Endpoint Protection

Our software guys using SEP 11.6 are complaining that our policy scheduled scans are causing massive disk access.  Not the cpu, disk access.  The end result is they can take 2 minutes or more to open one single file.  Since they are programming software all day, 2 minutes for each file is making them very unhappy with performance.

Problems /questions are:

1. I can reschedule the scan, but:  If I go for 5 pm if they don't scan then I believe it kicks in the next day at 8 (also bad)

2. I don't see a way to lower the intensity of the scan.  I have plenty of files excluded, (c files things like that since they are plain text) does scheduled scan use the exclusion list.

3. These guys are responsible enough to run their own scans.  I get almost no virus incursions since if one of them gets a browser pop up saying "you have a virus" they immediately bring up task mgr and kill the browser process and then scan.  (engineers,they tend to be a bit detail oriented) :)

4. I can unlock the policy setting, but that impacts others outside of our branch that might not be as responsible.

I do wish the product could detect the last full scan and if it was within a time window just ignore the scheduled scan.  i.e. if the scheduled scan's on Wednesday and the user manually did a full scan on Tuesday that would trigger an exclusion on the scheduled scan.  (I don't believe that feature exists...:( )

Any suggestions:  My software engineers are very unhappy with their performnce degrading so much during the scheduled scans.

Check your tuning options for the scheduled scan, make sure it is set to "Best Application Performance"

Also, under Auto-Protect, set it to "Scan when a file is modified"

These seem to help somewhat but our engineers still complain. We finally moved to giving them the option to snooze the scan for period of time. Still complain but only about a quarter of the time now :-)

The other thing I recommended was to move all their stuff off the C: and onto the network shares. They loved keeping everything on their C: for some reason.

oh, so this was a confirmed bug before the 11.0.6 MR6 MP1 or just coincidence that i also suffer the same problem about 100% CPU usage during the scheduled scan, some people in my company also reports that their workstation must be forced OFF due to the CPU usage.

1. I can reschedule the scan, but: If I go for 5 pm if they don't scan then I believe it kicks in the next day at 8 (also bad)

-------If you uncheck retry option under schedule--->scheduled missed scan you can avoid the scan starting at morning...

2. I don't see a way to lower the intensity of the scan. I have plenty of files excluded, (c files things like that since they are plain text) does scheduled scan use the exclusion list.

---------Edit the scheduled scan in AV/AS policy go to advanced scanning options-->tuning and set it to best application performance..

3.&4.You can create a separate group for these engineers and create a non shard policy for them...

<<o wish the product could detect the last full scan and if it was within a time window just ignore the scheduled scan. i.e. if the scheduled scan's on Wednesday and the user manually did a full scan on Tuesday that would trigger an exclusion on the scheduled scan. (I don't believe that feature exists...:( )>>>

---This feature is currently not available.Anyway you can submit it as an idea.

Also check the possibility of schedule scan frequency...