You can configure memory usage limits for scan tasks. The default limit is 8192 megabytes.
You can set a limit on CPU usage for scan tasks. No limit is set by default. When configuring the limit, we recommended keeping in mind that resource of all CPU cores combined is taken as 100%. In the output of the top utility, 100% corresponds to the full utilization of a single core. Thus, for a 10-core CPU (reported by the top utility as 1000% total), a value of 400% means that the usage of the entire CPU (all cores taken together) is 40%. If you want the value reported by the top utility to be kept below 150% on the same 10-core CPU, you need to specify 15 as the CPU usage limit. The CPU usage limit must be an integer from 10 to 100. Moreover, the CPU usage limit is not applied to all application tasks, but only to the Malware Scan, Critical Areas Scan, Inventory, and Container Scan tasks, which means that the CPU usage may exceed the configured value.
Setting a limit in the Web Console
In the Web Console, you can enable and disable the CPU utilization limit and configure the memory usage limit for scan tasks in the policy properties (Application settings → General settings → Application settings, Performance section).
Settings
Setting |
Description |
|---|---|
Limit CPU usage by scan tasks (%) |
The check box enables or disables the CPU utilization limit for the Malware Scan, Critical Areas Scan, Inventory, and Container Scan tasks. If the check box is selected, the maximum utilization of all processor cores will not exceed the number specified in Upper limit (%). The value in the field must be an integer from 10 to 100. This check box is cleared by default. |
Memory usage limit for scan tasks (MB) |
Input field for the memory usage limit for scan tasks (in megabytes). Default value: 8192. |
Setting a limit in the Administration Console
In the Administration Console, you can enable and disable the CPU utilization limit and configure the memory usage limit for scan tasks in the policy properties (General settings → Application settings, Performance section).
Under Performance, clicking the Configure button opens the CPU and memory usage window, in which you can configure limits (see the table below).
Settings
Setting |
Description |
|---|---|
Limit CPU usage by scan tasks (%) |
The checkbox enables or disables the CPU utilization limit for the Malware Scan, Critical Areas Scan, Inventory, and Container Scan tasks. If the check box is selected, the maximum utilization of all processor cores will not exceed the percentage specified in the field on the right. The value in the field must be an integer from 10 to 100. This check box is cleared by default. |
Memory usage limit for scan tasks (MB) |
Input field for the memory usage limit for scan tasks (in megabytes). Default value: 8192. |
Setting a limit on the command line
In the command line, you can configure CPU utilization limits for ODS, ContainerScan, and InventoryScan tasks using the UseOnDemandCPULimit and OnDemandCPULimit settings in the general application settings.
You can change the values of the settings with the help of command line switches or a configuration file that contains all general application settings.
UseOnDemandCPULimit accepts the following values:
Yes: enable the CPU usage limit for ODS, ContainerScan, and InventoryScan tasks.No: disable the CPU usage limit for tasks.The OnDemandCPULimit option sets the maximum utilization level for all processor cores (as a percentage) when running ODS, ContainerScan, and InventoryScan tasks. The value of the setting must be an integer from 10 to 100. Default value: 100.
On the command line, you can configure memory usage limits for ODS, ContainerScan, and InventoryScan tasks using the ScanMemoryLimit setting in the kics.ini configuration file. Default value: 8192.