1 Reply Latest reply on Mar 31, 2017 4:11 AM by phoffmann

    vulscan causes 100% disk usage

    Jimmy.Chan Rookie

      I'm running Landesk Management suite 2016 SU5. The vulscan process causing 100% disk utilization which drag down the performance on the PC dramatically. Any idea how to resolve an issue?

      Thx much!

        • 1. Re: vulscan causes 100% disk usage
          phoffmann SupportEmployee

          Not a common thing.

           

          First things first:

          • You may want to update to LDMS 2016.3 (and potentially request SU3 from support). See if that helps - at least in a test environment. I'm not aware of anything like that in 2016.0 with SU5, but that's nearly 1 year old now.
          • USUALLY if vulscan causes excessive disk, I tend to find that it's actually the AV / TrustedInstaller that are behind it.
          • If you're talking about a vulnerability *SCAN* causing 100% -- again, check the AV (add an exception perhaps, as a simple check) / examine the vulnerability being scanned (enable UI or check the log).

           

          ... I've seen both "badly written custom definitions" causing problems (because they search the ENTIRE disk recursively), and/or AV products cause issues due to something called "Process Level Scanning" (which hides under various names such as "no access scanning").

           

          What is process level scanning?

           

          Well - here's how AV used to work in the olden days:

          1. I want to launch Binary X
          2. AV scans binary X -- and binary X alone
          3. If binary X is OK ... AV let's it do its thing.
          4. All is well.

           

          With process level scanning, this looks QUITE different:

          1. I want to launch Binary X
          2. AV scans binary X to see if it is OK
          3. If binary X is OK ... AV then scans *ANYTHING* that binary X touches.
          4. ... so in the case of vulscan and/or the inventory scanner, that can often amount to an FULL DISK SCAN.
          5. ... which is why we strongly advise making exceptions in process-level scanning (or whatever your AV vendor calls it).

           

          ... hope that helps you a bit to get started .