Forum Discussion
Modern Unified MsSense.exe and CPU/disk usage on 2012 R2 after March updates
I had the same issue after upgrading to the Unified Agent and updating the Sense client to 10.8048.22439.1065. Updating to - KB5005292 (Version 10.8049.22439.1084) seems to have fixed it for me. You can get the updated Sense Client from https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005292
and verify that Client has updated by running the following PowerShell command
Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=1}
Exactly the same scenario and seeing the same issue.
Seems to be much more impactive on one of our 2012 R2 servers than others which shows a constant stream of "Query Directory" C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\*.cat by MsSense.exe
- Paul_Huijbregts
Microsoft
This should be (have been) addressed through a configuration update. Baileycol MS just acknowledged via my support ticket that this a new known bug with no workaround other than offboarding the modern unified solution and installing the MMA sensor. Ugh
Be prepared if you choose to do that, there is also a known issue for repeatedly crashing Sense, but at least appears there is a work-around for that. More Ugh. Plan to test this today.
"Currently, if you choose to offboard and uninstall the modern, unified solution and re-onboard the previous MMA-based EDR sensor, you may encounter repeated MsSenseS.exe crashes."
Quoted from:
- Paul_HuijbregtsHi, this has been fixed for a while now to ensure you can in fact roll back if needed.
- what's the rollback process? I have only deployed the agents on our test machines @ 28/03/2022 and we are seeing this issue. I deployed them using the Windows Server 2012 R2 and 2016 (Preview) option and then using a local script.
watercoold - thx for posting this. Do you know if MS has plans for resolving the issue? Also may I have the support ticket Id for reference?
Thanks again
Br
Lars
