Endpoint Protection

 View Only

  • 1.  Active Scans/defwatch scans taking a long time

    Posted Sep 07, 2011 04:15 PM

    Has anyone seen active scans take 10-20 minutes in their environment on a relatively recent machine?

    We have a couple users complaining that their defwatch scans are "slowing the system to a crawl". On all the systems I use, I don't even notice them.

    What sorts of things would cause these scans to run long? Is there any reason why one machine with the same specs as another would have slowness while the other is perfectly fine? Obviously too many programs running, RAM considerations, etc... but anything else? Is there a particular place that is scanned where temp files or the like could stack up and require a longer scan?

    Is there a way to clear out the scan cache so I can test the active scan capability as it would be when new defs arrive?



  • 2.  RE: Active Scans/defwatch scans taking a long time

    Posted Sep 07, 2011 07:06 PM

    I've seen scans take longer when the hard drive was fragmented. Just tossing that out there. System performance goes back to the basics first.

     



  • 3.  RE: Active Scans/defwatch scans taking a long time

    Posted Sep 07, 2011 08:53 PM

    Are you positive the scans are actually taking that long? Have you confirmed the scan start/finish times with the logs? I have to agree with khaskins82, usually its a hard drive issue, especially if your drives are encrypted, etc. Otherwise you may double check your scan settings. I assume all these machines, working or not, have the same scan settings?



  • 4.  RE: Active Scans/defwatch scans taking a long time

    Posted Sep 12, 2011 04:07 PM

    Yes all are running on the same settings. I have confirmed scan times with logs. I will check on the fragmentation of the drives in question.



  • 5.  RE: Active Scans/defwatch scans taking a long time

    Posted Sep 12, 2011 10:22 PM

    delete files in quarantine  and then check the scan times.