Sophos Endpoint Security and Visual Studio

Hello Aaron,

we have not turned off On-Access scanning or HIPS because it defeats the point of having an AV program

this is prudent and I didn't (and would not) suggest this as solution. I don't have detailed knowledge of Visual Studio but IMO usually you should neither need extension-based exclusions nor general exclusions - especially the latter can "backfire" when they are applied to common libraries and auxiliary files. If they turn out to be necessary then ideally exclusions should only be made for files to which users have only read access.

the CPU usage should not be as high as it is

This is why I suggested turning off the various components (and also compare it to the numbers without Sophos installed). I'm sure there would be a knowledgebase article if general recommendations could be made. As mentioned a high CPU usage by itself is not bad (indeed, back in the old days of the mainframe dinosaurs any value below 100% meant either oversized hardware or wasted cycles because of a badly tuned system), especially if the machine has "nothing else to do" - more important is the effect on elapsed time. Static scanning should only have a significant impact if very many small files or a number of files which require deeper scanning are accessed. Even then a subsequent run should perform noticeably better.

Again, high CPU and whining fans are not the main criterion (as long as there is no contention for this resource - unfortunately this is not as simple to see as one might wish). If turning off on-access makes a significant difference then likely "much of something" is scanned you didn't associate with VS/VB. You'd have to find out what it is and whether it can safely be excluded. If it's HIPS then the compiler apparently "does things" which keep HIPS busy - might be necessary to engage Support.

If no single setting makes a significant difference - well, then it's time to take a closer look at the actual numbers.

Christian

Hello Aaron,

we have not turned off On-Access scanning or HIPS because it defeats the point of having an AV program

this is prudent and I didn't (and would not) suggest this as solution. I don't have detailed knowledge of Visual Studio but IMO usually you should neither need extension-based exclusions nor general exclusions - especially the latter can "backfire" when they are applied to common libraries and auxiliary files. If they turn out to be necessary then ideally exclusions should only be made for files to which users have only read access.

the CPU usage should not be as high as it is

This is why I suggested turning off the various components (and also compare it to the numbers without Sophos installed). I'm sure there would be a knowledgebase article if general recommendations could be made. As mentioned a high CPU usage by itself is not bad (indeed, back in the old days of the mainframe dinosaurs any value below 100% meant either oversized hardware or wasted cycles because of a badly tuned system), especially if the machine has "nothing else to do" - more important is the effect on elapsed time. Static scanning should only have a significant impact if very many small files or a number of files which require deeper scanning are accessed. Even then a subsequent run should perform noticeably better.

Again, high CPU and whining fans are not the main criterion (as long as there is no contention for this resource - unfortunately this is not as simple to see as one might wish). If turning off on-access makes a significant difference then likely "much of something" is scanned you didn't associate with VS/VB. You'd have to find out what it is and whether it can safely be excluded. If it's HIPS then the compiler apparently "does things" which keep HIPS busy - might be necessary to engage Support.

If no single setting makes a significant difference - well, then it's time to take a closer look at the actual numbers.

Christian