Applies to LANDesk Management Suite 9.5 and above.
This article is intended to give recommendations, suggestions and explanations on how we can influence the performance of the AV on-demand scan.
Kaspersky Endpoint Security version
LANDesk Management Suite 9.5 -> KES 8
LANDesk Management Suite 9.5 SP1 -> KES 10.1
LANDesk Management Suite 9.5 SP2 -> KES 10.2
With each new version comes its improvements, if possible it should be better to be at the latest version of Kaspersky Endpoint Security.
Exclusions
The first step will be to add accurate exclusions (exceptions). An Antivirus scanning exclusion is an instruction created by the user or administrator telling the real-time scanner and/or the manual scanner not to scan certain folders, file types and/or files. Often the word "Exception" and "Exclusion" are both used when describing this.
Here is a tutorial about adding exclusions: http://community.landesk.com/support/docs/DOC-6662
Here is a tutorial about exclusions on a LANDESK Core server: http://community.landesk.com/support/docs/DOC-6920
Scan only new and changed files
Kaspersky Anti-Virus features an algorithm allowing to improve its performance by estimating file threat level on the basis of its last modification date. File last modification date is compared against its first scan date, creation date, and antivirus databases release date. It considers scanning performed by any Kaspersky Anti-Virus task, Real-time protection or an on-demand-scan task.
This settings can be accessed on the Core Server : Configuration> Agent Settings> LANDesk Antivirus and on the client itself as well.
In order to know if this settings is enable on the client, we will have to check inside the trace logs.
iSwift and iChecker
iChecker and iSwift are special technologies that allow speeding up work of protection components of Kaspersky Endpoint Security with files located on the computer.
- iChecker calculates and remembers checksums of scanned files. A checksum is a digital signature of an object (file) which allows identifying its authenticity.
- iSwift technology is a modification of the iChecker technology but for NTFS file systems.
If you would like to check if these settings are applied to the client machine, there few registry keys to look after.
You should look at the keys UseIChecker and UseIStreams at this branch (the path is checked for 32-bit Windows):
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\File_Monitoring\settings
In case of scan tasks settings, please see the keys in corresponding branches. The examples are for Startup Scan and Full Scan tasks (on 32-bit Windows):
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Scan_My_Computer\settings
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Scan_Startup\settings
Please note that the keys’ values are changed on exit from KES.
For more information related to these technologies you can refer to this Kaspersky article : http://support.kaspersky.com/7407
Scan archives
The last configuration would be to not scan archives, especially if they are already scanned by the Real-Time scanner. If there are a large amount of archives, the time consumed by the on-demand scan will increase dramatically. The engine has to decompress the archive, scan it and recompress it, which will be time consuming.
Logs and traces
If you feel that you on-demand scan is not performing as you would like after implementing the above recommendations/suggestions, you can open a case with the support.
In order to further troubleshoot performance issues, the support will need logs, traces and a GetSystem Info report as detailed in the following article: