What the impact of defender full scan on servers? Please share the details.

Question

Hi Team,

1. Can we perform the full scan on workstations and servers from defender portal? If yes, Please share the details to check and test on some system. also share if any impact from the full scan on servers?
2. How can we check the full scan result in the defender portal?

Regards,

Saurabh

***moved from Windows / Windows 11 / Security and privacy***

Answer 1

Hello,

Running a full scan on servers consumes significant resources, including CPU and disk I/O, which may impact the performance of services running on those servers. It is recommended to schedule such scans during off-peak hours to minimize disruption. If your endpoints are connected to large shared network drives and you configure this scan this does impact the completion time of a full scan, making it take significantly longer due to the increased amount of data being scanned. You can refer to the following link.

Microsoft Defender Antivirus full scan considerations and best practices - Microsoft Defender for Endpoint | Microsoft Learn

Configure scanning options for Microsoft Defender Antivirus - Microsoft Defender for Endpoint | Microsoft Learn

If you are worried about the risks of mapping a shared network drive, Microsoft has a corresponding policy for this. You can refer to the following link for details.

Protect SMB traffic from interception | Microsoft Learn

Best Regards

Zunhui

Answer 2

Hi Team,

Please provide me solution of my below doubts:

1. How does our MDE implementation handle shared network drives? For some, to me unknown, reason many of our endpoints have attached shared networks drives, very large ones (My pc, 15TB, 16TB, 10TB, 10TB = 51TB!). Does this impact the Full Scan completion time?
2. Doesn’t these shared networks drives put us into a large risk when it comes to malware/lateral movement, as I assume most of our users have the same shared drives attached?

Regards,

Saurabh