Sophos Endpoint: Major performance enhancements

ProductsSophos Endpoint

We’ve reduced the footprint of the Sophos Endpoint agent to deliver a significantly improved user experience while continuing to provide the best protection.

Aug 21 2025 By

Tough on threats. Easy on performance.

Sophos’ technology is rooted in our unique prevention-first approach that reduces breaches, adapts defenses in response to an attack, and improves detection and response outcomes. As attackers continue to evolve their threats and techniques, we continue to innovate the defenses in Sophos Endpoint to further protect customers against active adversaries.

Robust security is critical for all organizations. It’s also critical, however, that security software doesn’t significantly impact system performance or get in the user’s way during normal use. After all, endpoint security solutions are designed to protect computers from threats, not to act like one!

We continually balance the need for the strongest security with the optimal user experience. We are delighted to announce that the latest release of the Sophos Endpoint agent for Windows — version 2025.2 — includes major performance enhancements, delivering an improved experience for end users.

Remove the objection. Secure the win.

The Sophos Endpoint agent has, historically, required a slightly higher footprint than certain other solutions in the market, due in part to the additional protection capabilities that other vendors lack — for example, web protection, web control, app control, and adaptive attack protection. Other solutions may also depend more on cloud-based detection and human-driven responses that could delay protection compared to on-device protection. Understandably, strong on-device security features like web protection require some resources from the endpoint!

Winning conversations, made simpler

With the major enhancements included in the latest Sophos Endpoint release, you can talk with confidence about the superior protection capabilities of the solution — PLUS — an agent that’s comparable in size.

Sophos delivers uncompromised security, optimized for efficiency:

 

“For many years, competitors and prospects have brought up our endpoint agent footprint as a point against us. In practice, the performance has met the needs of tens of thousands of Sophos Endpoint customers. Still, the new, streamlined agent version will strengthen our position against competitors without sacrificing our advantage in effective, multi-layered protection.”

—Maxim Weinstein, VP, Market & Competitive Intelligence – Sophos


See the Endpoint Cheat Sheet and Battlecards on the Sophos Partner Portal for additional competitive information.

 

Let’s get technical: What are the changes?

The Sophos engineering team continually strives to minimize the performance impact of the endpoint agent on both user and server devices. The latest release includes some of the most significant enhancements to date, including:

  • Memory optimization. The method of storing and accessing protection data has been rearchitected, resulting in a significant reduction in the agent’s memory footprint. This is the most significant optimization in this release, reducing the RAM overhead by 40%!
  • Fast data hydration. The mechanism used to compress and decompress telemetry data for transmission to the Sophos data lake has been overhauled. No more CPU spikes due to data lake uploads! CPU is now consistently below 1% system usage.
  • Analytic event control. SophosLabs can now dynamically control which events require resource-intensive in-line interception, versus events that can be intercepted asynchronously to avoid unnecessary resource usage during common tasks, such as Windows updates.
  • Agent UI update. Previously, the Sophos Endpoint agent’s user interface ran continuously in the background, consuming resources, waiting for the user to open it to check events. Now, the UI only loads if launched by the user via the Taskbar icon.

On the launch pad: When will customers see the benefits?

Good news! The new version (2025.2) of the Windows agent will start to roll out to customers from late August. The deployment will start with Taegis customers (Sophos Endpoint is now included with Taegis XDR and MDR subscriptions) and then continue across the entire Sophos Endpoint customer base.

As always, we carefully stage rollouts to release updates, features, and content to customers in phases, minimizing the risk of any issues. We currently expect all customers* to have access to the new performance-optimized version of the agent on their computers and servers by October. Customers can check their endpoint agent version at any time, on the device details pages in Sophos Central.

 

*Excludes customers using Fixed-Term Support (FTS) packages, Long-Term Support (LTS) packages, and Sophos Endpoint for Legacy Platforms.

About the Author

Paul Murray is a Senior Product Marketing Director at Sophos with a focus on Endpoint Security and Security Operations. Paul has over twenty-five years’ experience across Product Management, Product Marketing and Product Design disciplines and, prior to joining Sophos in 2015, held product positions at Symantec, 1&1 Internet, Sky and BT.