How to limit CPU usage during On-Demand Scan Task

Hello,
Is there any way to limit the cpu usage during an On-Demand Scan task of client's machines?

I want to be able to conduct threat scans of client's machines when they are on during the work day, but these scans really hog up the resources and even prevent us from remoting in and determining why the user's machine is "acting really slow".

As a user in a previous thread stated, some people in the real world still have older machines. And these scans really prevent them from working once the scanning starts.

Using Eset Endpoint 5.02.

 

It is not possible. It's the operating system which controls CPU usage by processes. However, you could try setting CPU affinity for ekrn via the task manager and see if that helps you. I, for, one, would not run scheduled on-demand scans on a daily basis as other protection modules protect the computer from threats in real time. Also startup scans are run automatically after each update to ensure that potentially running threats (e.g. which were not previously recognized) are detected and removed.

 

Hello.
thank you for replying. These are not scheduled scans. This is an on-demand threat scan started from the Remote Administrator Console. And the CPU demand is way over 50%. It prevents the user from working effectively.

 

I would suggest setting up an in depth scan in the scheduler to run at night on machines if left on overnight. I have this set up for all of the machines I manage. If your users normally turn off their machine at night, ask them to log off, but leave the pc on overnight.

I will add that on new machines I've done on demand scans and never had a complaint from a user. But on old machines such as single core cpu's it will cause performance problems. Overnight scan would solve this problem.

 

Thank you for replying Mr Natural,
Is that advisable when ESET gets a report of a threat? To leave that machine running free until nightfall?

Isn't the idea behind mitigating threats is to know about them and then scan for them right then?

Remember, this is a scan initiated because a threat has been detected and listed by ESET Remote Admin Console.

 

It's been my experience that if Eset detects a threat it will take appropriate action, terminate activity, delete and or quarantine the malicious program. I don't think I've ever bothered with doing a complete scan on a system after Eset detects a threat. Also when when I get a threat alert from a pc I will sometimes log into that system and manually remove the malicious file if it still resides on the system. The threat logs will give the location of the file in question.

It's the malware that sometimes does not get detected which will cause problems. This is where occasional overnight in depth scans will help as malware signatures are updated over time.

 

I have found that to be the case for most of the time as well Mr Natural. That Eset will handle the problem on its own. However, there are times after I have initiated a manual on-demand scan, that the results return that it still found problem files and was not able to 'clean' them.

This happens probably 10% of the time.

We then have the machine brought in for a wipe.

 

Please provide more details about the location and name of the files as well as the name of the threat detected which was not cleaned automatically. This can happen in cases when system files get patched and removing them would cause stability issues.

 

If an unrecognized threat makes it to a machine, the startup scan launched automatically after each update should detect and remove it. Should you run into a case when a threat is not removed automatically and a manual intervention is required, please report it to us so that we can look into it.

 

Thank you Marcos.
Now that I am in my current position as ESET Admin, I will do that. During the time I was mentioning, I was a Jr Admin. Do you have a link that can walk me through how to submit threats?

However, to find these cases, I have to conduct the on-demand scan. But, if it affects user this much, then I'm not sure if I can do it any longer.

I see things like this:

Level Critical Warning
Scanner HTTP filter
Object file
Name -http://javadl-esd.sun.com/update/sponsors/ask5/ApnToolbarInstaller.exe-
Threat a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
Action unable to clean
Information Threat was detected upon access to web by the application: C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub\ORJ\Local\ApnStub.exe.

And another:

Scanner HTTP filter
Object file
Name -http://cdn1.bitberry.com/ffv/w3i/20120730/FreeFileViewer2012Setup.exe-
Threat a variant of Win32/InstallIQ potentially unwanted application
Action unable to clean
Information Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

These are the types of reports where I want to conduct an On-Demand scan to make sure the threat is in fact gone, or if it really can't be cleaned, then to bring it in.