Forum Discussion
shorif2000
Aug 04, 2022Copper Contributor
Linux Increased memory usage on mdatp 101.75.43
I am testing on Oracle Linux 7.9 tried with kernels. It is a default install
3.10.0-1160.53.1.el7.x86_64
5.4.17-2136.302.7.2.2.el7uek.x86_64
It seems like memory usage is starting to increase each day. started off with 300MB 2nd day is on 1200MB
diagnostics for both servers attached.
my installation steps
Set up MDE Oracle Linux 7.9
sudo yum install yum-utils
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/7.2/prod.repo
sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
sudo yum install mdatp -y
yum repolist
Loaded plugins: langpacks, ulninfo
repo id repo name status
ol7_UEKR6/x86_64 Latest Unbreakable Enterprise Kernel Release 6 for Oracle Linux 7Server (x86_64) 750
ol7_addons/x86_64 Oracle Linux 7Server Add ons (x86_64) 696
ol7_latest/x86_64 Oracle Linux 7Server Latest (x86_64) 24,669
packages-microsoft-com-prod packages-microsoft-com-prod 61
repolist: 26,176
sudo yum --enablerepo=packages-microsoft-com-prod install mdatp
#Download zip file to server from https://security.microsoft.com/preferences2/onboarding?tid=11c2cbe4-dca5-47be-a51c-a44777c87cf8
# https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide
# extract and run file using python
unzip WindowsDefenderATPOnboardingPackage.zip
sudo python MicrosoftDefenderATPOnboardingLinuxServer.py
#verify health
mdatp health --field healthy
true
mdatp health --field org_id
"e4b1bd4a-b6c9-4043-b658-3f34164d269e"
# detection test
bash
mkdir Downloads
curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
sudo mdatp edr early-preview enable
sudo mdatp config cloud-diagnostic --value enabled
sudo mdatp config behavior-monitoring --value enabled
sudo mdatp config network-protection enforcement-level --value audit
sudo mdatp threat policy set --type potentially_unwanted_application --action audit
sudo service mdatp restart
On 3rd day memory seems to have returned to normal, however I don't see any crash reports or service restarts in the logs
No RepliesBe the first to reply