Sophos Data Recorder service using high CPU on servers

If you restart the SDR service, does it immediately start using the CPU or does it take a while?

Yes,

When the service does restart it goes back to taking up 25% or 50% CPU

 OK, out of interest, have you signed up to the EAP program -  "Intercept X New Features"?: Accessible here: https://cloud.sophos.com/manage/eap

If you were to sign up and add a single endpoint (Win10 is fine), this would install Sophos System Protection (SSP) 2.7.0.7 which comes with SDRService.exe version 1.1.0.2.

If I look on a standard endpoint, SSP is version 2.6.0.71 and SDRService.exe is version 1.0.0.10.  I assume on your servers you have the same 1.0.0.10 version of this file: "C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe". 

If you can take a copy of "C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe" version 1.1.0.2 and put it on a computer with the problem does it go away?  

I wonder if this is fixed in a later version.

Regards,

Jak

We worked with Sophos support and they provided us with a newer version of SDRService.exe (the .exe that runs the service), and had to manually deploy the file to all the servers.

Thanks for the update.  Good to know there is a fix.  I assume it's also in 1.1 and you'll get that automatically when it's updated.

Regards,

Jak

I've opened a ticket with Support in hopes of them providing a newer version of SDRService.exe.  I've signed up for the EAP and added a few machines to the program in hopes that they would automatically receive the newer version, but several reboots and manual updates later... no dice.

Can I assume, by your post, that it does require working with Support?  If so, I may push the issue a bit rather than wait for them to reply to my emailed ticket.  We're having some CPU issues that have become very high profile due to the letters in front of the names who noticed it.