Deep Scan Configuration

To configure the Deep Scan settings, navigate to Configuration Profile > New Profile > Scan Configuration. Under the Vulnerability Management section, select the Deep Scan checkbox. You can configure the following settings for the Deep Scan.

Data Collection Interval

The data collection interval sets the time lapse between the completion of the previous scan and the start of the next scan.

Range: 1440-43200 Minutes. The default value is 10080.

Scan Delay

This is the time added to the start of scanning, both for new installs and for interval scanning. Enter the time in minutes to delay the start of a scan.

Range: 0-1440 Minutes. The default value is 0.

Scan Randomize

The range of randomization added to the scan delay to offset scanning. For example, if the randomization range is 60 minutes, then a random number between 1 and 60 is calculated and used to delay the start of the next scanning interval. A value of 0 (zero) means no randomization added.

Scan Timeout

Configure the maximum duration for the deep scan. If the scan exceeds the defined time, it is terminated.

Range: 120-1440 Minutes. The default value is 1440 minutes.

Maximum CPU Usage

Configure the maximum CPU consumption allowed for the deep scan. The default value is 30%. You may observe the momentary spikes in CPU usage.

Windows Profile Settings

Provide the following details to define the scan scope for Windows assets:

Directories to be included: Enter the comma-separated list of directories/files for Windows assets to be included in the deep scan. By default, C:\ directory is included for the deep scan.

You can only add the absolute path for the directories. Wildcard characters and regular expressions are not supported for specifying the directories/files.

We recommend you add only the specific directories to be included in the deep scan to reduce the memory consumption and CPU usage.

Include all Local Drives: Select this checkbox to include all the local drives in the deep scan scope.

Directories to be excluded: Enter the comma-separated list of directories/files for Windows assets to be excluded from the deep scan. By default, the following directories are excluded from the deep scan scope: C:\Windows, C:\System Volume Information, C:\$RECYCLE.BIN, C:\hiberfil.sys, C:\pagefile.sys, C:\swapfile.sys

Linux Profile Settings

Provide the following details to define the scan scope for Linux assets:

Directories to be included: Enter the comma-separated list of directories/files for Linux assets to be included in the deep scan. By default, / directory is included for the deep scan.

You can only add the absolute path for the directories. Wildcard characters and regular expressions are not supported for specifying the directories/files.

We recommend you add only the specific directories to be included in the deep scan to reduce the memory consumption and CPU usage.

Include all Local Drives: Select this checkbox to include all the local drives in the deep scan scope.

Directories to be excluded: Enter the comma-separated list of directories/files for Linux assets to be excluded from the deep scan. By default, the following directories are excluded from the deep scan scope: /proc*, /var/log*, /var/spool*, /etc*, /usr/bin*, /usr/sbin*, /usr/lib*, /usr/lib64*, /boot*, /sys*, /srv*, /media*, /mnt

You must define the directories to be included in the deep scan scope, at least for one of the supported platforms. You can not create a deep scan configuration profile without including directories for both the Windows and Linux profiles. You can also define the deep scan scope by selecting the Include all Local Drives checkbox.

Understanding CPU Throttling for Cloud Agent and Deep Scan

Cloud Agent and Deep Scan each manage CPU usage independently. Their throttling mechanisms work differently:

Cloud Agent: Utilizes a custom throttling method that limits total CPU usage across all CPU cores.
Deep Scan: Utilizes job object-based throttling, which limits CPU usage per logical processor.

For example, if both processes are configured to use 20% of the CPU on an 8-core system, the Cloud Agent could utilize up to 20% of the total system CPU (roughly 1.6 cores). Deep Scan, if single-threaded, would use 20% of one core. On an 8-core system, this is displayed to be only about 2.5% of the total CPU usage.

As the CPU limits for Cloud Agent and Deep Scan are independently throttled, their CPU usage does not overlap. Combined usage in this example could reach roughly 22.5%, not just 20%.