Sophos pulling 532MB of memory to run?

Hi there, 

I am trialling Sophos on our small office network (10 PCs). As our machines are quite old and slow, an important requirement for me is performance. This morning I logged onto my machine and noticed absolutely everything was really sluggish. I opened up task manager and found that Sophos was pulling 532MB of memory! I thought, oh, it might just be scanning. So I opened Sophos itself to check, nope nothing told me it was scanning.

I phoned Sophos support. I spoke to a young lady who first diligently took about 10 minutes in trying to get the correct spelling of my email address and company name. After what seemed to be an eternity she answered with "anything up to 1000MB is normal, so 500MB is normal. There's no problem." But my Sophos isn't scanning anything, "its normal" she said.

Is this true? It's normal for Sophos to hang around idly and suck up 500MB of memory?... is that really normal? I really hope its not otherwise Sophos is not at all for me. If it is not normal, can anyone explain by look at task manager what was consuming my resources?



  • Hello Michelle,

    the 300MB for the AV seems moderately high but all in all it seems normal indeed. Looking at the screenshot - Chrome consumes roughly 15% less, so ...

    To explain: A scanner intercepts files access (or the more newfangled stuff monitors events or hooks calls) and it should make its decision as quickly as possible. Last thing you want is that it does additional I/O to read its virus definitions and frees the memory after use only to go through the same sequence microseconds later. Thus a IMO reasonable amount of memory is used to ensure "desirable overall performance".

    Naturally quite old machines don't go too well together with "state-of-the-art" software, whether fancy applications or basic services. You wouldn't get below 350-300MB if you do away with the newer components - and this would be like your local police being able to deal with petty crooks but stranded when it comes to cybercrimes due to lack of appropriate equipment,

    What are the specs of these machines and how old is old, which OS? I'm using Windows 7 on an almost 7 years old i7, admittedly (inexpensively) upgraded to 8GB with a 500GB SSD, and don't have to woory about performance.


  • In reply to QC:

    Hi Christian, 

    Thanks for taking the time write such a detailed reply in an easy to understand format. In spite of what both yourself and the lady at Sophos support said... 532MB is *definitely* not normal for Sophos on my machines. Since posting the above, I've checked on my workstations randomly and all hovered around 45MB.. not 532MB. I guess all I wanted someone to tell me was "Yes Sophos can get up to 532MB when it's doing stuff. Looking at the task manager the stuff it was doing was ...XYZ. But no, normally Sophos hovers around 50MBBig Smile

    Anyhow, I'm happy. I haven't seen Sophos using 532MB or (even coming close to it) again. Mostly I see the below memory usage.

    Thanks again for taking the time to reply. 

  • In reply to Michelle99:

    Hi Michelle,

    I would say it is expected for Sophos Endpoint Protection to hover around 300-400MB of memory usage.  In your screenshot it looks like it is missing the Sophos Anti-virus process which uses the most memory out of them all.  You might see this as "Performs virus scanning and disinfection functions"

  • In reply to Michelle99:

    Hello Michelle,

    as SJaramillo says, the AV component (SAVService.exe) is not there for whatever reason.
    SAVService.exe uses a more or less constant amount (around 300MB) of memory that is only minimally dependent on what it's doing - if for example you disable On-Access (Real-Time) scanning it essentially "does nothing" but detection data are nevertheless kept in memory thus usage doesn't change.