Sophos health service high cpu. Start it up again and leave it while the issue occurs, leave it for say 5 mins. 400-9 on Mar 30th No high CPU issues prior to update Today’s high CPU is ongoing since midnight (literally midnight 00:00) Over the past few days there were the occasional high CPU events typically in the AM Each time there is no download traffic going on Abnormal high CPU Usage Contains functionality to check if a debugger is running (IsDebuggerPresent) Contains functionality to dynamically determine API calls Contains functionality to query CPU information (cpuid) Contains functionality to query locales information (e. High CPU caused by Sophos in Windows Most of the time when high CPU conditions occur with the Sophos real-time scanner becoming backlogged due to heavy/frequent writes to the disk with the real-time scans. The CPU usage is caused by the Sophos scan process. Sep 2, 2022 · What applications running on the system, and are you observing any specific application being launch when you observed the high CPU utilization? Many aspects may cause a high resource consumption on the system with security software installed, for example, incorrect exclusion, application bugs, and malware. 2 and is available on Windows 10 (x64) and later and Windows Server 2016 and later. This is linked in the ESH tool and provides further information on the Performance Analysis page. Overview Performance-related issues are being experienced on Windows devices. e. Mar 2, 2026 · Sophos Server Protection (Intercept X for Server on Ubuntu) Sophos Server Protection uses the same Linux agent as the endpoint product but is licensed and tuned for server workloads. Overview This article is for use with the Sophos Endpoint Self Help (ESH) tool for Sophos Central Windows devices. Any one had similar problem? Jan 21, 2025 · Understanding Sophos Endpoint Defense Software Before delving into the specifics of high CPU usage, it’s crucial to grasp the fundamentals of what Sophos Endpoint Defense software does. This will flush a telem file to disk. For the SDU to be able to collect the system logs, we recommend you configure your Linux devices to preserve them after a restart. Checking in task manager I found out that the “Sophos Endpoint Defence Service” is constantly using about 20% of CPU. This will flush a new telem file under: C:\ProgramData\Sophos\Endpoint Defense\Data\LuaTelemetry This will reveal the events processed, i. g. I can the remove Sophos Endpoint to get the machine working again. Thus requiring Sophos more CPU cycles to work through the backlog. They are also running various builds of either Big Sur or Monterey. exe on devices running System Monitor KBA-000008992 Jul 11, 2024 0 people found this article helpful All these files create and rename operations are scanned by Sophos File Scanner and Sophos System Protection Service, increasing the scan queue and consuming CPU and Memory. db The EVents. It was turned on with the release of Core Agent 2024. At its core, Sophos protects endpoints—servers, desktops, laptops, mobile devices—from a variety of cyber threats. It is designed for Ubuntu servers running web services, databases, containers, or internal applications where performance and stability are critical. Sophos Central Endpoint and Server: Constant high CPU usage from SEDService. Updated to 9. When you run it, the SDU collects all SPL logs, system information, and system logs. These are all 2015-2017 iMacs with mechanical hard drives, so they weren't exactly quick to begin with. Product and Environment Sophos Endpoint Sophos Server Windows SURF Detections Detected Log Lines Log Lines Explained What to do What if I still have an issue? Detected Log Lines HKLM\SYSTEM\CurrentControlSet Apr 3, 2022 · If I manually stop the services: Sophos File Scanner, Health, MCS Agent, MCS Client, Network Threat Protection and then EndTask the System Protection Service this reduces the memory usage and allows me to connect remotely. Sophos High CPU Usage Issue Since late last fall, I have ran into a few different random Macs at my organization that have become unusably slow after installing Sophos Endpoint. Jun 24, 2019 · HIGH CPU USAGE due to Sophos Health Service| Renamed the DB File , All Servvices are OK, No Data being copied to external Drives C$\ProgramData\Sophos\Health\Event Store\Database\events. The key purpose of the Performance Analysis Feb 19, 2026 · 13 Feb 2026 - 22:09:53 UTC Central Endpoint/Server - General Feb 4, 2024 · Hi everyone, I received a ticket from a user reporting a decrease in the performance of his PC. , whenever I log into a user account from sleep mode). Searching for troubleshooting I found out that the “Endpoint Agent” client has not updated in the last month and the button for manually update doesn’t work (the latest . May 15, 2025 · Note You can use the Sophos Diagnostic Utility (SDU) to gain additional insight into events when troubleshooting. Stop the service. db is continuously being updated with its size growing every few secs. Not seeing this at all on the work unit. exe on devices running System Monitor KBA-000008992 Jul 11, 2024 0 people found this article helpful Sophos High CPU Usage Issue Since late last fall, I have ran into a few different random Macs at my organization that have become unusably slow after installing Sophos Endpoint. the nature of them, Feel free to link that file. Product and Environment Sophos Endpoint Sophos Server Windows SURF Detections Detected Log Lines Log Lines Explained What to do What if I still have an issue? Detected Log Lines HKLM\SYSTEM\CurrentControlSet CPU usage varies from 90% to 50 % under the following circumstances: When I restart the system and log n to an account; When I start up from up a shutdown;' when I change user accounts (i. system language) Contains functionality to read the PEB Overview Performance-related issues are being experienced on Windows devices. Apr 10, 2016 · I’ve been seeing a recurring issue with high CPU utilization on my Sophos Home. These issues may involve high/persistent CPU usage, slow application performance, and general device slowdown. Some platforms have this configured by default. dzof rfchd xpfb zbqguu vfgvz kqwugptxn sxdpuz ftwp qkhy ztguzy