Well - there's no "single BKM" here, as it's all down to personal flavour, and at the end of the day only "you" (as in "your organisation") can decide where the cut-off point between security and accessbility is. Any security feature is a compromise between availability and accessibility (which includes performance) - if you had "the best AV software ever" it would do you no good if it were constantly consuming 99% CPU power, for instance.
So a lot of this stuff is a case of "it depends" - which is really down to the details of your organisation.
A few things I can certainly suggest:
1 -Make sure you read this thread -- http://community.landesk.com/support/thread/3509?tstart=0 - it's an "important to know" type thing, in regards to the instances of the scanningprocesses you should see (and how to reduce them, if a system should be strapped for resources).
2 - Make sure that you've got a fair bit of space on C:\ -- the real-time scanner works (among other things) by creating essentially a "hash database" of files it has scanned, and then checking the hash of a file that's being executed against that database to see if it has changed (which will prevent a full scan of the file if it hasn't changed).
Normally, you "only" need 50-80 MB for such a database, but if your server is handling a lot of files that are going through it, then this DB can grow quite a bit potentially.
Some folks only have 1-2 GB of free space on C:\, so I'm just raising that as a "potential issue" to be aware of, if disk space is in short supply.
3 - Try to keep track of when you schedule what. Scheduling a VULSCAN to run at the same time as a full AV-scan (or vice versa) is not very advisable, since they're both rather I/O intensive on the hard drive .
That's about all I can come up with at this (early) hour.
LANDesk EMEA Technical Lead