Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3897 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9.7 updates slow on Windows 7 32 bit machine

Sophos_User

Hello,

I know that there were problem with the way Sophos updated the clients with Sophos 9.5.

We have upgraded to 9.7 and still get reports from users that whenever Sophos applies an update their machines become noticeably slower.

These machines are at least Dual Core Processors with 4 GB of ram and plently of HDD space. 

Has anybody run into the same issue and if so how have you resolved it?

Thanks!

:15641


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I assume it's just after SAV actually updates (i.e. new ide files are downloaded) rather than just the checks to the CID to see if an update is required?

    The update time asside, the fact the slow-down occurs just after an update, I can only assume this is due to the checksum cache being cleared, as when SAV obtains a new definition, SAV essentially starts building up it's checksum cache again.  As it can't count on the files it has already got checksums for being clean, based on the new data.

    As an example. If I have a file or multiple files which are quite complex to scan and they are opened quite often by a piece of software, the first time they are opened SAV would scan them and it might be a bit slow.  The next time the file is opened, providing hte file hasn't changed and SAV hasn't updated, it wouldn't need to scan the file again so it would be quick.  So based on that you can see why after an update, depending on the software installed and the files it uses, it could be slow for a short time.

    Also worth considering: are the scanning settings different from the defaults?  On-write? Scan all files? Scan inside archives? Does it help to retun the machine to the default on-access settings?

    I would probably try and Process Monitor an update of a machine and see if this then causes SAV to start scan certain files again.  Maybe you could try introducing a few exclusions based on that test to see if that helps to narrow down the problem.

    Regards,

    Jak

    :15649
Reply
  • 0

    Hi,

    I assume it's just after SAV actually updates (i.e. new ide files are downloaded) rather than just the checks to the CID to see if an update is required?

    The update time asside, the fact the slow-down occurs just after an update, I can only assume this is due to the checksum cache being cleared, as when SAV obtains a new definition, SAV essentially starts building up it's checksum cache again.  As it can't count on the files it has already got checksums for being clean, based on the new data.

    As an example. If I have a file or multiple files which are quite complex to scan and they are opened quite often by a piece of software, the first time they are opened SAV would scan them and it might be a bit slow.  The next time the file is opened, providing hte file hasn't changed and SAV hasn't updated, it wouldn't need to scan the file again so it would be quick.  So based on that you can see why after an update, depending on the software installed and the files it uses, it could be slow for a short time.

    Also worth considering: are the scanning settings different from the defaults?  On-write? Scan all files? Scan inside archives? Does it help to retun the machine to the default on-access settings?

    I would probably try and Process Monitor an update of a machine and see if this then causes SAV to start scan certain files again.  Maybe you could try introducing a few exclusions based on that test to see if that helps to narrow down the problem.

    Regards,

    Jak

    :15649
Children
No Data