SAVControl.dll

10.6.3.500

, size 229512 bytes

SAVI.dll

9.0.0.2243

, size 4055568 bytes

savmscm.dll

2.00.1503

, size 260632 bytes

SavNeutralRes.dll

10.6.2.603

, size 3232128 bytes

SavPlugin.dll

10.6.3.500

, size 109952 bytes

SavRes.dll

10.6.3.500

, size 767048 bytes

SavResChs.dll

10.6.3.500

, size 142112 bytes

SavResCht.dll

10.6.3.500

, size 142112 bytes

SavResDeu.dll

10.6.3.500

, size 201832 bytes

SavResEng.dll

10.6.3.500

, size 193520 bytes

SavResEsp.dll

10.6.3.500

, size 201832 bytes

SavResFra.dll

10.6.3.500

, size 213280 bytes

SavResIt.dll

10.6.3.500

, size 208096 bytes

SavResJap.dll

10.6.3.500

, size 157200 bytes

SavSecurity.dll

10.6.3.500

, size 212256 bytes

SavShellExt.dll

10.6.3.500

, size 212312 bytes

SavShellExtX64.dll

10.6.3.500

, size 519344 bytes

SAVUserContext.dll

10.6.3.500

, size 28928 bytes

ScanEditExports.dll

10.6.2.603

, size 37760 bytes

ScanEditFacade.dll

10.6.3.500

, size 276192 bytes

ScanManagement.dll

10.6.3.500

, size 413848 bytes

SIPSManagement.dll

10.6.3.500

, size 747928 bytes

SophosOfficeAV.dll

10.6.3.500

, size 139104 bytes

SophosOfficeAVx64.dll

10.6.3.500

, size 161360 bytes

sophos_detoured.dll

10.6.3.500

, size 289040 bytes

sophos_detoured_x64.dll

10.6.3.500

, size 231936 bytes

SophtainerAdapter.dll

10.6.2.756

, size 89232 bytes

sophtlib.dll

1.00.0.2243

, size 691768 bytes

SWIManagement.dll

10.6.3.500

, size 194664 bytes

SystemInformation.dll

10.6.3.500

, size 152080 bytes

TamperProtectionControl.dll

10.6.3.537

, size 140128 bytes

TamperProtectionControlX64.dll

10.6.3.537

, size 152536 bytes

TamperProtectionManagement.dll

10.6.3.500

, size 135912 bytes

TamperProtectionPlugin.dll

10.6.3.500

, size 259504 bytes

ThreatDetection.dll

10.6.3.500

, size 760336 bytes

ThreatManagement.dll

10.6.3.500

, size 1072544 bytes

Translators.dll

10.6.3.500

, size 299648 bytes

VEController.dll

10.6.3.500

, size 532840 bytes

Veex.dll

3.64.3.2243

, size 4767720 bytes

VirusDetection.dll

10.6.3.537

, size 1362504 bytes

BackgroundScanClient.exe

10.6.3.500

, size 76760 bytes

Native.exe

10.6.3.500

, size 186352 bytes

sav32cli.exe

2.99.000

, size 480552 bytes

SAVAdminService.exe

10.6.3.537

, size 311544 bytes

SAVCleanupService.exe

10.6.2.603

, size 195848 bytes

SavMain.exe

10.6.3.500

, size 1660200 bytes

SavProgress.exe

10.6.3.500

, size 391024 bytes

SavProxy.exe

10.6.3.500

, size 100104 bytes

SavService.exe

10.6.3.537

, size 285136 bytes

WSCClient.exe

10.6.3.500

, size 288528 bytes

difxapi.dll

2.1

, size 414152 bytes

swi_filter.dll

3.6.0.433

, size 2406168 bytes

swi_filter_64.dll

3.6.0.433

, size 3609368 bytes

swi_ifslsp.dll

3.6.0.433

, size 141208 bytes

swi_ifslsp_64.dll

3.6.0.433

, size 194152 bytes

swi_di.exe

3.6.0.433

, size 298112 bytes

swi_fc.exe

3.6.0.433

, size 2651888 bytes

swi_filter.exe

3.6.0.433

, size 471520 bytes

swi_lsp32_util.exe

3.6.0.433

, size 252792 bytes

swi_lspdiag.exe

3.6.0.433

, size 212824 bytes

swi_lspdiag_64.exe

3.6.0.433

, size 262248 bytes

swi_service.exe

3.6.0.433

, size 3339736 bytes

swi_update_64.exe

3.6.0.433

, size 2118896 bytes

swi_callout.sys

3.4.9.0

, size 32512 bytes

savonaccess.sys

3.23.1.0

, size 161024 bytes

SophosBootDriver.sys

1.1.0.0

, size 27904 bytes

SophosBootTasks.exe

10.6.2.603

, size 35592 bytes



This thread was automatically locked due to age.
Parents
  • Hello Diane Wang,

    I'd not call 200MB so much - do you think it's causing issues? This question comes up every few months although the only reason seems to be that it's deemed, well, unreasonable.
