Thanks @Mjizzini for the response.

So I would turn off the mandatory scan during the activity. 

By default, the scan-mandatory option for on-access scanning denies file access when a Vscan server connection is not available for scanning. Although this option offers important safety features, it can lead to problems in a few situations.

• Before enabling client access, you must ensure that at least one Vscan server is connected to an SVM on each node that has a LIF. If you need to connect servers to SVMs after enabling client access, you must turn off the scan-mandatory option on the SVM to ensure that file access is not denied because a Vscan server connection is not available. You can turn the option back on after the server has been connected.
• If a target LIF hosts all the Vscan server connections for an SVM, the connection between the server and the SVM will be lost if the LIF is migrated. To ensure that file access is not denied because a Vscan server connection is not available, you must turn off the scan-mandatory option before migrating the LIF. You can turn the option back on after the LIF has been migrated.

Each SVM should have at least two Vscan servers assigned to it. It is a best practice to connect Vscan servers to the storage system over a different network from the one used for client access.

I will add, there is still a posibility slow vscan could compromise your performance. Mandatory scan set to off works assuming the vscan server is responsive and you don't queue up on the filer with requests waiting to go to go vscan. Make sure you size it for your workload accordingly.

The TRs kind of talk about it, but generally we lean on the vscan vendor for help with sizing the AV solution. It may not hurt to have spare vscan servers available should you hit vscan latency so you can just easily upgrade the AV infrastructure if you're not sure if it's beefy enough or not (or maybe have a dynamic pool that grows and shrinks if you think you'll have a job say once a month that you know is more i/o intensive).

Hi @paul_stejskal  Thanks for sharing the wonderful and detailed insights.  Unfortunately, there is no backup servers in the Infra. Would it be a problem if I disable the on-access policy completely on this SVM during the time of the activity? Would it cause any risk?

Also, the machine account accessing this SVM for AV, is it authenticated through AD?

1) Should be fine. You may have to disable on the AV side depending on the vendor. Some vendors of vscan and fpolicy (Varonis I know for sure does for fpolicy) love to send API calls back to ONTAP to turn on fpolicy/vscan if you disable from the CLI. I can't confirm vscan will do this, but that's simple enough to test.

2) I'm not sure. I believe so, but unfortunately vscan is a secondary area for me so I cannot confirm 100%. AFAIK it is common for vscan to use an AD account, but possibly a local account can be used too.

Hopefully someone else can answer that second question. @Mjizzini ?