When scanning a remote machine using a profile that includes scanning of Microsoft Security patches, target computer CPU utilization increases.
One of the main features of GFI LanGuard is its missing patch detection system for Microsoft and non-Microsoft applications (together with the remote patch deployment functionality). This is a very elaborate process with two different engines involved. One of the engines is the Windows Update Agent (WUA), developed by Microsoft.
When scanning for the missing Microsoft Security updates, the GFI LanGuard server or agent copies the offline scan package for Windows Update - wsusscn2.cab - to a numbered subfolder of the directory C:\Windows\patches\ on the remote computer. The LanGuard calls the Windows Update Agent and provides it with the wsusscn2.cab file as an input.
Wsusscn2.cab file is a large archive containing security-related update metadata. This metadata is used to look up the updates available on Microsoft Update and missing on the computer, while scanning the computer locally, without having to be connected to the Microsoft Update Web site.
Scanning of this file by one or more 3rd party antivirus products can cause high CPU usage.
Apply one or more of the suggested approaches from the following Microsoft article:
Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied
Repeat the operation that was causing high CPU utilization on the target computer and verify that the issue is gone.