-
标题
Increased CPU usage on Windows Servers from Sophos Endpoint Protection - HitmanPro -
说明
Sophos Endpoint Protection is a popular Antivirus package that includes File Scanning, Network Threat Protection, Web Control, and Device Control components.
In 2015, Sophos purchased the HitmanPro Anti-malware product and now includes HitmanPro as part of the Sophos Endpoint Protection product. HitmanPro is installed with Sophos and works as a second Antivirus product that is managed by its own Windows Service.
Testing was done using two identical Windows 2012 servers monitoring 12 SQL Server agents and Infobright-based SQL PI.
- The server named "sophos" has the Sophos Endpoint Protection product installed and running.
- The server named "nosophos" does not have Sophos Endpoint Protection installed.
Cross monitoring was configured on both servers to keep the systems as similar as possible.
-
解决办法
When the HitmanPro Service is running on a Windows Server, there was a significant impact on the CPU utilization.
This is regardless of any file, folder, and process exclusion settings.
Excluding processes, folders, and filenames in Sophos Central does not reduce CPU usage on the server. For performance improvements the HitmanPro Windows Service must be stopped and disabled or the Foglight environment should be resized to accomodate the additional CPU processing load.
When the HitmanPro service is stopped, the CPU utilization decreases significantly.
This interaction was found directly between the HitmanPro and Infobright services. When SQL PI (the ibengine.exe process) is disabled and HitmanPro remains active with the FMS and FglAM, the HitmanPro CPU process usage becomes negligible.
