The Patchman agent process allows for multiple tuning options. This article serves as a collection of available tuning methods and where to find them.

Scanning limits

Scanning limits allow you to set restrictions on full server scans. Setting an option will apply the scanning limit after a certain event is triggered. Disabling the scanning limit will make sure that the limit will not be applied. Scanning limits can be disabled for manual server scans triggered through the Portal. Scanning limits will only apply to full server scans and therefore will not affect manual end user scans.

You can configure this on the server group (https://portal.patchman.co/servers/group/)

The following limits and triggers can be configured:

  • Throttle dynamic malware scanning by only scanning changed files

  • Disable dynamic malware scanning altogether

  • Abort all scanning

The following triggers can be configured:

  • Disabled

  • After scanning N users

  • After scanning N directories

  • After scanning one in N users

  • After scanning one in N directories

  • After scanning for N hours total (since the beginning of the server-wide scan)

  • After surpassing the time of day

Scanning interval

Scanning interval enables you to choose to run Dynamic malware scanning not on every scan, but only on certain intervals, for instance, on certain days of the week. 

You can configure this on the server group (https://portal.patchman.co/servers/group/)

The following options can be configured:

  • During every scan, scan every file dynamically

  • During every scan, scan files that have changed since the last dynamic scan

  • Only when the scan is in the configurable interval, scan every file dynamically

  • Scan every file dynamically when the scan is in the configurable interval, during all other scans only scan changed files dynamically

  • Never perform dynamic scanning

Further reading:
More information about configuring scanning limits and interval can be found in the main Patchman CLEAN article, here: What is Patchman CLEAN, and how do I enable & configure it?

Maximum file size 

Additionally, scanning limits offer a maximum file size setting, allowing you do determine the cut-off for scanning large files:

Max_filesize.png

 

CPU Nice value and I/O Priority

The agent also allows you to configure CPU and IO resource priorities, through nice values for CPU, and Best effort priority for CFQ I/O scheduling

You can configure this on the server group (https://portal.patchman.co/servers/group/)

Screenshot_2020-06-16_at_15.02.14.png

 

Multi-threaded scanning configuration

With the introduction of multithreading, multithreading settings can be configured for the agent. You can configure this on the server group (https://portal.patchman.co/servers/group/). The following settings can be configured:

Absolute (thread count)
Configure the exact number of threads to use for multithreaded scanning.

CPU Ratio
Allocate a percentage of total available CPU threads to use for multi-threaded scanning. As this is a percentage, it is worth noting that it rounds down, to whole threads.

CPU Reservation
Allocate the number of CPU threads for the Patchman daemon to leave unused. Note that there is a minimum thread allocation of 1. If a user configures a lower limit, for example 0, or -4 (an 8 thread reservation on a 4 core machine), the Patchman agent logs at info level and instead uses 1 thread.