DemetrioMello
New Contributor

High scanunitd CPU usage

Hello, good day; I have a FGT110C and it' s with a High CPU usage that' s being caused by the scanunitd process. What exactly is this process for? I' m afraid of perform a #diag sys kill 9 Moreover, someone knows where I can find a documentation with the KILL signals adopted by Fortinet? Thank you a lot;
7 REPLIES 7
bobm
New Contributor III

I' d love to see that too. I have a 60C running 5.0.3, and I' ve tried to disable as much as possible to stop conserve mode every night. More RAM than CPU for me, but scanunitd is one of the big culprits. Can' t find descriptions of any of the processes in the cookbook, CLI guide, Troubleshoot guide, etc. Would love to know what some of these are so I can decide whether or not to kill them until 5.0.4 comes out.
Matthew_Mollenhauer
New Contributor III

Scanunitd? Sounds like the vulnerability scanner. Check in User & Device -> Vulnerability Scan -> Scan Definition. If the feature is enabled then it should default to once a week, 00:00 on a Sunday. Normally won' t do much as you need to tell it what to scan, but if you have an interface setup to Detect and Identify Devices & you' ce ticked the box to add those devices to your scan list then you' ll have the scanner going to town. I easily managed to put a 1240B pair into conserve mode with the scanner in the past, and that was while scanning a small /26 block of addresses. Regards, Matthew Mollenhauer
bobm
New Contributor III

Thanks Matthew - I kind of figured it was the Vulnerability Scan myself but wanted confirmation. Unfortunately, I don' t have the scanner enabled on my box so it doesn' t even show on the GUI to configure. Which kind of has me wondering why it' s taking up so much memory?
bobm
New Contributor III

Also (and I feel kind of silly asking but have been burned in the past by quirky box-specific settings on other products) when we set up the box we were looking at VPN access for management after hours, but it is unused. I want to turn VPN off to streamline more, but do any of the Fortinet servers (updates, cloud, etc) require VPN access? Thanks
Jupiter_FTNT
Staff
Staff

Proxy AV also uses sacnunitd too
vault_FTNT

++ scanunitd – antivirus scanner

++ When the AV process scans unknown malware which has no definition in the AV DB it may take a long time to complete the scan and possibly result in the scanunitd process crashing or in high CPU usage.

 

++ Refer: https://docs.fortinet.com...troubleshooting-54.pdf

http://kb.fortinet.com/kb....do?externalID=FD39406

vchukwuka

Just apply these on your fortigate using the CLI:

 

config antivirus profile

edit "default"
set comment "Scan files and block viruses."
set inspection-mode proxy
set mobile-malware-db disable

end
config smtp
set options scan
set emulator disable
end