The Microsoft scanner can use up a lot of a server’s processing capacity, so CISA recommends running the scan during off-peak hours.

"By 12:00 pm Eastern Daylight Time on Monday, April 5, 2021, download and run the current version of Microsoft Safety Scanner (MSERT) in Full Scan mode and report results to CISA using the provided reporting template," it notes.

https://www.zdnet.com/article/exchange-server-attacks-run-this-microsoft-malware-scanner-now-cisa-tells-government-agencies/