OpenVAS 9 always stress CPU 100%

Hi all,

In this, I am scanning subnet using OpenVAS Default scanner with Full and Fast scan config, maximum concurrently NVT = 4, maximum concurrently host = 5. The CPU is almost 100% on 8 cores all the time. Although the network only has about 15 machines, the scan takes up to 4 hours.

I want to ask is that normal thing? Has anyone ever encountered this problem before? What can I do to fix it?

Here is detail of my environments:

  • CPU Intel(R) Core™ i7-6700T CPU @ 2.80GHz
  • RAM 12GB
  • OS: Ubuntu Server 16.04.4 LTS
  • OpenVAS Scanner 5.1.3
  • OpenVAS Manager 7.0.3
  • Greenbone Security Assistant 7.0.3
  • Redis server 3.0.6

The scanner uses all resources it can get for doing the job.

What you observe here for GVM-9 is a normal thing.

If you lower the max values then the system load will go down and the scan probably will take longer.

In general, timeouts can have significant influence on overall scan duration.


Thank Jan,

I configured maximum concurrently NVT = 4, maximum concurrently host = 2 and the CPU load is lower now (but still high, around 70%). And as you said before, it takes a lot of time to finish scanning. In my test case, the target network has only 15 machines so I think it may take a few days to finish scanning a larger network.

I have checked the Greenbone product comparison and found that some products can support scanning thousands of target. I wonder will these products scan for so long? If not, do you know what is the different? Do they use very strong hardware or do they use a different software than the free version?

Long scanning times can often be tweaked with the right settings of your scan depending on your environment.

E.g. check what “alive tests” are best for your targets, are there (local) firewalls between which could interfere, what port ranges suites you best, which checks take long on certain targets etc. just to give you some pointers.


If you have a host that takes 4h to scan (because of timeouts or other reasons), you can add a lot of additional hosts with no such drawbacks to the target and the scan duration of the task will still be 4h.