Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 15 subscribers
  • Views 3316 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Intercept X (Malicious Traffic Detection) slows down MacOS Monterey extremely

Sophos User5167

Hi all,

following issue: I upgraded different machines (4 for testing) to MacOS Monterey 12.0.1.

They got all the same issue: After upgrading and rebooting, the machines slowing down extremly.

The OS would hang with beach ball and take forever to do even one click. They got useless!

After some testing i found out, if i turned off "Malicious Traffic Detection" in the Runtime Protection Settings of the Endpoint software (10.2.2), the machine starts to work normal, the system brakes and beachballs are gone.

But after i turned "Malicious Traffic Detection" on again and restarted the machine, it slows down again the machines extremely direct after booting.

I can reproduce this setting on all machines with Monterey 12.0.1

Even the latest EAP version of Sophos Endpoint (10.3.0) didn’t fixed this issue.

Any recommendations for this?



This thread was automatically locked due to age.
  • 0

    Hello,

    Thank you for reaching out to the Sophos Community Forum.

    Do you know if multiple network extensions are installed on the macOS devices in question? In some cases, having other network extensions installed prior to that of Sophos' can cause issues. 

    I have reached out to you via PM to request logging information from one of the affected devices to look into the issue further. 

  • 0 in reply to Qoosh

    Hi Kushal,

    I have the exact same problem running version 10.3.1 and Mac OS 12.1 on both my MacBooks, it’s impossible to use the computers with the “malicious traffic detection” setting on, when you turn it off the computer works fine

  • 0 in reply to Afonso Soromenho

    Thanks for reaching out. 

    I have PM'd you to gather further details on this issue.

  • 0 in reply to Qoosh

    I'm having this same issue as well if you can help.

  • 0 in reply to Craig Carrigan

    Hello Craig,

    As an initial step, I'd recommend running the following command.
    # systemextensionsctl list

    The "network_extension" should report back with Version 10.3.0, "scanextension" should report back with 10.3.1.

    Let me know if you see additional system extensions present when running the command.

  • 0 in reply to Qoosh

    Thanks! Yes, that what it shows (just the 2 with those versions). When I install Sophos, things run fine until I reboot. I'm not sure if that helps in any way.

  • 0 in reply to Qoosh

    Here is the listing for Sophos extensions"

    com.sophos.endpoint.networkextension (10.2.2/223121) networkextension [activated enabled]

    com.sophos.endpoint.scanextension (10.2.2/223121) com.sophos.endpoint.scanextension [activated enabled]

    But the networkextension is bombing my CPU.  I force quitted it, but it eventually restarts.

  • 0

    The performance issue is extremely bad on Intel CPU based Mac computers since MacOS Big Sur. Especially for our Engineering team when they doing code compiling.Is there any way we can see the real version number of the Sophos Intercept X installed on the computers? Now we have some computers under EAP, some updated to the latest released on April 14 and some of them are still on the previous version. But all of those Macs are showing on version 10.3.3. It is very confusing and won' help troubleshooting. We currently created a new policies and disabled almost all of the critical Intercept X services on that policy to avoid the performance issues. That is the only solution that works so far.

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?