This article provides information about the possible root causes for the scheduled agent scans causing high CPU usage or Disk Write server spikes in the vCloud environment and describes how to resolve such issues.
Virtual environments by their nature are very sensitive to the situations where CPU or I/O demand is not meeting the actual available resources and such contention can slow down the virtual machines and cause high CPU or disk write server spikes. Such situations can be caused by various environment variables and configuration settings, as well as the operations performed.
First of all, verify that computers running LanGuard agents are meeting the GFI LanGuard Agent and Relay Agent System Requirements and LanGuard server hardware requirements are sufficient for the number of scanned machines. If the requirements are not met adjust your virtual machine(s) configurations.
The next common root cause that can severely affect performance is when the required antivirus exclusions are not configured. Verify whether the following folders on the server and the target clients are added to antivirus exclusions:
<system drive>:\Program Files (x86)\GFI\
<system drive>:\Program Files\GFI\
- The folders of the MS SQL server instance and the database files (*.mdf/*.ldf)
If any of the folders above are not excluded from antivirus scanning add them to exclusions. More recommendations for best performance including maintaining the SQL database can be viewed in Recommended settings for Best Performance in GFI LanGuard.
If the system requirements and the antivirus exclusions are met, it is possible that the resource contention is caused by a large number of agent scans happening at the same time on the same hypervisor host or by other processes running concurrently with the agent scanning on the target machine or on the server.
Refer to the steps below to address this.
Space out the agent scanning schedules to lessen the load on the vCloud host since the main CPU usage would occur when the scan results are being sent back to the LanGuard server and subsequently saved to the SQL database.
Agent scanning schedules can be adjusted either individually, by OU or workgroup, or by attribute, for the details please refer to the guidelines in Changing the LanGuard Agent Scan Schedule article. The new schedule will be received by each agent the next time it checks in for an update to the LanGuard server.
Schedule the scans, especially with auto-remediation, for a time where the network load is low; e.g., during lunch breaks or running them off-hours. Check with system administrators what other processes, like periodic A/V scanning, backup jobs, or report generation, can cause heavy CPU or I/O contentions and make sure your scans and these processes are not scheduled for the same time.
The amount of scanning activity and its effect will be determined to a large extent by the scanning profile chosen. e.g. a full scan profile will use considerably more resources than a missing patch scan profile. It is recommended to personalize a scanning profile to meet the needs of your environment and configure LanGuard to only scan for the vulnerabilities which are relevant to your environment.
- Scanning for the Microsoft Security patches may cause high CPU usage on the target machines, refer to the Scanning Causes High CPU Usage on Target Machine for the solution steps.