How to limit CPU usage during On-Demand Scan Task

Discussion in 'ESET Endpoint Products' started by captainfish, Sep 11, 2012.

Thread Status:
Not open for further replies.
  1. captainfish
    Offline

    captainfish Registered Member

    Hello,
    Is there any way to limit the cpu usage during an On-Demand Scan task of client's machines?

    I want to be able to conduct threat scans of client's machines when they are on during the work day, but these scans really hog up the resources and even prevent us from remoting in and determining why the user's machine is "acting really slow".

    As a user in a previous thread stated, some people in the real world still have older machines. And these scans really prevent them from working once the scanning starts.

    Using Eset Endpoint 5.02.
  2. Marcos
    Offline

    Marcos Eset Staff Account

    It is not possible. It's the operating system which controls CPU usage by processes. However, you could try setting CPU affinity for ekrn via the task manager and see if that helps you. I, for, one, would not run scheduled on-demand scans on a daily basis as other protection modules protect the computer from threats in real time. Also startup scans are run automatically after each update to ensure that potentially running threats (e.g. which were not previously recognized) are detected and removed.
  3. captainfish
    Offline

    captainfish Registered Member

    Hello.
    thank you for replying. These are not scheduled scans. This is an on-demand threat scan started from the Remote Administrator Console. And the CPU demand is way over 50%. It prevents the user from working effectively.
    Last edited: Sep 12, 2012
  4. Mister Natural
    Offline

    Mister Natural Registered Member

    I would suggest setting up an in depth scan in the scheduler to run at night on machines if left on overnight. I have this set up for all of the machines I manage. If your users normally turn off their machine at night, ask them to log off, but leave the pc on overnight.

    I will add that on new machines I've done on demand scans and never had a complaint from a user. But on old machines such as single core cpu's it will cause performance problems. Overnight scan would solve this problem.
  5. captainfish
    Offline

    captainfish Registered Member

    Thank you for replying Mr Natural,
    Is that advisable when ESET gets a report of a threat? To leave that machine running free until nightfall?

    Isn't the idea behind mitigating threats is to know about them and then scan for them right then?

    Remember, this is a scan initiated because a threat has been detected and listed by ESET Remote Admin Console.
  6. Mister Natural
    Offline

    Mister Natural Registered Member

    It's been my experience that if Eset detects a threat it will take appropriate action, terminate activity, delete and or quarantine the malicious program. I don't think I've ever bothered with doing a complete scan on a system after Eset detects a threat. Also when when I get a threat alert from a pc I will sometimes log into that system and manually remove the malicious file if it still resides on the system. The threat logs will give the location of the file in question.

    It's the malware that sometimes does not get detected which will cause problems. This is where occasional overnight in depth scans will help as malware signatures are updated over time.
  7. captainfish
    Offline

    captainfish Registered Member

    I have found that to be the case for most of the time as well Mr Natural. That Eset will handle the problem on its own. However, there are times after I have initiated a manual on-demand scan, that the results return that it still found problem files and was not able to 'clean' them.

    This happens probably 10% of the time.

    We then have the machine brought in for a wipe.
  8. Marcos
    Offline

    Marcos Eset Staff Account

    Please provide more details about the location and name of the files as well as the name of the threat detected which was not cleaned automatically. This can happen in cases when system files get patched and removing them would cause stability issues.
  9. Marcos
    Offline

    Marcos Eset Staff Account

    If an unrecognized threat makes it to a machine, the startup scan launched automatically after each update should detect and remove it. Should you run into a case when a threat is not removed automatically and a manual intervention is required, please report it to us so that we can look into it.
  10. captainfish
    Offline

    captainfish Registered Member

    Thank you Marcos.
    Now that I am in my current position as ESET Admin, I will do that. During the time I was mentioning, I was a Jr Admin. Do you have a link that can walk me through how to submit threats?

    However, to find these cases, I have to conduct the on-demand scan. But, if it affects user this much, then I'm not sure if I can do it any longer.

    I see things like this:

    Level Critical Warning
    Scanner HTTP filter
    Object file
    Name -http://javadl-esd.sun.com/update/sponsors/ask5/ApnToolbarInstaller.exe-
    Threat a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
    Action unable to clean
    Information Threat was detected upon access to web by the application: C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub\ORJ\Local\ApnStub.exe.

    And another:

    Scanner HTTP filter
    Object file
    Name -http://cdn1.bitberry.com/ffv/w3i/20120730/FreeFileViewer2012Setup.exe-
    Threat a variant of Win32/InstallIQ potentially unwanted application
    Action unable to clean
    Information Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

    These are the types of reports where I want to conduct an On-Demand scan to make sure the threat is in fact gone, or if it really can't be cleaned, then to bring it in.
    Last edited by a moderator: Sep 13, 2012
Thread Status:
Not open for further replies.