This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Intercept X (Malicious Traffic Detection) slows down MacOS Monterey extremely

Hi all,

following issue: I upgraded different machines (4 for testing) to MacOS Monterey 12.0.1.

They got all the same issue: After upgrading and rebooting, the machines slowing down extremly.

The OS would hang with beach ball and take forever to do even one click. They got useless!

After some testing i found out, if i turned off "Malicious Traffic Detection" in the Runtime Protection Settings of the Endpoint software (10.2.2), the machine starts to work normal, the system brakes and beachballs are gone.

But after i turned "Malicious Traffic Detection" on again and restarted the machine, it slows down again the machines extremely direct after booting.

I can reproduce this setting on all machines with Monterey 12.0.1

Even the latest EAP version of Sophos Endpoint (10.3.0) didn’t fixed this issue.

Any recommendations for this?

This thread was automatically locked due to age.

Parents

0 Qoosh over 3 years ago

Hello,

Thank you for reaching out to the Sophos Community Forum.

Do you know if multiple network extensions are installed on the macOS devices in question? In some cases, having other network extensions installed prior to that of Sophos' can cause issues.

I have reached out to you via PM to request logging information from one of the affected devices to look into the issue further.
Cancel
Vote Up 0 Vote Down

Cancel
0 Afonso Soromenho over 3 years ago in reply to Qoosh

Hi Kushal,

I have the exact same problem running version 10.3.1 and Mac OS 12.1 on both my MacBooks, it’s impossible to use the computers with the “malicious traffic detection” setting on, when you turn it off the computer works fine
Cancel
Vote Up 0 Vote Down

Cancel
0 Qoosh over 3 years ago in reply to Afonso Soromenho

Thanks for reaching out.

I have PM'd you to gather further details on this issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 Craig Carrigan over 3 years ago in reply to Qoosh

I'm having this same issue as well if you can help.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Craig Carrigan over 3 years ago in reply to Qoosh

I'm having this same issue as well if you can help.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Qoosh over 3 years ago in reply to Craig Carrigan

Hello Craig,

As an initial step, I'd recommend running the following command.
# systemextensionsctl list

The "network_extension" should report back with Version 10.3.0, "scanextension" should report back with 10.3.1.

Let me know if you see additional system extensions present when running the command.
Cancel
Vote Up 0 Vote Down

Cancel
0 Craig Carrigan over 3 years ago in reply to Qoosh

Thanks! Yes, that what it shows (just the 2 with those versions). When I install Sophos, things run fine until I reboot. I'm not sure if that helps in any way.
Cancel
Vote Up 0 Vote Down

Cancel
0 Thomas Brueckner over 3 years ago in reply to Qoosh

Here is the listing for Sophos extensions"

com.sophos.endpoint.networkextension (10.2.2/223121) networkextension [activated enabled]

com.sophos.endpoint.scanextension (10.2.2/223121) com.sophos.endpoint.scanextension [activated enabled]

But the networkextension is bombing my CPU. I force quitted it, but it eventually restarts.
Cancel
Vote Up 0 Vote Down

Cancel

Sophos Endpoint Intercept X (Malicious Traffic Detection) slows down MacOS Monterey extremely

Submitted a Tech Support Case lately from the Support Portal?