I have changed our daily on-demand scanning routine and I would just like everyone's thoughts on if it's overkill or fine as some test users are complaining on some of the days the scan is slowing down the systems completely. I have set the CPU usage to 10% but it never sticks to it (don't know why)
9.30am - Memory for Rootkits
3.30pm - Running Processes
This are run at 12.30pm daily.
Monday Tuesday Wednesday Thursday Friday
User Profile Folder Windows Folder Program Files Folder Registry User Profile Folder
All sub folders Cookies Recycle Bin Temp Folder All sub folders
Boot Sectors All sub folders All sub folders All sub folders Boot Sectors
Boot Sectors Boot Sectors Boot Sectors
Any suggestions welcome. The company policy is to run a scan everyday.
I don't believe there is any way around the performance hit. To alleviate this, we chose to run the scan after normal business hours. Any chance you can do the same?
We cannot run after business hours as 90% of systems are shutdown at business end because of power/money saving at present. We are looking into using Power Management software to switch systems on at specific times at night but still in testing.
We are running VSE 8.7i and P4 Agent 4.5.1499 and 4.5.1810
Run it at non peak hours, because it is resource intensive in nature.
I think once per day is overkill, maybe try bi weekly or weekly. I would try to coordinate with users to leave their machines on at that time, depending on the size of the environment.
According to McAfee's own recommendations, do not scan running processes.
KB67634 "Process scanning is resource intensive and can negatively affect system performance. McAfee recommends that you disable the option to scan Processes on enable unless you require the maximum protection configuration for Access Protection in your environment. " (https://kc.mcafee.com/corporate/index?page=content&id=KB67634&actp=search&searchid=1273676278938)
I realize this KB article specifically relates to the setting 'scan processes on enable', but the same applies to running a manual scan of running processes while users are trying to work. Don't do it unless you require maximum protection in your environment. Most businesses require a balance between protection and productivity. So, my first recommendation is stop the on-demand scan that scans running processes.
Our own policy is to run a full system on-demand scan weekly, not daily. We have our users do a shutdown/restart at the end of the day instead of a shutdown. Then, after business hours, we run a scheduled task that first runs an on-demand scan and then powers off the workstation. Again, a balance between saving power, meeting the business requirements to scan all systems, and still meeting the business requirements of allowing users to be productive during the day.
I think I might have missed a trick here:
You get users to restart system and then you run a full On-Demand Scan and then shutdown the system.When you create the task for the full On-Demand scan what schedule type are you using, is it at 'System Startup' and do you use different software to shut the system down. Thanks for the infor regarding running processes.
The scheduling is outside of ePO, a .cmd file scheduled via Windows Task Scheduler that does a command-line scan of the system and then issues a shutdown command (shutdown -s -f -t 10). If ePO scan tasks allowed the option to run a command after the task is complete, that would let you do it via ePO.