    As mentioned in other threads it's always a trade-off, memory vs. CPU vs. I/O. If you don' keep detection data and information about files that have already been scanned in (virtual) memory this requires CPU and causes more I/O on a scan. The data is kept even if you turn off On-Access (otherwise it would incur a considerable overhead - you might have turned off OA only temporarily or you could perform numerous on-demand scans). Arguably paging is more efficient here.

    Christian

  • Hi Christian , i have the same problem.

    I have on-access scanning enabled. Because i think is more security no ? if you disable this function is more easy for infection no ?

    My on-access enable to:

    check files

    write

    change name

    read

    enable detaction

    adware/PUA

    file suspect

    and another options on-access

    I check only scan system memory. --> Its necesary to check this option ?

    Thanks so much for advanced.

    Cristiano

     

     

     

  • Hello Cristiano.

    as said, this amount of memory usage is normal and shouldn't cause issues on a decent computer.

    Generally you should use the Recommended settings for Anti-Virus and HIPS (it also explains some of the setting in more detail).

    Christian

Reply Children
  • Hi Christian ,

    the decent computer :)

    we talk about computer with :

    4Gb memory ram

    500Gb HD

    Intel i5

    How the mininum hardware for to work with Sophos ?

    The HIPS is not necessary to setting in option the exclusion windows files ??

    For example in my setting i put to exclusion:

    *.jrs
    *.pst
    bschJW.exe
    C:\MOVENTIA\
    C:\Program Files (x86)\Google\Chrome\Application\
    C:\Program Files (x86)\Mozilla Firefox\
    c:\Program Files(x86)\
    c:\Program Files\
    C:\Program Files\Internet Explorer\
    C:\Program Files\Microsoft Office\
    C:\Program Files\Microsoft Office\Office15
    C:\ProgramData\
    c:\Users\mmartip\Documents\OneDrive - MARFINA,S 1.L\MOVENTIA\
    C:\windows\rescache\
    C:\Windows\security\database\
    C:\Windows\SoftwareDistribution\DataStore\
    C:\Windows\SoftwareDistribution\DataStore\Logs\
    C:\Windows\System32\GroupPolicy\Machine\
    C:\Windows\System32\GroupPolicy\User\
    cloud-drive-ui.exe
    Edb.chk
    GestorIncidencias.exe
    mstsc.exe
    NTUser.pol
    Registry.pol
    Tmp.edb

    Thanks ,

     

     

  • Hello Cristiano,

    the mininum hardware
    if you can run Windows
    and your applications with acceptable performance AV shouldn't bring the computer to its knees (and keep in mind AV is not nice to have).

    As to exclusions: If the above are really exclusions they are not only redundant but also risky (whether a little bit or more than that depends on whether you usually work with a normal account or as an admin). My mantra is exclusions only when proven necessary. We only have a few (not the "recommended" or allegedly even "required" ones) exclusions for some of our servers and otherwise none. Admittedly Windows' self-protection has improved and adding some unperilous exclusions would perhaps save some overhead - but it wouldn't be noticeable anyway.

    Christian 

  • Hello Christian ,

    thanks.

    You recommended not create exclusions. Correct ?

    The exclusions C:\windows\rescache\  recommend Sophos Technicians.

    All the users work with single user , don´t work with admin. The exclusion i do apply of endpoints , not server.

    Thanks ,

    Cristiano

     

  • Hello Cristiano,

    use whatever exclusions a Technician recommended - I won't second-guess Sophos. Personally I'm not a fan of proactive exclusions and recommend not to create them unless there's an actual need (i.e. an issue which can't be resolved without applying them).

    Christian

  • Ok.

    Thanks so much

    Crisitiano.