Views:
To improve system resources utilization on the agent, you can optimize these performance-related settings according to best practices.
See also:

Minimize disk usage Parent topic

Reserve an appropriate amount of disk space for storing identified malware files. The space that you reserve applies globally to all computers: physical machines and virtual machines.When there is not enough disk space to store an identified file, alerts are raised. The setting can be overridden at the policy level and at the computer level.

Procedure

  1. Open the Policy or Computer editor that you want to configure.
  2. Click Anti-Malware Advanced.
  3. Under Identified Files, clear Default.
  4. Use the Maximum disk space used to store identified files field to specify the disk space to use.
  5. Click Save.

Optimize CPU usage Parent topic

  • Exclude files from real-time scans if they are normally safe but have high I/O, such as databases, Microsoft Exchange quarantines, and network shares (on Windows, you can use procmon to find files with high I/O). See Exclusions.
  • Do not scan network directories. See Scan a network directory (real-time scan only).
  • Do not use Smart Scan if the computer doesnot have reliable network connectivity to the Trend Micro Smart Protection Network or your Smart Protection Server. See Smart Protection in Workload Security.
  • Reduce the CPU impact of malware scans by setting CPU Usage to Medium (recommended; pauses between scanning files) or Low (pauses between scanning files for a longer interval than the medium setting):
    1. Open the properties of the malware scan configuration.
    2. On the Advanced tab, select the CPU Usage during which scans run.
    3. Click OK.
    Note that modification of CPU usage is only available for Manual and Scheduled scans.
  • Create a scheduled task to run scans at a time when CPU resources are more readily available. See Schedule Workload Security to perform tasks.
  • Reduce or keep small default values for the maximum file size to scan, maximum levels of compression from which to extract files, maximum size of individual extracted files, maximum number of files to extract, and OLE Layers to scan. See Scan for specific types of malware.
WARNING
WARNING
Most malware is small, and nested compression indicates malware. But if you do not scan large files, there is a risk that Anti-Malware does not detect some malware. You can mitigate this risk by other means, such as using Integrity Monitoring. See Set up Integrity Monitoring.

Enable multi-threaded processing Parent topic

You can enable multi-threaded processing for manual and scheduled scans. Real-time scans use multi-threaded processing by default. Multi-threaded processing is effective only on systems that support this capability. To apply the setting, after you have enabled it, restart the computer.
Do not enable multi-threaded processing if resources are limited (for example, CPU-bound tasks) or if resources have to be held by only one operator at a time (for example, IO-bound tasks).
Note
Note
Enabling multi-threaded processing may impact CPU usage:
  • Multi-threaded processing may reduce the number of CPU cores available to the computer's other processes.
  • On Linux, when Resource Allocation for Malware Scans is enabled, the CPU usage setting is ignored even if set to Medium or Low.
To enable multi-threaded processing:
  1. Click Policies.
  2. Double-click to open the policy where you want to enable multi-threaded processing.
  3. Click Anti-Malware Advanced.
  4. In the Resource Allocation for Malware Scans section, select Yes from the dropdown menu and click Save.
    Note
    Note
    On Deep Security Agent for Linux platforms, this setting takes effect without requiring a restart.
  5. For the setting to take effect on non-Linux platforms, restart the solution platform service by doing either of the following steps:
    • In the services.msc window, select the Trend Micro Solution Platform service and click Restart.
    • In the command prompt, enter the following commands:
      sc stop amsp
sc start amsp
    • Restart the computers on which you enabled multi-threaded processing for the setting to take effect.

Optimize RAM usage Parent topic

  • Reduce or keep small default values for the maximum file size to scan, maximum levels of compression from which to extract files, maximum size of individual extracted files, maximum number of files to extract, and OLE Layers to scan. See Scan for specific types of malware.
    WARNING
    WARNING
    Most malware is small, and nested compression indicates malware. But if you don't scan large files, there is a small risk that Anti-Malware won't detect some malware. You can mitigate this risk by other means, such as using Integrity Monitoring. See Set up Integrity Monitoring.