Performance tips for anti-malware
To improve system resources utilization on Deep Security Agent, you can optimize these performance-related settings according to best practices.
||Settings That Impact Performance
- Exclude files from real-time scans if they are normally safe but have high I/O, such as databases, Microsoft Exchange quarantines, and network shares (on Windows, you can use procmon to find files with high I/O). To specify exclusions, go to Policies > Other > Malware Scan Configurations, double-click the malware scan configuration you want to change, go to Exclusions and then select an exclusion list. If you need to create an exclusion list, select New from the list.
- Deselect Enable Network Directory Scan
- Deselect Smart Scan if the computer doesn't have reliable network connectivity to the Trend Micro Smart Protection Network or your Smart Protection server
Reduce the CPU impact of malware scans by setting CPU Usage to Medium (Recommended; pauses when overall CPU usage exceeds 50%,) or Low (Pauses when overall CPU usage exceeds 20%). To change CPU Usage, go to Policies > Other > Malware Scan Configurations, double-click the malware scan configuration you want to change, then go to Advanced > CPU Usage.
You can also create a scheduled task to run scans at a time when CPU resources are more readily available.
- In VM Scan Cache, select a Real-Time Scan Cache Configuration; if scans are not frequent, increase the Expiry Time (avoid repeated scans)
- Use agentless deployments (CPU usage is in one centralized virtual appliance, not every computer)
Reduce or keep small default values for Maximum file size to scan, Maximum levels of compression from which to extract files, Maximum size of individual extracted files, Maximum number of files to extract, and OLE Layers to scan
Most malware is small, and nested compression indicates malware. But if you don't scan large files, there is a small risk that anti-malware won't detect some malware. You can mitigate this risk with other features such as integrity monitoring
- Select Use multithreaded processing for Malware scans (if available)