Sophos Central: Performance issues caused by Aggressive threat detection enablement
Overview
Performance issues are being reported on Windows devices.
Product and Environment
- Sophos Central Windows Endpoint
- Sophos Central Windows Server
SURF Detections
Detected Log Lines
Log Lines Explained
What to do
Detected Log Lines
-
HKLM\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\EventJournal\ConfigValue Name="MonitorDirectoryReads" Type="REG_DWORD" Data="1"
Log Lines Explained
The registry value indicates that Aggressive threat detection has been turned on under Account Preferences in Sophos Central.
With Aggressive threat detection turned on, we will apply extra aggressive rules on devices to identify suspicious behavior and activity that testers would be looking to see.
This mode must also only be turned on if we advised you to or used by third-party testers. Due to the aggressive rules in this mode, admins must monitor device performance which could be impacted with this mode turned on.
What to do
- Sign in to your Sophos Central account.
- Click your account name in the top right corner of the page.
- Go to Account Details > Account Preferences.
- Under Evaluation Modes, turn off Aggressive threat detection and click Save.
