It is not unusual for the CPU usage during a scan to bounce between 10%-60% during an active scan. If the resource usage becomes problematic, we find that some admins will choose to turn off scan scheduling and just let the machines do what could be called "idle scanning" (after a 15-30 minute idle time on a machine, selective resource usage scanning will begin.) This is a low impact scan.
Alternatively, you can schedule the scan for all devices or just servers, and set the time and days it will run.
Furthermore, you can use "Scan Exclusions". This feature supports Exclude Mapped Network Drives (Windows Only)
Alternatively, Exclude Removable Drives (Windows Only) also works.
You can specify other directories to exclude and use environment variables or paths to exclude those, so the scans will run quicker and use those resources for a shorter duration
Unfortunately there isn't a setting in SEP Cloud that allows you to specify scan speed and thus reduce the impact to the CPU like pictured below.
Instead, we would suggest turning off scheduled scanning or turn it on for evening or weekend hours, and then allow the idle scanning process to run.
To do this, navigate to "Security Policy" as seen in the screenshot above
After 15 minute idle time, an idle scan begins and keeps track of scanning locations, and does so at the equivalent setting of the low impact setting from the scan speed picture above. Allowing it to "idle scan" will get a full scan done after a period of time. Admins can then supplement this idle scanning with periodic full scans which can be started manually by the user, or by the admin from the cloud console.