Overview

You see high CPU utilization on remote machines during GFI LanGuard scanning.

Solution

The most common root cause for the high CPU utilization on target machines are missing antivirus exceptions or other requirements, or high contention with other processes on a client computer.

Ensure hardware requirements

Ensure that the hardware requirements are met for the LanGuard server (pay attention to your environment size) and each target machine with the Agent installed.

Ensure protection engine exclusions

Ensure proper real-time protection engine exclusions for the LanGuard server and all the target machines.

Add WUA cab file exclusions

When scanning for the missing Microsoft Security updates, the GFI LanGuard server or agent copies the offline scan package for Windows Update - wsusscn2.cab - to a numbered subfolder of the directory C:\Windows\patches\ on the remote computer. The LanGuard calls the Windows Update Agent (WUA) and provides it with the wsusscn2.cab file as an input.

Wsusscn2.cab file is a large archive containing security-related update metadata. This metadata is used to look up the updates available on Microsoft Update and missing on the computer while scanning the computer locally, without having to be connected to the Microsoft Update Web site.

Scanning of this file by one or more 3rd party antivirus products can cause high CPU usage.

Apply one or more of the suggested approaches from the following Microsoft article:
Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied.

Schedule scanning during off business hours

It is recommended to schedule LanGuard server or agent scanning operations outside business hours to avoid resource contention with other processes on target machines. Also, pay attention not to run the jobs simultaneously as scheduled antivirus/backup activities.