Currently we have 350 clients managed by our EPO and our security policy requires a full daily scan to be performed. All machines start their scan at 6:30PM and this is having serious performance impacts on our ESXi hosts due to excessive CPU utilization, especially since we over-provision.
Can you please point me to literature that shows how to stagger these full scans, I read that some people use Tags however I'm quite new to EPO.
Thanks in advance for any help.
1) Look into MOVE for your virtualization scanning instead of using traditional VSE.
2) Randomize the start time of the Client Task. If your scan takes, say, an hour on average, you can randomize across a six-hour window. In general, only 1/6th of your clients will be scanning at any given time.
3) Create a set of tags (say, "5 PM scan", 6 PM scan", etc.) and apply those tags evenly between your systems. Create a client task that applies to the group those systems are in and allow that client task to run only on the systems with the correct tag. The big downside here is that net-new systems will not have a scan task set up unless you manually enable them.
4) Create several subgroups of your current group, and name them "5 PM scan", "6 PM scan", etc. Distribute your managed clients among those groups and assign each group a client task that runs at the specified time.
All great responses from tkinkead
We use a mixture of all of the above suggestions.
If you have access to MOVE this is a great tool set. It sends all the scan events to a dedicated Offload scan Server and comes in two options, multi platform or agentless. We opted for multi platform due to the Agentless option having less features within the exclusion lists and not having access to the VMWare ESX component required which we were not licensed for.
We also use the client task randomisation feature in or On demand Scan tasks and our DAT update tasks all assigned using tags.
McAfee Volunteer Moderator
Certified McAfee Product Specialist - ePO