This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSPService, high memory usage in win10 - multiple systems

Hey all,

SSPService.exe is bringing numerous windows 10 pro machines to a crawl in my department where the memory usage is 99-100% as seen under Processes in the task manager.  This appears to be 100% of the time.  

What is the current solution?  These machines are all on latest updates for Sophos and windows.   

Thanks,

matt



This thread was automatically locked due to age.
  • Hi Matt, we have the same problem, where you able to find a solution to this ?

  • I haven't to date.  I am getting hammered by staff because all the computers are extremely bogged down.  I was hoping to get a response in the forum  but will be creating a ticket.  

  • Hello Matt,

    For those affected systems may we know what's the current version of the endpoint installed on it. I would like to ask your help if you can perform the basic troubleshooting on one affected device. Once you identify which component triggers SSP to have such a high Utilization, re-create the issue and Collect SDU logs and Procmon so that we can take a peek at the logs and found out what's going on. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • Got an active case going however have not received anything from Sophos support they seem to not be aware of a general issue. Will let you know if we are able to pickup anything, they have us currently doing basic troubleshooting steps which is going slow.

  • By any chance can you DM me the Case ID so that I can take a look and ask for a follow-up.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • My house got hit with covid and just catching up on emails.  I have case created but will keep this thread up to date as well.  I am sending over images of high usage along with added info requested.  

  • As one example of many where sophos is running non-stop in high usage.

  • Hi Glenn

    Case #: 31053031

    Screenshots below are what we are observing on our endpoints, with a fully up to date sophos client at the time.

    The other problem we encountered is that one some of these endpoint once they are rebooted, multiple installed application are no longer working, google chrome, adobe, office all need to be reinstalled and in some cases file explorer also is not working, for these workstations we reloaded in order to save time as we make use of autopilot/intune.

    As for our case, we are following what I assume is a standard troubleshooting guide of disabling services one by one and restarting the endpoint, this then takes a lot of time for the issue to reappear as the reboot sorts out the high memory usage and we have to wait for it to return to the problematic state before continue on to the next step.

    Matt are you experiencing any of the corrupt OS/application symptoms?

    Another endpoint:

  • I would try disabling behavioural protection in the threat protection policy as that could account for some of the CPU usage of SSPService.exe.

    Following that, just run Process Monitor with a filter for process sspservice.exe, it might be apparent straight away where all the time is spent. A couple of minutes when you have the issue should be quite revealing I would think. Might hint at possible exclusions for example.

    Otherwise, for full details, capture the issue with a ETL trace, from an admin prompt:

    wpr.exe -start GeneralProfile

    Leave for a couple of minutes when the CPU usage is occurring, then run

    wpr.exe -stop C:\genp.etl

    Support should be able to work out what's going on with the C:\genp.etl ETL trace given they have the symbols. If you load it in Windows Performance Analyzer it should be possible to work out roughly what's going on without the Sophos symbols loaded but with the Microsoft ones.

  • several of my users facing this similar issues currently.  found a bit weird. only recently.