cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

Kiril
Iron Contributor

‎May 11 2021 11:34 PM

‎May 11 2021 11:34 PM

Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

We are using Microsoft Defender for Endpoint and configured daily quick scans and weekly full scans. The quick scans don't create any problems but the full scans are a big problem. Devices are not usable while the scan is running, e.g. one click in MS Teams takes about one minute to complete. We are using the defaults recommended by Microsoft in our configuration profiles.

 

What are the recommended settings for fine tuning full scans (e.g. ScanAvgCPULoadFactor) or are there specifi settings which are to be disabled in order to improve performance (e.g. DisableArchiveScanning).

 

Thank you!

Labels:
3,615 Views
0 Likes
7 Replies
Reply
7 Replies
Schnittlauch

‎May 11 2021 11:44 PM

‎May 11 2021 11:44 PM

Re: Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

Hi @Kiril ,
Why dont you let them full scan in midnight?
Best regards
Schnittlauch
1 Like
Reply
Kiril

‎May 11 2021 11:47 PM

‎May 11 2021 11:47 PM

Re: Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

Thank you! The laptops of our users are turned off at midnight and the catch-up scans start the next morning.
0 Likes
Reply
Schnittlauch

‎May 12 2021 12:13 AM

‎May 12 2021 12:13 AM

Re: Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

Hi @Kiril ,
is it possible to use wake on lan?`
Best regards
Schnittlauch
0 Likes
Reply
Kiril

‎May 12 2021 06:33 AM

‎May 12 2021 06:33 AM

Re: Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

Hm, I think this is not an option to remotely start a device when the user is e.g at home.
0 Likes
Reply
CoryIntMSFT

‎May 24 2021 02:28 PM

‎May 24 2021 02:28 PM

Re: Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

Hello – there are a few touch points here which I hope help answer your question

1. Full scans are somewhat repetitive for a modern security solution (assuming RTP is always on – and CP/TP are enabled – full scans will not provide additional value from a prevention/protection perspective).
2. Task scheduler does not schedule scans, but it does in fact support “waking up” a device when tasks reach their deadline.
3. Performance impact during a scan can be controlled through CPU usage and caps. Increasing the amount of CPU usage will allow the scan to finish faster but will slow your computer down temporarily (less resources allocated to you as a user). Adversely, lowering the CPU cap (allotting less CPU resources to the scans) will allow you to maintain user performance but will increase the duration of the scanning.

Microsoft is always working to make the scans quicker, while maintaining high security standards.
0 Likes
Reply
Ru

‎May 26 2021 12:11 AM

‎May 26 2021 12:11 AM

Re: Windows Defender Full Scan renders devices unusable for 6-7 hours (while scan is running)

You probably do not need to schedule a recurring full scan. That should be reserved for when you have reason to investigate a specific device. With MDE and EDR, you are unlikely to get much value from it. If you do need to do it, I usually set ScanAvgCPULoadFactor to nearer 25% (not an exact science), but it's going to take hours for little return if real time threat protection is active anyway.
1 Like
Reply