Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 2798 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAP production Server gets very slow after installing sophos Server protection

benedict odida

one of our clients SAP production Server gets very slow after installing sophos Server protection and users always experience sluggishness when trying to access the SAP server. The server gets back to Normal after sophos is uninstalled from it . anyone else experiencing this??



This thread was automatically locked due to age.
Parents
  • 0

    Do you know what helps solve the problem without removing Sophos, for exampke policy changes?

    For example.  If you exclude the drives from real time scanning, E.g. C: D:, etc.. does it work as expected? If so, that suggests exclusions could help.

    If it is a file based "problem" then you could run Process Monitor and see what files are being accessed so often to cause an issue and narrow it down further.  You can add the duration column to help identify files taking a while to read/write.  0.1 seconds and greater might be a good starting point.

    Regards,

    Jak

  • 0 in reply to jak

    Yes i have made changes to the policy , added exclusion to the SAP folders also turned of scheduled scanning . Still some issue

  • 0 in reply to benedict odida

    OK, It sounds like the traditional real-time scanning may not be the cause or at least the full cause if you haven't seen a full improvement.

    The next step would be to consider the features such as CryptoGuard and exploit prevention.  I don't know how easy it is to restart the server but a quick way to rule these features out is to rename:

    \windows\system32\drivers\hmpalert.sys

    to say 

    \windows\system32\drivers\hmpalert.sys.off

    and reboot. 

    This will disable the CryptoGuard features in the driver and also prevent the driver from injecting the hmaplert.dll into processes for exploit prevention.

    If the issues goes away without the driver loaded, at least we have identified the component, before breaking it down further.  

    The next option would be (after re-renaming the driver back and rebooting) to split CryptoGuard and exploit prevention features.  CryptoGuard can be disabled via policy.  High level Exploit prevention features can also.

    I hope this strategy helps identify the cause.

    Regards,

    Jak

Reply
  • 0 in reply to benedict odida

    OK, It sounds like the traditional real-time scanning may not be the cause or at least the full cause if you haven't seen a full improvement.

    The next step would be to consider the features such as CryptoGuard and exploit prevention.  I don't know how easy it is to restart the server but a quick way to rule these features out is to rename:

    \windows\system32\drivers\hmpalert.sys

    to say 

    \windows\system32\drivers\hmpalert.sys.off

    and reboot. 

    This will disable the CryptoGuard features in the driver and also prevent the driver from injecting the hmaplert.dll into processes for exploit prevention.

    If the issues goes away without the driver loaded, at least we have identified the component, before breaking it down further.  

    The next option would be (after re-renaming the driver back and rebooting) to split CryptoGuard and exploit prevention features.  CryptoGuard can be disabled via policy.  High level Exploit prevention features can also.

    I hope this strategy helps identify the cause.

    Regards,

    Jak

Children
No Data
Unfiltered HTML