none
Staggering Scan Times in FCS

    Question

  • We have about 60 VM servers running on ESX and each has an FCS client installed.  Daily 'manual' file virus scans are thrashing our VMware environment and seriously impairing CPU and disk performance.  I would like to 'stagger' the scan times so that a scan can begin at any random time between 9pm and 2am.  Is this possible and how can it be done ?  

    Note that I don't want to have to choose, say, five start times, create a Forefront policy and GPO for each one and divide the server VMs between them, as this is messy and laborious. Also, please don't recommend any other AV products as I need to solve this now, thanks!

    Here are the details:

    Forefront Client Security SP1
    Client Version:  1.5.1996.0
    Engine Version: 1.1.7604.0
    Antivirus definition: 1.111.2089.0
    Antispyware definition: 1.111.2089.0 

    VMs are mostly running Windows Server 2003 SP2 x86 Std 

    Look forward to your help!

    Wednesday, September 21, 2011 1:29 PM

Answers

  • Unfortunately I know of no way to completely randomize scans.  Most customers who have this issue usually use multiple fcs policies and either deploy to security groups of computers or split up computer accounts into separate OU's.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response/FOPE) Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)
    Wednesday, September 21, 2011 7:32 PM

All replies

  • Unfortunately I know of no way to completely randomize scans.  Most customers who have this issue usually use multiple fcs policies and either deploy to security groups of computers or split up computer accounts into separate OU's.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response/FOPE) Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)
    Wednesday, September 21, 2011 7:32 PM
  • Do you know if this is in the roadmap either for FCS or FEP 2012?

    It seems a basic requirement these days as everybody is now experiencing similar issues with schedulaed scans putting extreme load on their virtual infrastructure.

    Creating multiple policies or OU's seems a rather ham fisted approach - albeit one we'll have to adopt.

    The other option could be to use VMWare vShield or similar and ditch FCS/FEP.

    Friday, February 17, 2012 8:03 AM