My MVM setup runs monthly vuln scans, full WHAM checks, on groups of 100 windows assets. The batch sizes are set to 32 and the sub-scans to 10. Some of these scans take up to 8 hours to complete.
We noticed that in the first 10 minutes of the scan, after the discovery phase, the FSL scripts per minute for each batch are ~700, the CPU goes up to 25% (4 cores) and the Network occupation goes no further than 33-35%.
After the first 10 minutes the FSL per minute drops slowly to 100-200 and the CPU and Network Bandwidth drop to < 5%. (During this time the TCP retransmission level is null).
The scan engine is a dedicated MVM-3000 (scan engine only).
How can we avoid the FSL drops and why they happen?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.