Forum Discussion
SenseNdr.exe is slowly eating the memory
We patched 2 machines last Friday to first test the impact on aur applications. We started patching the other machines after that.
Unfortunately, today, on of the 2 machines started to exhibit the memory problem again; sensendr ahs already 28GB of committed memory.
We are going to watch the process to see if it will really take all the available memory because in Microsoft answer to the problem, they said 'sensendr will automatically manage and release memory before it reaches a critical level of impact'. But what is the critical level of impact ?
Sensendr maybe trying to catch up in the packets analysis until a certain time.
We will see but having already eaten up 30GB (and it is still climbing) of the 64GB available is not a good sign.
ProximusAl it is only happening on servers with high network traffic.
The maximum I had was 82GB for sensendr, and no need to reboot, killing the process took a minute and the machine was ok after that.- The consequence I see is that you might miss alerts in case of supect network activity as the packets won't be analyzed.
The good thing is the process being re-launched automatically after being killed.
In our company I have deployed a GPO with a scheduled task to kill it regularily. It is certainly not the nicest solution but it does the job until a valid solution is found. I am having this exact issue on one of our 2022 servers.
Twice now SenseNDR has eaten 26Gb of RAM requiring a whole server reboot.
It doesnt seem to be affecting all of our servers though which are all based on the same Azure image...
seemed to kill one of our machines the other day. Our applications started failing and we couldn't RDP. One of our webservers it started having an impact.
Killing the process seems to release all the memory. I'm wondering if there is any consequence to killing SenseNdr.exe every 24 hours till it's patched.
