Skip to content
Avanet
Sophos Endpoint Performance: New update improves efficiency

Sophos Endpoint Performance: New update improves efficiency

The latest update for Sophos Endpoint delivers measurable improvements in performance and resource usage. The agent has been streamlined, stores protection data more efficiently and reduces load spikes. For IT administrators, this creates more headroom on production systems while maintaining the same high level of protection. The focus is clear: noticeably better Sophos Endpoint performance in everyday use and under load.

Brief overview:

  • RAM overhead reduced by up to 40 percent
  • CPU load during telemetry uploads now consistently below 1 percent
  • Analytic Event Control avoids expensive inline interception during routine activities
  • Agent user interface no longer runs permanently in the background
  • Rollout of the Windows Agent v2025.2 from the end of August, broad availability by October
  • Exceptions: FTS (Fixed-Term Support), LTS (Long-Term Support) and legacy platforms
  • Improved system performance and shorter boot times
  • Reduced CPU and memory load in typical day-to-day scenarios
  • New scheduling for background processes
  • Fewer user complaints about slow systems
  • Rollout available immediately
  • Goal: measurably better Sophos Endpoint performance in production environments

Why the topic is relevant now

Endpoint security must not slow down production systems. In recent years, agent load has been a recurring point of criticism; many companies have moved to Microsoft Defender for that reason. With the current update, Sophos is addressing the core issue: lower resource consumption with unchanged protection, noticeable in CAD applications, video conferences and large Office files. The goal is clear, reproducible gains in Sophos Endpoint performance so that security and speed work together.

What is changing or new

With the new Agent v2025.2, Sophos optimizes four key areas:

  1. Scan and storage model: Protection data is stored in a newly structured format. This measurably reduces RAM overhead by up to 40 percent.
  2. Fast Data Hydration: Compression and decompression of telemetry data for the Sophos Data Lake have been reworked. Uploads no longer cause CPU spikes. CPU usage remains consistently below 1 percent system utilization.
  3. Analytic Event Control: Events are dynamically categorized into inline or asynchronous processing. Expensive inline interception is avoided for routine tasks such as Windows Updates.
  4. Agent User Interface Update: The user interface no longer runs permanently in the background. It is only loaded when opened deliberately. This saves resources while the system is idle.

Rollout: Auto-update via Sophos Central. No manual intervention is required. The rollout is staged from the end of August, with broad availability by October. Exceptions: FTS (Fixed-Term Support), LTS (Long-Term Support) and legacy platforms.

Add Threat Intelligence Feeds to Sophos Firewall
Sophos Endpoint Performance Update with v2025.2 - Source: Sophos Endpoint: Major performance enhancements

The result is faster response times, fewer delays when launching applications and a more stable user experience. Overall, this improves Sophos Endpoint performance in typical Office, RDP and CAD workloads.

Impact on Sophos and other platforms

The improvements affect the Sophos Endpoint Agent for Windows. Firewalls, Mobile and other modules remain unchanged. In heterogeneous environments with Microsoft Defender or other EPP solutions, coexistence remains possible. In migration projects, the improved Sophos Endpoint performance becomes an argument for standardization. The update primarily addresses the performance issues that have led organizations to switch to Defender in the past.

Useful note: Up to 30% less load on the firewall can be achieved when unnecessary traffic is blocked early. Malicious IP addresses can be stopped before they reach the network, significantly relieving the infrastructure. 👉 More on this: Threat Intelligence Feeds for the Firewall – Blocking Attacks Before They Knock

Conclusion

The update prioritizes performance without compromising protection quality. RAM and CPU optimizations, a decoupled UI and smarter event handling noticeably relieve production systems. This is overdue, as many companies have switched to Microsoft Defender due to performance problems. With v2025.2, Sophos significantly improves its position.

The new Sophos Endpoint update delivers urgently needed performance improvements. For administrators, this means less support effort and more satisfied users.

FAQ

When does the rollout start and when will effects be visible?

The Windows Agent v2025.2 rolls out in stages from the end of August. Broad availability is planned by October. The effects are measurable immediately after installation.

Are there restrictions on the rollout?

Yes. FTS (Fixed-Term Support), LTS (Long-Term Support) and legacy platforms are excluded. These will not receive the performance update.

Are policy changes necessary?

No. Policies remain compatible. The Detection-Only sensor is optional and should be used selectively.

What load values are realistic?

RAM overhead reduced by up to 40 percent. CPU consistently below 1 percent during Data Lake uploads. Lower CPU load during Windows Updates thanks to Analytic Event Control.

How to check the version?

Check the Agent version v2025.2 on the device details page in Sophos Central.
Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.