Overview
When the target computer is not on the LAN and is connected via a slow network, such as the internet or VPN, GFI LanGuard scanning and some of the heavy remediation jobs, like Windows updates, might take considerably longer than normal to complete.
This article provides recommendations for performing scans over a slow network connection.
Information
Although GFI allocates testing time for performance issues in an effort to optimize the scan process, in certain cases the target computer is connected via slow network connections such as the internet or a VPN. In such situations scanning on GFI LanGuard, as well as some heavy remediation operations, inevitably might take considerably longer than normal to complete.
Refer to the recommendations below to improve the situation:
-
It is possible to perform a scan over a WAN or slow network; however, when using a slow connection, it is not recommended to use the (default) Full Scanning Profile. In such cases, it would be advisable to create a new scanning profile that would scan for specific checks. Alternatively, use any of the other predefined scanning profiles.
- Before performing a scan, go to Configuration > Scanning Profiles > Scanning Profile Editor and optimize the respective scan profile as much as possible:
- Disable all vulnerability checks which do not apply to your environment
- Disable scanning for all patches which are not considered as Critical or Important to your organization
- Go through each section under Network and Software Audit Options and disable all checks which are not applicable for your environment or are not of interest; e.g., device scanning or certain system information
- Under Scanner Options, increase all timeout values depending on your network and experiences with GFI LanGuard; e.g., increase the 'Network discovery query responses timeout' value to 1000ms
-
Schedule the GFI LanGuard scans, especially with auto-remediation, for a time where the network load is low; e.g., during lunch breaks or after working hours.
-
Consider dividing scans into more frequent, smaller scans. These could each check for a different set of information.
-
Use Agent scans instead of Interactive scans whenever possible.
Note: It is not recommended to auto-deploy any Microsoft updates or patches over slow networks.