Sophos Endpoint Performance: New update for better efficiency

The latest update for Sophos Endpoint brings demonstrable improvements in performance and resource utilization. The agent has been streamlined, stores protection data more efficiently and reduces peak loads. This gives IT administrators more leeway on productive systems while maintaining a high level of protection. Focus: noticeably better Sophos Endpoint performance in everyday use and under load.

Brief overview:

  • Brief overview:
  • RAM overhead reduced by up to 40 percent
  • CPU load for telemetry uploads now consistently below 1 percent
  • Analytical event control avoids expensive inline interception for routine activities
  • Agent UI no longer runs permanently in the background
  • Rollout of Windows Agent v2025.2 from the end of August, broad availability until October
  • Exceptions: FTS (Fixed-Term Support), LTS (Long-Term Support) and legacy platforms
  • Improved system performance and shorter boot times
  • Reduced CPU and memory load in typical everyday scenarios
  • New scheduling for background processes
  • Fewer user complaints about slow systems
  • Rollout available immediately
  • Goal: measurably better Sophos endpoint performance in productive environments

Why the topic is relevant now

Endpoint security must not slow down productive systems. In recent years, the agent load has been a recurring point of criticism; many companies have therefore switched to Microsoft Defender. With the current update, Sophos is addressing the core cause: less resource consumption with unchanged protection, noticeable in CAD, video conferences and large Office files. The aim is to achieve clear, reproducible gains in Sophos endpoint performance so that security and speed go hand in hand.

What is changing or what is new

With the new Agent v2025.2, Sophos is optimizing four key areas:

  1. Scan and storage model: protection data is stored in a newly structured form. This measurably reduces RAM overhead by up to 40 percent.
  2. Fast Data Hydration: Compression and decompression of telemetry data for the Sophos Data Lake have been revised. Uploads no longer cause CPU spikes. The CPU remains consistently below 1 percent system utilization.
  3. Analytic Event Control: Events are dynamically categorized into inline or asynchronous processing. Expensive inline interception is avoided for routine tasks such as Windows updates.
  4. Agent UI update: The user interface no longer runs permanently in the background. It is only loaded when you open it specifically. This saves resources when idle.

Rollout: Auto-update via Sophos Central. No manual intervention necessary. Staggered from the end of August, broad availability until October. Exceptions: FTS (Fixed-Term Support), LTS (Long-Term Support) and legacy platforms.

Add threat intelligence feeds to Sophos Firewall
Sophos Endpoint Performance Update mit v2025.2
Source: Sophos Endpoint: Major performance enhancements

The result is faster response times, fewer application startup delays and a more stable user experience. The bottom line is that this improves Sophos Endpoint performance in typical Office, RDP and CAD workloads.

Impact on Sophos and other platforms

The improvements affect the Sophos Endpoint Agent for Windows. Firewalls, mobile and other modules remain unchanged. You can continue to coexist in heterogeneous environments with Microsoft Defender or other EPPs. In migration projects, the increased Sophos Endpoint performance serves as an argument for standardization. The update primarily addresses the performance problems that have led to people switching to Defender in the past.

Sensible advertising: Up to 30% less load on the firewall can be achieved if unnecessary traffic is blocked at an early stage. Malicious IP addresses can be blocked before they reach the network and the load on the infrastructure is significantly reduced.
👉 Read more: Threat intelligence feeds for the firewall – block attacks before they come knocking

Conclusion

The update prioritizes performance without compromising on protection quality. RAM and CPU optimizations, a decoupled UI and smarter event handling noticeably reduce the load on productive systems. This is long overdue, as many companies have switched to Microsoft Defender due to performance problems. With v2025.2, Sophos is significantly improving the starting position.

The new Sophos Endpoint Update brings much-needed performance improvements. For administrators, this means less support work and satisfied users.

FAQ

When will the rollout start and when will we see the effects?

The Windows Agent v2025.2 will be rolled out in stages from the end of August. Broad availability until October. Effects can be measured immediately after installation.

Are there any restrictions on the rollout?

Yes, FTS (Fixed-Term Support), LTS (Long-Term Support) and legacy platforms are excluded. These will not receive the performance update.

Are policy changes necessary?

No. Policies remain compatible. The detection only sensor is optional and should be used selectively.

What load values are realistic?

RAM overhead reduced by up to 40 percent. CPU during data lake uploads consistently below 1 percent. Less CPU load during Windows updates thanks to analytical event control.

How do you check the version?

Check the agent version v2025.2 on the device details page in Sophos Central.

Patrizio
Patrizio

Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.