Limiting the use of memory and processor resources
You can configure memory usage limits for scan tasks. The default limit is 8192 megabytes.
You can set a limit on CPU usage for scan tasks. No limit is set by default. When configuring the limit, we recommended keeping in mind that resource of all CPU cores combined is taken as 100%. In the output of the top utility, 100% corresponds to the full utilization of a single core. Thus, for a 10-core CPU (reported by the top utility as 1000% total), a value of 400% means that the usage of the entire CPU (all cores taken together) is 40%. If you want the value reported by the top utility to be kept below 150% on the same 10-core CPU, you need to specify 15 as the CPU usage limit. The CPU usage limit must be an integer from 10 to 100. Moreover, the CPU usage limit is not applied to all application tasks, but only to the Malware Scan, Critical Areas Scan, Inventory, and Container Scan tasks, which means that the CPU usage may exceed the configured value.
Setting a limit in the Web Console
In the Web Console, you can enable and disable the CPU utilization limit and configure the memory usage limit for scan tasks in the policy properties (Application settings → General settings → Application settings, Performance section).
Settings
Setting |
Description |
|---|---|
Memory usage limit for scan tasks (MB) |
Input field for the memory usage limit for scan tasks (in megabytes). Default value: 8192. |
Limit CPU usage by scan tasks (%) |
This check box enables or disables the CPU utilization limit for the Malware Scan, Critical Areas Scan, Inventory, and Container Scan tasks. If the check box is selected, the maximum utilization of all processor cores will not exceed the number specified in Upper limit (%). The value in the field must be an integer from 10 to 100. This check box is cleared by default. |
Setting a limit in the Administration Console
In the Administration Console, you can enable and disable the CPU utilization limit and configure the memory usage limit for scan tasks in the policy properties (General settings → Application settings, Performance section).
Clicking Configure under Performance opens the Performance settings for scan tasks window, in which you can configure limits in the CPU and memory usage section (see table below).
Settings
Setting |
Description |
|---|---|
Limit CPU usage by scan tasks (%) |
This check box enables or disables the CPU utilization limit for the Malware Scan, Critical Areas Scan, Inventory, and Container Scan tasks. If the check box is selected, the maximum utilization of all processor cores will not exceed the percentage specified in the field on the right. The value in the field must be an integer from 10 to 100. This check box is cleared by default. |
Memory usage limit for scan tasks (MB) |
Input field for the memory usage limit for scan tasks (in megabytes). Default value: 8192. |
Setting a limit on the command line
On the command line, you can configure CPU usage limits for tasks of certain types (ODS and InventoryScan) using the UseOnDemandCPULimit and OnDemandCPULimit settings in the general application settings.
You can change the values of the settings with the help of command line switches or a configuration file that contains all general application settings.
UseOnDemandCPULimit accepts the following values:
Yes: enable the CPU usage limit for ODS and InventoryScan tasks.No: disable the CPU usage limit for tasks.
The OnDemandCPULimit option sets the maximum utilization level for all processor cores (as a percentage) when running ODS and InventoryScan tasks. The value in the field must be an integer from 10 to 100. Default value: 100.
On the command line, you can configure memory usage limits for certain task types (ODS and InventoryScan) using the ScanMemoryLimit setting in the kess.ini configuration file. Default value: 8192.