Antivirus on demand scan performance

Version 9

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x

    Applies to LANDESK Management Suite 9.6 and above.


    This article is intended to give recommendations, suggestions and explanations on how we can influence the performance of the antivirus on-demand scan.




    The first step will be to add accurate exclusions (exceptions). An antivirus scanning exclusion is an instruction created by the user or administrator telling the real-time scanner and/or the manual scanner not to scan certain folders, file types and/or files. Often the word "Exception" and "Exclusion" are both used when describing this.


    Here is a tutorial about adding exclusions:

    Here is a tutorial about exclusions on a LANDESK Core server:



    Scan only new and changed files


    Kaspersky Anti-Virus features an algorithm allowing to improve its performance by estimating file threat level on the basis of its last modification date. File last modification date is compared against its first scan date, creation date, and antivirus databases release date. It considers scanning performed by any Kaspersky Anti-Virus task, Real-time protection or an on-demand-scan task.

    This settings can be accessed on the Core Server : Agent Settings > Security > LANDESK Antivirus and on the client itself as well.




    In order to know if this settings is enable on the client, we will have to check inside the trace logs.


    iSwift and iChecker


    iChecker and iSwift are special technologies that allow speeding up work of protection components of Kaspersky Endpoint Security with files located on the computer.

    • iChecker calculates and remembers checksums of scanned files. A checksum is a digital signature of an object (file) which allows identifying its authenticity.
    • iSwift technology is a modification of the iChecker technology but for NTFS file systems.





    If you would like to check if these settings are applied to the client machine, there few registry keys to look after.

    You should look at the keys UseIChecker and UseIStreams at this branch (the path is checked for 32-bit Windows):

    • HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\File_Monitoring\settings


    In case of scan tasks settings, please see the keys in corresponding branches. The examples are for Startup Scan and Full Scan tasks (on 32-bit Windows):

    • HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Scan_My_Computer\settings
    • HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Scan_Startup\settings


    Please note that the keys’ values are changed on exit from KES.

    For more information related to these technologies you can refer to this Kaspersky article :



    Scan archives


    The last configuration would be to not scan archives, especially if they are already scanned by the Real-Time scanner. If there are a large amount of archives, the time consumed by the on-demand scan will increase dramatically. The engine has to decompress the archive, scan it and recompress it, which will be time consuming.





    Logs and traces


    If you feel that your on-demand scan is not performing as you would like after implementing the above recommendations/suggestions, you can open a case with the support.

    In order to further troubleshoot performance issues, the support will need logs, traces and a GetSystem Info report as detailed in the following article: