Sophos Endpoint Intercept X 2.0 impacting Performance - slow?

On a new software build of windows 10 on a T450 Lenovo, we found that at the end we installed Sophos Endpoint Intercept X 2.0 and it significantly slowed down the computer.  All aspects of the computer became slow.  On first bootup, connecting the Wifi - slow.  On login, the CPU would pin at 100% for long periods of time with high memory usage.  All applications would be slow to open, printing would be very slow. This is a new laptop i5, 8 GB RAM, 256 SSD.

We would remove the Intercept X and the computer would return to normal operation.  Fast bootup, fast login, apps, etc...

Now for this customer, then use Trend Micro as their primary AV.  We have Sophos Intercept X added on for the extra protection. We did not have issues previously until the Intercept X Version went up to 2.0.  Has anyone else noticed a large performance hit with Intercept X 2.0?

  • We are experiencing something similar with some of our notebooks.

    We are using the following system:

    • HP EliteBook x360 1030 G2 - most recent hardware
    • Windows 10 Pro Build 15063
    • Sophos Software:
      • Core Agent: 2.0.0
      • Endpoint Advanced:
      • Intercept X: 2.0.1
      • Device Encryption: 1.3.90

    Like Stephen described, the client boots slowly. Once the login lock screen of Windows 10 shows up (which takes forever compared to pre Intercept X 2.0), it takes quite a while until the actual login form shows up. Other symptoms as described before are also present.

    Our current workaround is: 

    1. Uninstall Intercept X - not a nice solutions since we would love to be using Intercept X
    2. Delay the autostart of the MCS Client Service. Just as precaution, because in the past Sophos had some performance troubles with this service on startup.

    This workaround doesn't solve the problem, but it makes it bearable so the users can actually work on the devices.

    Would love to see a fix for this.

  • I am also experiencing this issue with Sophos.  Windows is also very slow to login, opening applications like Chrome and Outlook are painfully slow.  Programs are also very slow to respond and will often hang.  

    We are running: 

    Core Agent 2.0.0

    Endpoint Standard

    Sophos Intercept X 2.0.1

  • Same issue here.

    Systems: OptiPlex 7040,5050; Latitude 5570, 5580

    OS: Windows 10 1709

    Core Agent 2.0

    Intercept X 2.0.1


    Does not occur on same systems that have not updated to the latest Core Agent/Intercept X.

  • We have a client that we are just rolling out InterceptX and they were also upgraded to 2.0 recently and now exhibiting the same slow bootup and login times (anywhere from 6-9mins) on a brand new Surface Pro - Definitely wasn't evident pre InterceptX 2.0.  This client runs Bitdefender as their primary A/V.

    Has anyone received any updates from Sophos or logged a case?



  • In reply to George Khalil:

    Here same issues on HP 800 G1 mini, HP 800 G2 mini, HP 1040 G1, HP 1040 G2 and HP 1040 G3, HP 840 G2 and 840 G4. All affected by Sophos Endpoint after HP firmware update.

  • In reply to Mauro Marazzi:

    We are noticing the same issue.. I have a discussion open in other thread

    I contacted Sophos tech support and they said it is expected behavior.

  • In reply to Sam Sarcar:

    Can you elaborate on the "they said it is expected behavior?" They really said that added MINUTES of boot/logon time is an expected behavior?

  • In reply to Remie Beaulieu:

    this is what  the teach support wrote to me


    Hello Sam, There aren't really any specific configurations that can be used to speed up a booting process..  There are additional drivers and such that must be loaded and additional services that must start when our Software is installed, so an increase in boot time is definitely expected behaviour.  Of course, please feel free to to test by disabling the Sophos services to test if any particular service helps with the boot speed, though there are no settings to be toggled that will speed this up, unfortunately.  Regards,

  • In reply to Sam Sarcar:

    Clearly it's going to be slower but it shouldn't be that slow.  I would expect you'd be asked to provide either a:

    In addition to that an SDU zip so they can confirm the configuration is as expected.

    I'd be happy to take a look but this isn't the sort of data you want to be making available on a public forum.

    Beyond that, narrowing down components responsible, either by disabling options in the policy - most likely threat protection or by disabling drivers/services would be another approach.


  • In reply to jak:

    In our case, this particular client who we are piloting InterceptX alongside Bitdefender was experiencing boot to log in times of 6-9mins vs 1min previously on a Surface Pro 4. Totally unacceptable.  This was not the case prior to 2.X and we have had great success running InterceptX 1.X alongside Bitdefender with no delay in boot and login times.

    I have logged a support case with Sophos, but after uninstalling InterceptX 2.X, the machine was back to normal speed.

    Still waiting for a resolution.

  • In reply to George Khalil:

    We had on prem Sophos , just moved to Sophos Central in January , so I don’t have any experience with prior version of Intercept X. I just spoke to our Sophos SE. He is looking into it. I will give you an update if I hear back from the SE. I agree with Jak, they should have asked me to upload some logs.

    I disabled defender because I saw few discussion on this forum about defender might cause issue with Sophos AV.

    By the way intercept X might also be reason IE11 crashing in WIN 10. One of my coworker working with Microsoft on IE crashing on WIN 10, but I think they will end up pointing to Intercept X.

  • In reply to Sam Sarcar:

    Have another client who is also experiencing the same IE11 random crashing :( 

    I also have the case escalated, so will provide feedback once I hear back.

  • In reply to George Khalil:

    I suspect you're probably seeing this issue:

    Maybe try the suggestions to see if it matches.



  • In reply to jak:

    Thanks Jak for pointing out the thread. I'll check it out

  • In reply to George Khalil:

    Did some more testing for boot times and opening programs (simple one like Task Manager)


    Brand new Lenovo T450 i5, 8 GB RAM 256 SSD

    Fresh build with no anti-virus: Boot time is 30 seconds. Task manager opens within 1 second. Nice and Fast.

    Sophos End Point Core Agent 2.0.2 Advanced only: Boot time is 1 min 27 seconds. Task manager opens in 6 seconds. Slower... but still ok.

    Sophos End Point Core Agent 2.0.2 Intercept X 2.0.1 only: Boot time is 2 mins and 50 seconds. Task manager opens in 15-20 seconds (varies). This is too slow to function for a user.


    This is not acceptable for an anti virus to reduce the speed of a computer back to pre-SSD speeds.  We did not have these issues as far as I was aware Pre Version 2.