Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 1 subscriber
  • Views 18254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos slow down while printing

Sztrovy

Hi,

I have Sophos SBE and our client computers are 64bit WIN7. All of the clients have Sophos Endpoint Security and Control 9.5.

We have a konica Minolta BizHub C250 with latest driver, which also really slow. Yesterday I realized, that while i'am waiting for the printing so much.
While word or outlook is waiting for the printing process, the whole computer freeze, and SavService.exe eat my processor's approx 30-40%.

I disabled on-access scanning and the printing was really fast without waiting.
When i try to modificate anything in the printer properties sophos also slow down!

I would like to make some exclusions, but i have no idea how many dir's to add.

Any comment are welcome.

:9385


This thread was automatically locked due to age.
  • 0

    ok RRR

    but the infection will be limited on the spool directory, also with regard to threats zero day they would pass with the on-access scanning enabled, am I wrong?

    :9919
  • 0

    but the infection will be limited on the spool directory

    Davide, this might be a misconception. The Wikipedia article for Computer Virus starts with Not to be confused with Malware. Malware is probably the biggest concern nowadays. It might have viral components but if their purpose is usually not the infection of all executables on one machine. In fact this is actually an undesirable property - while it increases infectivity it also raises the chance of being detected. Thus writers often take care that the viral part keeps a low profile (or even removes itself once it has succeeded in copying itself to another machine or medium). There's no need to run more than one copy of the "payload", e.g. a Trojan or a Bot. The goal is that this piece of software runs reliably (and in case of Bots totally undetected). While theoretically "any place" would work common and well-known directories are the better choice to "hide in plain sight".

    As to zero-day threats: Of course on-access would miss them. But let's assume such a thing sneaks in a settles in an exempted directory. When an IDE is eventually available then although the vector might still sit in a directory which has on-access turned on it will only be detected by a scheduled scan as the malicious item won't be accessed again thus you won't even get an alert which might at least arouse suspicion and "inspire" you to run a full scan. 

    One more comment: If a viral component has been dropped to an exempted folder accessible (and accessed) by other computers which exclude remote files from scanning and in turn exempt the same local folder ...

    Christian         

    :9945
  • 0

    Hello,

    I removed the exlusion, because the removeing deutors made positive change.
    Now I would like to open a ticket at the support.

    Mate

    :10065
  • 0

    Has there been any updates on this issue?  I believe we are experiencing the same type of issue at UNL.

    :10523
  • 0

    Hello,

    I've just wrote the email to the support. What is your problem, and which printer driver do you have?

    I realized, that our Konica-Minolta driver is very slow also, but without removing deutors the driver stuck on savservice.exe

    Mate

    :10561