Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 9 subscribers
  • Views 3024 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

File Integrity Monitoring - Windows Updates

Jeff Haberman

We're currently seeing a large increase in CPU utilization (50-60%) from the Sophos File Integrity Monitor Service(SophosFIMService.exe) when Windows updates are installing. I haven't been able to find any documentation on how to exclude Windows Updates from this policy and was wondering if anyone else was excluding this.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    I am assuming that you are aware of how File integrity monitoring works. I'd recommend you don't exclude anything from it as CPU utilization till 60% may be acceptable if it happens while windows update only.

    You can find the windows update exclusion in the section List of automatic exclusions in this article of Microsoft which may help you in this. 

    Please Note, We never recommend exclusion in the scanning on any of the operating systems.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Jasmin

    60% may not seem like a lot but when it's just the FIM service at 60% leaving only 40% CPU for the rest of the server functions. The high utilization and the implementation of FIM has greatly increased the amount of time it takes to patch our servers. In the testing I've done, when FIM is disabled on the server it is able to install a specific patch within 5 minutes. When FIM is enabled on that server and we attempt to install the same patch, the time of install increases to nearly 20 minutes.

Reply
  • 0 in reply to Jasmin

    60% may not seem like a lot but when it's just the FIM service at 60% leaving only 40% CPU for the rest of the server functions. The high utilization and the implementation of FIM has greatly increased the amount of time it takes to patch our servers. In the testing I've done, when FIM is disabled on the server it is able to install a specific patch within 5 minutes. When FIM is enabled on that server and we attempt to install the same patch, the time of install increases to nearly 20 minutes.

Children
Unfiltered HTML