Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 8438 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When will Auto Exclusions be coming to SVE? If not soon, can I install the full fat Server Endpoint Security Product?

Sean Lewis

Hi,

I'm currently migrating my ageing SBS 2011 Physical estate to a Hyper-V Virtual environment, my plan was to install it with SVE, which I have done but it appears to be causing some issues across my servers. I've started to look at exclusions and it will take me ages to write them all myself (I'm a one man IT team).

  • Are auto exclusions on the roadmap? And if so when?
  • If not, can I run the full fat security client in my VMs to get the benefits of some auto exclusion (I know i'll have to manually setup an exclusion rule for Exchange 2016)?

I manage from Cloud Central.

Thanks

Sean



This thread was automatically locked due to age.
  • 0

    Hello  

    We do not have plans for Auto exclusions, Sophos for Virtual Environments does have advanced caching. As each GVM goes through the scanning process, any files that are deemed clean by the SVM will be added to its own cache and also sent to each of the GVMs.

    When a GVM intercepts a file being opened it will look at its local cache first – so it won’t need to send a file to the SVM if it has already been deemed as clean – which will reduce scanning time after the first file scan.

    Sophos Server licenses are flexible so you can have a mix and match of standard and advanced and you can choose what server product can utilize the license. For instance you can have some servers that are on SVE and the exchange 2016 with SBS Server can have the full fat agent. it is entirely up to you how you wish to split the licenses up. 

    Can you please tell support (using the links in the bottom right hand corner of this page) what issues you are seeing, although SVE also does not support SBS (https://www.sophos.com/en-us/products/virtualization-security/tech-specs.aspx).

    Thanks 

     

    Mark 

  • 0 in reply to MarkToshack

    Hi Mark,

    Apologies for the late response, I've been on holiday.

    Thanks for the detailed answer, apologies I wasn't clear about my migration, we are retiring SBS and parting out the services SBS hosts (Exchange, SharePoint,   onto dedicated guests.

    The core issue I am seeing with Sophos installed is incredibly poor I/O transfer speeds. As soon as  I install either the full fat or the SVM Client our backup and replication processes are crippled.

    Prior to my holiday I spent a good amount of time setting up manual rule sets based upon Microsoft and Veeam exclusion lists, however they had no measurable impact on performance, the only way I've been able to achieve full throughput is by uninstalling the sop hos client (full fat or SVM).

    I tested that exclusions are working by creating a EICAR test file within an excluded location.

    What should our expectations be of the overhead on I/O when Sophos is installed, and how can we counteract it? 

    Thanks

    Sean

  • +1 in reply to Sean Lewis

    Hello

    The figures are really dependent on the infrastructure. What the spec of the host server is, how much resource is allocated to each GVM, as well as what the GVMs (VDI) are being used for and also your network topology.  There is no limit set by the SVM as to how many GVMs it can handle.

    Here are some figures that might help:

     

    Functionality  
      SVE ESXi SVE Hyper-V
    GVM Agent 1.0.0 1.0.1 1.0.0 1.0.1
    Memory used (working set) 30MB 30MB 30MB 30MB
    Memory used (peak) 36MB 36MB 36MB 36MB
    HDD Disk space used 6MB 6MB 6MB 6MB

    In order for us to help please do log a support ticket and we can look at your logs in detail with you and hopefully get to the bottom of the poor I/O speeds, which is not a problem I have heard before. 

     

    Thanks 

     

    Mark

Unfiltered HTML