We started to receive calls to our helpdesk around 8 am after the bank holiday break. Users initially reported slow boot-up of client devices, Internet dropouts when they finally did get logged on and slow server access. Upon investigating it was found that the Sophos System Protection Service (SSPService.exe) had high RAM Usage of 95%+ when Splashtop is installed on the server. This is due to the logs being created by Splashtop in the location “C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\” and being constantly scanned by Sophos.
The impact of this will be that the server is unusable as all the memory is being used on the server by the Sophos System Protection Service (SSPService.exe) service scanning the Splastop logs.
Known Fixes / Solutions
The fix for this is to add the path “C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\log\” to the Sophos Global exceptions list so that Sophos System Protection Service (SSPService.exe) no longer scans the folder location continuously.
Once the exceptions are in place for the device to pick up the policy, the service needs to be rebooted. To do this, you may need to central or locally disable Sophos Tamper protection to gain access to end the service manually and then reboot it.
We have also found that the problem affects Veeam giving the error below. A reboot resolves this.
You can run the following if you are a SyncroMSP Customer and must re-install Splashtop due to HUGH CPU usage from the SRAgent.exe service. Thanks to j.mcbride for the script
The high CPU usage from Splashtop also causes high CPU usage for Sophos. Reinstalling Splahtop solves both issues.
After re-install, you can see the CPU usage drop rapidly