About scan performance

Published: December 16, 2009

Applies To: Forefront Client Security

Client Security performs two types of scans: quick and full. As with any product that scans existing data and files, the performance of the scan engine is heavily dependent on the capabilities of the client system being scanned (for example, disk speed, processor speed, and other programs running).

Quick scans scan only the processes resident in memory and the following frequently infected folders:

  • User profiles

  • Desktop

  • Windows system

  • Program Files

Due to the small set of areas scanned, this type of scan is much faster than a full scan. In testing, a quick scan with the Antimalware service on an average Client Security agent system took less than one minute. The configuration of the tested system is summarized in the following table.

 

Processor RAM Windows version Disk characteristics

Pentium 4 2.4 GHz

512 MB

Windows XP SP2

5.5 GB of system files and data on the system drive

Full scans scan the entire Client Security agent system, processes resident in memory, the full registry, and all files on all local hard disks (including some compressed files).

Due to the thoroughness of the scan, a full scan takes much longer to finish. Additionally, factors that affect a quick scan's performance only slightly may have a larger impact on a full scan. Some of the factors that heavily impact a full scan are:

  • Speed of the disk being scanned.

  • Other processes running on the Client Security agent being scanned, and tasks those processes are performing.

  • Fragmentation of files on the disk being scanned.

  • Number of compressed files to be scanned.

  • Average size of the files to be scanned.

  • Other file types that need special scanning treatment (such as emulation).

Primarily for these reasons, it is difficult to predict how long a scan will last on any specific Client Security agent. Data characteristics vary from one Client Security agent to another. To get an accurate understanding of the average duration of a full scan in your environment, it is highly recommended that you test full scans in your particular environment on a Client Security agent that is representative of your client systems.

Show: