The first step you should take after setting up your Security Center,is organizing your managed computers. In most cases, the best way is to break machines up by Workstations and Servers. This way you can have separate policies and tasks for your servers and workstations.

If you have multiple sites, this also makes it easier to manage them,because you can manage all sites under a single workstation or server policy. If you need different settings for a site, you can also put a policy in that site’s folder. This way you can stay organized but allow for scalability and flexibility when managing your clients.

By default, computers are being scanned, however, after 7 days they will turn yellow and warn you they have not been scanned for a long time. After 14 days they will turn red.

To fix this, you need to add the Computer or My Computer to the scan scope. This will fix the status on the client computers.
Policy Changes for Increased Performance

Sometimes the network agent (klnagent.exe process) can use more CPU than desired. One way to avoid this is to disable the Windows Update search mode and the real time vulnerability scanning in the Network Agent policy settings. You can run a Vulnerability Scan as a group task scheduled for a different time of day when it won’t affect the users as much. (Note: You are not turning off virus scanning by doing this.)

This next tweak involves making some exclusions that will help keep applications such as outlook from slowing down and will keep scans from taking too long or causing system slowdowns.

When adding objects to exclude,you can utilize different masks to make your rules more powerful and flexible. Allowed exclusion masks can be found in our knowledgebase article here:

Typical exclusions to start off with are outlook files such as .pst and .ost files, virtual templates like .ova files, VMware virtual machine disks such as .vmdk files, and lastly if you have installed Kaspersky Endpoint Security 10 on your Security Center Server you should also exclude the Security Center folder we install to.If you have other software you wish to exclude, remember to follow that vendor’s recommended exclusions.

Once you have made your exclusion rules, make sure they appear on the list and are checked.

Next you will want to turn off the scanning of network drives in realtime. For smaller businesses with
NAS devices this may be okay,however for larger networks with public shares or mounted network drives this is not recommended as it may use up extra bandwidth and resources to scan.

The last fixes are to enable the options to concede resources to other applications and to Perform Idle Scans. Conceding resources allows Kaspersky to automatically suspend scheduled tasks when it detects an increased load on the CPU and it will free up operating system resources for user applications. This helps to relieve the load on the CPU and disk subsystems.

The second option starts a scan task when the computer is locked or the screensaver is on for 5 minutes or longer.