This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Intercept X 2.0 impacting Performance - slow?

On a new software build of windows 10 on a T450 Lenovo, we found that at the end we installed Sophos Endpoint Intercept X 2.0 and it significantly slowed down the computer.  All aspects of the computer became slow.  On first bootup, connecting the Wifi - slow.  On login, the CPU would pin at 100% for long periods of time with high memory usage.  All applications would be slow to open, printing would be very slow. This is a new laptop i5, 8 GB RAM, 256 SSD.

We would remove the Intercept X and the computer would return to normal operation.  Fast bootup, fast login, apps, etc...

Now for this customer, then use Trend Micro as their primary AV.  We have Sophos Intercept X added on for the extra protection. We did not have issues previously until the Intercept X Version went up to 2.0.  Has anyone else noticed a large performance hit with Intercept X 2.0?




[locked by: SupportFlo at 11:42 PM (GMT -7) on 12 Mar 2019]
Parents
  • I have Intercept X 2.0.5, and my PC speed is good, but accessing web sites is very slow. It takes >40s after typing an address to load the web page, including known web sites such as google.com. Once a web site is loaded, getting the next page is normal. This happens everytime when loading a new url. I was only running intercept X, in combination with Norton Anivirus for now.

    At the firewall I notice many denied DNS heartbeat requests, not sure that has anything to do with it, but perhaps waiting for the DNS takes a long time that way.

    During de-install of the agent, at the point where the deinstall was deinstalling the Network Threat Protection, the speed of loading a web page became normal again.

     

  • Could it be that with Norton installed, that this has a process or processes which make network connections, e.g. maybe a local web proxy or some process that is performing cloud lookups.  Something that takes place when browsing essentially.  I'm sure this must be the case but I don't have Norton to check.

    The point of NTP is to check that processes aren't talking to malicious sites by performing cloud lookups.  If you check:

    "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SntpService.log"

    Do you see Norton processes mentioned a number of times when you see the issue?  Or any process for that matter during the slow down?

    You can make "file" exclusions in threat protection policy in Central and these processes will not be checked by MTD.  The exclusions end up in "C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\policy.xml" to check they have made it.

    Regards,
    Jak

  • Thanks Jak,

    the logs are no longer there after the deinstall. I have stopped the evaluation for now (already so much work to onboard the Sophos Xg). Once the licence for Norton expires later this year, I will do an evaluation of the whole stack.

    Regards

    Pieter

Reply Children
No Data