Ready to get started?

Minimizing the Performance Impact of Antimalware and Antivirus Software


We all want better cybersecurity, so IT departments look for ways to improve their defenses against cyberattacks.

Security tools include real-time protection which monitors the performance of computers to detect attacks and mitigate damage.


A degradation of performance can indicate an attack on your server, or it can be the result of a high load. Knowing the difference is crucial so that you do not shut down servers or services that are showing false signs of attacks.


Antimalware or antivirus scans can themselves create high CPU usage which, especially in the case of shared resources such as servers, disrupts users. Windows Defender is well known for its high memory usage, and it can even drain resources scanning itself.


As an administrator, your first step is to adopt tools to measure and log performance. For Microsoft servers, you may want to use Process Monitor, Windows Performance Recorder, or other performance monitoring tools.


Here are some tips for maintaining both security and performance:


1. Treat servers differently from workstations

You will need to configure anti-malware differently on servers because of the nature of their work and the need for high performance to support large numbers of users. This could mean excluding certain files from real-time scans when they have high I/O and are covered with other security measures.

2. Evaluate which antivirus products are best for your servers and workstations

Consider your deployment model and which products are best for cloud and on premises deployments.

3. Design for High Performance

Test for performance based on your anticipated peak transaction volume. You might need to scale up or scale out in order to avoid unacceptable performance degradation. Cloud deployment may make performance optimization easier.

4. Schedule scans to minimize disruption

Antimalware is typically run on a schedule. You can optimize this for non-peak hours to avoid harming your users.

5. Customize for your scenario

There is no single security configuration suitable for all applications. Exchange Servers, database servers, and SharePoint servers dictate different security software and in some cases do not require antivirus at all. Moving to cloud services to replace any of these changes your security approach.

You can improve security while minimizing the impact on performance by zeroing in on the right tools and security tactics. Our team at pavliks.com can help you navigate software security tools to meet your particular business needs.