One:
Don't run Sophos WebIntelligence. At all. Not by any registry keys that supposedly exclude processes from web intelligence but by disabling the component entirely. It's kernel components caused obscure crashes of the agents that took us two years to find the root cause of, with little to no help from Automic or Sophos. That was with 10.x but I have no reason to believe it has been rectified. Like with most anti virus "solutions", the vendors just kept passing the blame back and forth.
Source:
https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=817333Two:
Be prepared for Automic denying any support requests when they find out you are using Sophos. They used to have a KB article that told you that Sophos needs to be purged entirely from the AE system. I can not find that article at this time, maybe it vanished with the CA/Broadcom changes, but at least consider that you once heard it said that they
might pull that out in response to support requests, whether actually related to Sophos or not.
As for other exclusions, I can't comment much since we run our engine on Linux with no Sophos. Only our agents run on Windows, they seem to do fine with the presence of Sophos as long as WebIntelligence is utterly disabled. Even if your engine is on Windows my gut feeling is that you'd not be seeing much performance impact by having Sophos real-time scans for the memory parts, but I've never seen any benchmarks either way.
Hth,