Showing results for 
Search instead for 
Did you mean: 

Cisco Endpoint - Policy Settings


When setting the conviction modes in the policy settings of a computer. Is there a guide on how each one affects performance of a computer? That way we know when turn them from disabled -> audit -> protect that it will have an impact on performance?

2 Replies 2

Cisco Employee
Cisco Employee

Hello @jbailey2 ,
it is hard go give you here a clear statement, as it depends on the application activity on the endpoint and the endpoint configuration.
First any file written to the disk or being executed gets hashed (SHA-256). After Secure Endpoint hashed the file, a cache lookup is done. If there is a match, the whole detection/scanning sequence gets stopped. After this the File Scan engine scans the file. If there is no conviction, a cloud lookup is done. If there is still no result, all the other file scan related engines are scanning the file.

Therefore, even if you are in audit mode but a necessary exclusion is missing, the resource consumption is higher than having all engines active with the right exclusions.

Greetings, Thorsten

Cisco Employee
Cisco Employee

Hello @jbailey2 

It will depend on your environment. So the suggestion is to first change conviction modes from "disable" to "audit" and monitor. If there's no performance issue then you can change some conviction modes to "protect" and keep monitoring.


Here's a guide that contains best practices for workstations.

You can continuously adjust and test your environment until your configuration meets best practices.


-Secure Endpoint Best Practices Guide -> Policy settings: Workstation 

You can also learn more about Endpoint Security through our live Ask the Experts (ATXs) session. Check out Cisco Endpoint Security ATXs Resources [] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers