This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

File Integrity Monitoring - Windows Updates

We're currently seeing a large increase in CPU utilization (50-60%) from the Sophos File Integrity Monitor Service(SophosFIMService.exe) when Windows updates are installing. I haven't been able to find any documentation on how to exclude Windows Updates from this policy and was wondering if anyone else was excluding this.

This thread was automatically locked due to age.

0 Jasmin over 5 years ago

Hi Jeff Haberman

I am assuming that you are aware of how File integrity monitoring works. I'd recommend you don't exclude anything from it as CPU utilization till 60% may be acceptable if it happens while windows update only.

You can find the windows update exclusion in the section List of automatic exclusions in this article of Microsoft which may help you in this.

Please Note, We never recommend exclusion in the scanning on any of the operating systems.

Regards,

Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Jeff Haberman over 5 years ago in reply to Jasmin

60% may not seem like a lot but when it's just the FIM service at 60% leaving only 40% CPU for the rest of the server functions. The high utilization and the implementation of FIM has greatly increased the amount of time it takes to patch our servers. In the testing I've done, when FIM is disabled on the server it is able to install a specific patch within 5 minutes. When FIM is enabled on that server and we attempt to install the same patch, the time of install increases to nearly 20 minutes.
Cancel
Vote Up 0 Vote Down

Cancel
0 Shweta over 5 years ago in reply to Jeff Haberman

Hi Jeff Haberman

If that is the case, I would suggest you collect process monitor logs and open a support case with Support.

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel