1 of 1 people found this helpful
A couple of instances of scanningprocess.exe run all the time if you've chosen realtime protection... it doesn't mean that a scan is running unless the CPU usage is above 0%.
The other potential issue is whether you've sent your changes out to the clients... modifying the settings on the core is only half the battle.
That is the issue as it does max out the cpu on both "cpus". Users complain of slow response times until the processes are stopped. If the scan were only to run in the off hours, it wouldnt matter how much cpu time it took, but I need the scan to be stopped before working hours. That make sense?
That seems like the root problem... even while scanning, the 8.8 Scanningprocess.exe doesn't go past 15% on my system, and most of the time it's at 4% or less. Are you running a recent version? Some of the first releases of LDAV were a lot less efficient, but if you're on 8.7 sp5 or 8.8 you shouldn't be seeing bad performance.
Currently we are on 8.7 SP4, so that might be the fix. We'll get current and see if that fixes the client portion. Still wonder about the operation of the restricted times though.
I've found that the restrictions restrict it to when it DOES run, rather than when NOT to run. I have my restrictions set from 18 to 7, which seems to tell it that it's allowed to run between 6:00pm and 7:59am. When I had it the other way around (7 to 18, similar to yours), the scans would always run during business hours and I'd get complaints. I've also set it to run at 1:00am every 7 days. The every 7 days part seems to hold, but the scans seem to run at all different times between 6:00pm and 7:59am after the initial scan. Subsequent scans on the following weeks seem to start at 6:00pm. I haven't been able to figure out how to make it run at 1:00am every time, other than changing the restriction to start at 1:00am. We were with Symantec AV for many years, and the scheduling part of LDAV just doesn't seem to work as well as SAV. I think they need to do a little more work on scheduling in LDAV. With SAV we could tell it to scan at 1:00am, and it would always scan at 1:00am unless the PC happened to be turned off. With LDAV it scans at all times of day unless you setup restrictions and rules and whatnot.
A few comments about Local Scheduler behavior:
I will list the fields, then the entries in those fields, and explain the meaning of each:
Note: This is based on the Local Scheduler dialog in the Agent Settings on an 8.8 core:
-- Events --
( ) Run when user logs in <-- this puts an entry into the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key.
( ) Run whenever the machine's IP Address changes <-- This entry puts in a Local Scheduler task that triggers when it detects the IP address has changed
-- Time --
Start (Date) at (Time)
(If you set a Start Date and Time for a specific time, if the computer misses a day, it will then run when the computer first boots up, and the start time will be reset to that new time when the computer booted up. So if you had it originally set to run at 12:30pm, and the computer was off for a day and missed that 12:30pm time, and the computer boots up at 8:00am the next day, it will run the task and then reset the start time to 8:00am). The problem is, eventually all your computers (if they are turned off for a day or two) will eventually drift to whatever time they all boot up in the morning. (In most businesses around 8am).
However, this is NOT true if you set a Time of Day filter (Known in 8.8 as the Time Range field).
If you set a Time Range, this is the range that the task is allowed to run in. This will also have the effect of locking the time you have set within the Start Time and Date field.
You can also limit the days of the week and days of the month.
Minimum Bandwidth filters are the ability to say that the task will only run if the computer exceeds whatever bandwidth you have set, be it RAS, WAN, or LAN.
The "To:" field next to Minimum Bandwidth refers to a computername that you want to test the bandwidth against. From your client TO whatever computername you specify.
One question that arises here is what does "Machine must be idle" really mean? The criteria for the Machine must be idle state are: the OS is locked, the screen saver is active, or the user is logged out.
In large environments, when you have set a specific time for the Vulnerability Scanner to run, it is also very wise to set an additional random delay.
By default the random delay is 1 hour. The reason why this is necessary, is if you have many many computers all scanning into the server at exactly the same time, it can overwhelm the server and everything will start to go south. Therefore, in large environments, the additional random delay is necessary.
We also have a patch that resolves local scheduler problems with Antivirus.
Here is my answer from another thread regarding that:
We discovered an issue where the filters for the local scheduler were not being reapplied properly after they ran when written by LDAV.EXE.
This applied to LDAV /UPDATE and to LDAV /SCANCOMPUTER.
This resulted in scans and updates running outside of their allotted time window, and multiple times throughout the day.
This was fixed in LTAPI.DLL in the following patch:
Because LTAPI.DLL is part of the main Agent and not specifically part of LANDesk Antivirus, you will need to redeploy your agent in order to update this file on your clients.
Please apply this patch.