Forum Discussion
Solved
Updating to Windows 10 Multi user 21H2 - MSSENSE.EXE constantly using 25% cpu on new session hosts
We have updated golden image VM to Windows 10 Multi User version 21H2 with latest KB updates and latest FsLogix version. When creating new machines the mssense.exe process (some new EDR sensor pr...
- ATWVD Yes, I actually have. The issue ended up being related to the customer enabling an Azure Policy that installed Defender for servers on the master image (The ASC Policy got activated from the root management group). This caused for corruption on Defender for endpoint on the session host because we auto register the session hosts using a GPO the senseGuid was no longer unique.
A simple test to see if you run into the same issue is to perform off boarding for Defender using the offboarding script on one of the session host, reboot and then onboard the session host again.
If the CPU usage does not go back to 25% usage constantly, it is fixed. I recommend monitoring it for 24hrs.
The final step would be to perform offboarding on the master image and make sure a policy is not installing defender onto the master image again.
ATWVD I am seeing similar issues on our hosts. Currently have a ticket open with MS but so far no luck. Were you able to fix the issue?
RinoPROITS have you had any progress with MS support or a epiphany on this case?
- ATWVD Yes, I actually have. The issue ended up being related to the customer enabling an Azure Policy that installed Defender for servers on the master image (The ASC Policy got activated from the root management group). This caused for corruption on Defender for endpoint on the session host because we auto register the session hosts using a GPO the senseGuid was no longer unique.
A simple test to see if you run into the same issue is to perform off boarding for Defender using the offboarding script on one of the session host, reboot and then onboard the session host again.
If the CPU usage does not go back to 25% usage constantly, it is fixed. I recommend monitoring it for 24hrs.
The final step would be to perform offboarding on the master image and make sure a policy is not installing defender onto the master image again.- Hi,
Thank you! Got time to test this today, and it is exactly the same issue here.ATWVD Perfect, glad to hear the issue is resolved for you as well.