Sophos Endpoint Security 9.7 / CA Arcserve R16 Performance Issue

Hello Saleem,

as you saw it's On-Access scanning which slows the backup down. It is not the executables though but the files accessed by the backup software (thus excluding ARCserve's files and folders won't help). A noticeable to significant slowdown is expected but not a factor of more than 10.

A workaround - though I don't recommend it - is stopping and disabling the Sophos Anti-Virus service (and AutoUpdate as well as an update might restart the former) during the backup. It's an additional risk and should only be implemented of the backup duration is otherwise unacceptable. I suggest you also give Support a call.

Christian

We ahve installed Sophos v10.0 and are experiencing slowdowns, 3,800 MB/min before installation and 2,700 MB/min after installation.  We are running scripts to disable the read and rename on-access scanning during the backup job, but this only covers the server that backup job runs from and does not cover the remote servers being backed up.  With the scripts being used the throughput went from 2,500 MB/min to 2,700 MB/min, which is not an improvement in our opinion.

We have contacted support but have not made any headway with resolving the slowdown.  What did you hear from support about this or were you able to find a usable solution?

I apologize for not updating this earlier, but we did find which processes need to be excluded using the ExcludedProcess method.  You will need to re-apply these exclusions each time there is a major update to the Sophos product, which is quite a pain in the you know what.  If someone has a way that we will not need to re-apply these after major updates, we would appreciate hearing.

When we were using Symantec Endpoint Protection we didn' have to do this or several other things that we have to do with Sophos to maintain system performance and protection.  Not sure it was worth the savings in the long run.

Modify the following registry key to include the following processes:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SAVOnAccess]

"ExcludedProcess0"="carunjob.exe"
"ExcludedProcess1"="UnivAgent.exe"
"ExcludedProcess2"="caagstart.exe"
"ExcludedProcess3"="DBENG.exe"
"ExcludedProcess4"="casdscsvc.exe"
"ExcludedProcess5"="cadiscovd.exe"
"ExcludedProcess6"="jobeng.exe"
"ExcludedProcess7"="casmgmtsvc.exe"
"ExcludedProcess8"="msgeng.exe"
"ExcludedProcess9"="Catirpc.exe"
"ExcludedProcess10"="caserved.exe"
"ExcludedProcess11"="tapeeng.exe"
"ExcludedProcess12"="Ofant.exe"
"ExcludedProcess13"="dbaexchr.exe"
"ExcludedProcess14"="ntagent.exe"
"ExcludedProcess15"="ofawin.exe"
"ExcludedProcess16"="OFANT.sys"
"ExcludedProcess17"="dbasvr.exe"
"ExcludedProcess18"="Catirpc.exe"
"ExcludedProcess19"="tapeeng.exe"
"ExcludedProcess20"="Caloggerd.exe"
"ExcludedProcess21"="dirwatcher.exe"
"ExcludedProcess22"="caservd.exe"

Hello musc_county,

do I understand correctly that turning of on-access scanning (guess you don't have on-write enabled at all) resulted only in a minor improvement but the process exclusions do help? This seems somewhat strange. Or do you apply the exclusions to the servers being backed up as well?

Christian