the ODS will also start if there is no user logged on. Normally you schedule the ODS on servers in non-peek hours (nights, weekends, ...). You will ALWAYS get complants from users with ODS on workstations :-). So be sure to set the ODS system utilization within the client task to low, so the impact to end users will be minimal.
Welcome to the forums.
at weekly or even daily.
This is true, but depends on your site's needs and activities. Laptops and portable devices are much harder to control and some desktops use, may need more or less controlled scans based on likely user activity. Servers complicate this even further.
My question when will be the best time to be chosen to run this scheduled
task if the scan frequency is set at daily?
Any considerations on the choice of scan time for it?
Several 'things' might adjust the schedule. I set up several different scans that run at different times throughout the week.
1) Daily Scan, 5:30 pm local: RAM, Rootkit, Processes, Profile, exclude MAPI on systems with large email storage
2) Weekly Scan, 5:30 pm local, Wednesday: RAM, Rootkit, Processes, Local Hard Drives, exclude MAPI on systems with large email storage
3) Weekly Scan, 5:30 pm local, Sunday: Full Scan, includes everything
In each case, I make sure to get DAT updates prior to Scan. This usually is the biggest performance hit noticed by users.
Also, set Scan Priority to Low, to minimize performance impact.
Scan 1) Generally doesn't impact performance much. Since I have it scheduled just after regular users have left for the day, I don't get any real problems. However, I do schedule a scan to start within 15 minutes (with a random 15 minute delay) if the user left the computer off, the night before.
Scan 2) Same as Scan 1 above, taking priority over Scan 1. I use Wednesday as this is the least likely day to be taken Off or have a holiday, which might leave the system off.
Scan 3) Full scan, run on the day least likely to interfere with users and performance. I set this scan to run against the entire drive including large MAPI data stores, which can take many hours. So, my users return Monday morning and this scan has completed.
My understanding is only a user is logging onto the system during the scheduled time,
then the scan task is tricked. If no active user ever logs on to a system for a particular
day, no scan will be run?
Is this understanding correct?
No. As Frank Enser stated, the user does not need to be logged on. The ODS jobs actually run as System, not as a User. As long as the computer is on, the job will run. I typically tell my clients to either Log off or Restart their system prior to leaving at night. (To save energy, I suggest shutting down only the monitor. This leaves the CPU running and able to receive updates, run scans, backup, etc.) By having the user restart or log off ensures that there are no programs still running which could interfere with nightly processes.
the "perk hours" for users to login to carry out their daily jobs heavily with systems and
applications. And quite often, it will cause high CPU utilization.
Set the ODS Scan Priority to Low. This should minimize it's impact on performance.
If we change the scan time to "non-perk hours", like lunch hours or even off-office
hours for this Active User On Demand Scan daily task, can this choice of time be justified?
It's all about the complete strategy you need. I think it works better to adjust to the end-user needs, not just sticking to the defaults. See my strategy above. Your mileage may vary.
A good guide to read might be "VSE v8.8 Best Practices Guide"
Good luck; I hope this helps.
Message was edited by: rmetzger (Improve readability) on 3/11/14 12:11:57 PM EDT
on 3/11/14 12:16:13 PM EDT
Hello, Frank & Ron, Many thanks for your answers & help.
Frank's answer lets me know I got a wrong understanding of how active user ODS works. This basic misconception leads to setting the schedule scan time at 10AM daily when the users should logon to systems so that I suppose the scan job will probably not be missed out. Now that I know I can set it at any point of time regardless user logon status. Just a further query, why is this scan named as "Active User" scan?
Ron's explanation does a lot of help. It gives me a useful case for reference. I think I will start working on it the similar way: figure out a complete strategy based on my environment as well as user needs; break down the regular scan to more granular sub-scans;...etc
Thanks again, I feel I will learn a lot knowledge/best practices from this forum in the future, this is great..
Just a further query, why is this scan named as "Active User" scan?
I think "Active User" scan, means creating a scan where the user might be Actively using the system. In this case, respect what is scanned so not to overly burden the system (performance).
Typically, it is called an On-Demand Scan (ODS). On-Demand can be scheduled via the ePO, Jobs within VirusScan Console, or Interactive by the request of the End User.
Best Practices Guide, pg 15, wrote:
Configuring Essential Security
7. Configuring regular on-demand scans
Configuring frequent active user on-demand scans
McAfee suggests configuring specific active user workstation on-demand scans, as opposed to
server on-demand scans. These active user on-demand scans should be run more frequently
than other scans, but since they have limited locations to scan should not impact the users.
These scans only include the following scan locations:
• User profile folder
• Temp folder
• Registered files
• Windows folder
These scan locations are frequent targets of malware attacks and should be scanned at least
weekly, or even daily.
Glad to help. Look forward to your questions.
Message was edited by: rmetzger on 3/11/14 1:19:52 PM EDT