Sophos Endpoint Intercept X 2.0 impacting Performance - slow?

On a new software build of windows 10 on a T450 Lenovo, we found that at the end we installed Sophos Endpoint Intercept X 2.0 and it significantly slowed down the computer.  All aspects of the computer became slow.  On first bootup, connecting the Wifi - slow.  On login, the CPU would pin at 100% for long periods of time with high memory usage.  All applications would be slow to open, printing would be very slow. This is a new laptop i5, 8 GB RAM, 256 SSD.

We would remove the Intercept X and the computer would return to normal operation.  Fast bootup, fast login, apps, etc...

Now for this customer, then use Trend Micro as their primary AV.  We have Sophos Intercept X added on for the extra protection. We did not have issues previously until the Intercept X Version went up to 2.0.  Has anyone else noticed a large performance hit with Intercept X 2.0?

  • In reply to Sam Sarcar:

    One of the desktop admin  imaged a new desktop and installed Sophos with Intercept X

    Load desktop after entering credentials – 17 Sec
    Skype  for Business auto lunch  and log in – 37 sec.

    This device is new so it was never been in Sophos database.

    Then I did following test with me test laptop

    1)Uninstall Sophos AV
    2)Reboot the laptop and delete the device from Sophos consol.
    3)Download the installation package from Sophos console.
    4)Install Sophos AV with Intercept  X

    Now the performance seems better

    Load desktop after entering credentials  21 Sec
    Skype for Business auto lunch and Log in – 46 Sec.


    Load desktop after entering credentials 29 Sec
    Skype for Business auto lunch and Log in – 1  min 40 Sec.

    I want to test this in few more new devices .. but Sophos might be working on the issue but they are not ready to push out to existing Client , but new installation might be getting the  fix.

  • In reply to Krystian Flemming:

    Krystian Flemming

    I'd like to ask others in this thread - are you using any other antivirus software besides Intercept X? 

    We are using the Sophos Central Endpoint Advanced AV.

    Krystian Flemming

    Could it be that Intercept X just doesn't cooperate with other AV software?  

    No, the problem also appears when using Sophos own AV.

  • Have you tried disabling Deep learning?  I recall that when we tested Invicea X (Sophos Deep Learning) on our machines last year we have experienced the same thing.  It is as if Invicea X virtualizes the whole environment so you are basically running within a VM. 


    How to check if Deep Learning is enabled:


  • In reply to Grammaton:

    I literally turned every single feature/policy off one by one until I had them all turned off and still had performance issues with regards to boot and login times.


    I've been told that our case has been raised to engineering/development now.

  • This issue seems affecting Surface devices more than others, we had to disable intercept X for several of them (Endpoint protection > Computers > Manage endpoint software) and move affected devices from Assigned to Eligible column to get back decent performances. 

  • In reply to J&P IT:

    Using Core Agent 2.0.2, Endpoint Advanced and Intercept X 2.0.2 on 25 computers and seeing no real issues. Maybe performance is a little bit slower but nobody including me noticed a real downgrade. Deep Learning is currently not activated.

  • In reply to Jelle:

    Update, March 23 - Sophos has escalated my ticket to global escalation specialists (GES). They said I will hear from them in 1-2 weeks. Have any one has any update from your ticket?